Even with a stabilized regulatory landscape, changes implemented since the financial crisis continue to have costly impacts on banks, asset managers, and insurers worldwide. Up to 15 percent of financial institutions’ staff now work on governance, risk management, and compliance — yet even with this investment, regulatory compliance is by no means assured. Financial institutions have paid well over US$340 billion in fines in the 10 years since the financial crisis, and one report estimates that the total is likely to top US$400 billion by 2020.

In the coming months and years, regulators around the world are expected to turn their focus to investigating how well financial institutions have integrated regulatory change into their businesses. Identification of breaches of anti-money laundering (AML) regulations and knowyour-customer (KYC) non-compliance are also expected to grow. Nor is there any expectation that this level of regulatory rigor will be relaxed within the foreseeable future. This means that, in order for financial institutions to adapt to and excel in this new normal, regtech must be a critcal part of the transformation agenda.

To date, many institutions have been focused on using technology to help achieve compliance, while minimizing risk from misconduct and regulatory investigations. Now that focus is shifting towards a greater focus on cost, especially as institutions look for ways to reduce the cost base and achieve meaningful profit growth in the face of increased demands from regulators and customers alike. However, regulators will want to see financial institutions continue to strengthen their core risk management governance, controls, practices, and reporting. In addition to cost savings and efficiency, the coming increase in both supervisory activity and associated expectations should push financial institutions to consider more robust regtech solutions.

In previous years, a primary consideration when pursuing innovation was whether to build, partner, or buy a regtech solution. As the quality and diversity of regtech offerings continue to rise, the conversation has changed, with a growing number of entities actively looking for alternative solution providers. A fourth option is also becoming far more viable, especially for smaller players challenged by lack of capability and capacity: that of a third-party managed regtech solution.

These models are excellent for managing current uncertainties and addressing immediate regulatory issues. However, over the long term, financial institutions will need to take a broader approach, using regtech as part of a wider technology transformation initiative designed to help the organization weather increasing complexity. Financial institutions are facing pressures on multiple fronts, from political shifts and global financial changes, to the impacts of new market entrants, new products, and compressed margins. In order to seek solutions to these complex issues, some global investment banks are already pursuing a ‘reinvention’ strategy using technology to enable the transition into a data company. This type of transformation is the future, and financial institutions should look to take the early steps today.

While financial institutions grapple with where, when, and how to best use technology in their risk and compliance processes, many regulators are already pushing full steam ahead. Supervisory technology, or SupTech, is being used by more regulators to allow them to deliver faster and more effectively on their core mandate. For example, one growing area of SupTech is in the use of machine learning and AI to examine vast data sets to predict and identify breaches or cases of misconduct. Here, the potential risk to financial institutions is that if the regulator has access to technological capacity far in advance of the organization itself, the regulator could predict risk areas that the institution does not see coming.

Regulators are also starting to push for the ability to gain direct access to financial institutions’ data, rather than relying only on data provided to them from reporting. For example, the UK’s Financial Conduct Authority has been working with the Bank of England and various other organizations to pilot a program to make regulatory reporting “machine readable and executable… creating the potential for automated, straight-through-processing of regulatory returns”. With the right technologies, regulators would not only be able to oversee a broad set of regulated entities and market activity as a whole, but also use analytics capabilities to identify systemic weaknesses and pinpoint areas for future focus.

For banks, asset managers and insurers trying to determine the right regtech options for their needs, we recommend a few critical early steps:

1. Assess the organization's needs. Too often organizations pursue specific technologies rather than addressing defined pain points or process gaps. In order to achieve the desired returns, you should approach regtech investment with both a clear understanding of the organization’s needs and a strategic view of the issues that you are trying to solve. As a first step in this process, we recommend completing a full assessment of the organization’s regulatory and risk management requirements. Next, create a heat map of the organization’s ability to deliver against those requirements. Consider not only whether the organization has the necessary capability and capacity, but also how effective, efficient and timely that delivery will be. 
2. Understand your solution options. Once you are clear on the organization’s needs and have discerned the pain points in your regulatory compliance or reporting process, the next step is to fully explore potential solutions. The regtech landscape has evolved considerably over the past few years, and there might be more options — and newer solutions — than you first realize. Some regtech solution options also create valuable customer benefits, such as removing friction in the customer onboarding process. For organizations that have not kept up with the latest regtech trends, technologies, and third-party companies, seeking help with this process or getting advice on the best fit can be a good option. For example, KPMG Australia, through the KPMG Matchi Regtech portal, currently supports a regulator client with a research subscription and reporting service for fintech and regtech innovation, providing an online portal that delivers market-leading access to the latest analysis and data about local and global trends, developments and providers.
3. Accelerate remediation efforts. When issues arise — especially when it comes to a breach, vulnerability, or problem with non-compliance — the impulse can be to buckle down rather than seek help or new solutions. Yet speed and accuracy are critical when dealing with regulators, and third-party support can be the most effective route forward. For example, new remediation-related regtech solutions use optical scanning, OCR capabilities, and AI to extract data points to identify customer files for remediation. Such solutions can transform a difficult, time-consuming, and labor-intensive remediation process, and enable the organization to move forward swiftly. 
4. Design and implement an effective operating model for regtech. Ensure your organization has clear and well-defined governance structures and operating models for engaging with, implementing, and managing regtech initiatives. This should include assigned ownership for each area. Also look to create a group that includes both domain (e.g. Financial Crime) and functional specialists (e.g. Data Analytics) to help identify and assess potential regtech solutions, as well as support the implementation process.

Many financial institutions are still reeling from the costs and other implications stemming from the massive regulatory changes implemented over the past 10 years. Regtech is the key to addressing these challenges. With the right automation and technology solutions, financial institutions can achieve sustainable change and meaningful cost savings while responding effectively to regulators’ demands and the imperative to prudently manage the evolving risk landscape for the benefit of all stakeholders.

KPMG Matchi helps financial institutions, regulators and others to engage productively with emerging technology providers.