What is RegTech and how can you use it to stay ahead?

Organizations today are faced with a complex, ever-expanding regulatory landscape. This is especially true for financial institutions, where there are hundreds of regulatory bodies throughout the world publishing thousands of policy rule books.

Putting aside the operational challenges this can create, it’s also plain old expensive!

On the front end, financial institutions are committing 15 percent of their employees and 10 percent of their annual revenues to keep up with regulatory requirements, according to Global Regulatory Outlook 2018, by Duff and Phelps. If an institution fails to keep up, the back end is expensive too. There can be litigation, licensing implications, damage to the corporate brand, and fines.

It is expected that by 2020, fines levied on banks by U.S. and U.K. regulators will top $400B, according to Fintech market research firm Medici. Such a complex and expensive regulatory landscape has pushed companies to explore how they can leverage technology to help – enter Regulatory Technology, or what people now refer to as RegTech.

The goal of RegTech is to utilize technology to reduce costs through a combination of decreasing the time spent in pursuit of compliance and preventing fines resulting from non-compliance. To achieve these savings, RegTech automates compliance processes, acts as a source of governance, and provides transparency and risk management through reporting.

To help illustrate the value of RegTech, we’ll dive in to an example that applies to the Know your Customer (KYC) portion of Anti-Money Laundering (AML) regulation.

Automating compliance processes

At the surface level, the purpose of KYC is straightforward: obtaining basic information about the customer, making sure the information is accurate, and regularly verifying that information is valid. It’s when we dig into the details that the complexities of a KYC process begin to reveal themselves.

The basic information a financial institution requires for a new customer can be different depending on circumstances. A simple case is a local resident applying for a basic checking account. A more complex case – requiring additional due diligence – is a non-resident applying for a business line of credit. Each scenario will require different levels of supporting documentation and due diligence.

Looking toward the operational side, once you identify all of these variations, you must put them into practice and ensure every employee throughout the organization follows them consistently. That’s where RegTech helps.

A RegTech solution that automates compliance begins with data management; mapping out each of the scenarios that occur when a customer opens an account, the appropriate level of due diligence for each scenario, and the necessary documentation that you must gather in each instance. With all of this data available, a workflow can guide employees to consistently follow due-diligence guidelines and gather the necessary documentation along the way.

Taking automation a step further, once the new customer account has been opened, workflow can evaluate a predetermined set of risk criteria and determine what to do next. If this customer is a local resident opening a simple checking account, and all of the documentation is in good order, workflow can determine no additional steps are needed. Or, if it’s a complex new customer and there are exceptions in their documentation, workflow can route the new account information for secondary review.

Once the new account is open, a RegTech workflow can monitor the account going forward and automatically notify you when you need to update the account documentation.

Policy governance

As I mentioned earlier, hundreds of regulatory bodies are publishing thousands of regulations throughout the year, the end result being a tremendous amount of policies and procedures your financial institution must manage.

Governance begins with reference copies of the applicable laws and regulations behind regulations like Know Your Customer, Anti-Money Laundering, and a Customer Information Program. From here, you must determine all of the internal standards, processes, and procedures you need to implement to satisfy these regulatory requirements.

Once you collect all of this information, you must operationalize it so employees throughout the organization are familiar with the policies and their roles in following them. Then, you must ensure every employee adheres to them.

Obviously, this isn’t an easy task.

To help, RegTech solutions for governance begin with digitally housing reference copies of laws, regulations, policies, and procedures. This central location for all things compliance should be in a format that is accessible and full-text searchable throughout the organization.

After you determine internal standards for processes and procedures, you should link them back to the applicable underlying law or regulation to provide clarity. And, once a digital library of policies and procedures is in place, a RegTech governance solution can publish the policies and procedures out to the applicable employees within the organization for review and acknowledgment.

As changes occur to the policies and procedures over time, the solution will notify employees of the changes and prompt their review and acknowledgement of the policy.

Risk management and reporting

For many institutions, the problem isn’t that compliance processes aren’t occurring, it’s that there isn’t transparency in the processes and they are often looking at historical data.

In many cases, organizations are following an existing KYC process manually, gathering the documentation in paper form, and then reviewing (if at all) the new customer – it can take days or weeks after the account is opened. If there are issues with the KYC for this newly opened account, it can take even more time before the customer can make it back in for corrections.

Given the manual nature of existing processes, it can be very difficult to identify trends across the organization, and if they are identified, it’s often after they’ve been occurring for a period of time. All of this equates to a lack of transparency for compliance and risk to an organization.

A RegTech solution for reporting strives to make compliance trends and organizational risk reporting as near to real time as possible.

Say, for example, you implement a RegTech solution to automate compliance for a KYC process. A reporting solution could be included to show a real-time breakdown of the number of new customers and KYC processes occurring daily in each office location, the types of accounts that were opened, and the number that were compliant vs. non-compliant. Users can expand each of these categories to see more detail on which employees were performing the actions as well as the related account due diligence documentation.

Going a step further, if you implement a RegTech solution for policy governance that includes reporting, a governance report could show a breakdown of each office location and employees acknowledgement of applicable policies and procedures. When comparing new customer KYC process results to governance acknowledgement, you may realize trends like an uptick in non-compliant KYC accounts is happening at a location where 40 percent of the employees haven’t acknowledged the updated KYC procedures.

In the evolving world of regulations, that kind of transparency can make a huge difference.

By leveraging RegTech reporting, your organization identifies – and begins addressing – compliance risks immediately, instead of waiting for the results of an audit potentially months down the road. And when it comes to regulations, being proactive is the way to go.

Marcus Anderson is a consulting manager and financial services industry expert at Hyland.
Marcus Anderson
Latest posts by Marcus Anderson (see all)

Marcus Anderson

Marcus Anderson is a consulting manager and financial services industry expert at Hyland.

... read more about: Marcus Anderson