What’s Next for RegTech?

Regtech isn’t limited to financial markets as the field also includes compliance management in the biopharma, healthcare, and other regulated sectors, both here at home and globally. All forms of misconduct from financial to personal are also subject to behaviors that are governed by rules that define what is acceptable versus unacceptable – and hence punishable – actions which have clear consequences for violations.

?As a player in this field, we have the opportunity to speak with customers on a regular basis. And it’s particularly interesting to engage in the conversation when multiple clients and vendors are all sharing in the same dialogue: you learn things. Some clients are recognized luminaries in compliance. Everyone provides valuable insights into the challenges they’re facing, why they’re struggling with them, and how they’re working to solve their problems.

?All this provides an excellent foundation for looking into the future to get a glimpse into what may be next for RegTech. And, for the sake of context, our focus is limited to RegTech as it applies to compliance within the financial markets, because that was the theme for the event. Here are some of the highlights of the conversations that took place at that event. You didn’t even have to be a fly on the way to learn what I learned as I’m sharing it all below!

The Post-Pandemic World

For the most part, the financial services industry accepts that artificial intelligence (AI) is a critical technology. Despite that seemingly broad acceptance that it’s here to stay, it remains poorly understood. And, for good reason, there is also considerable skepticism around it given its history of enabling machine learning to train on a homogenous data set that preferentially discredits minorities. The proverbial “black box of AI” is indeed, a bit of a Pandora’s Box, and has raised the flag for increased transparency, tighter governance, and clear explanations regarding how it works so that the mechanics behind the AI can be understood by a broader audience. I noticed a few vendors looking down and blinking nervously during this part of the discussion.

?Sounds simple enough, but each of the aspects highlighted above requires considerable effort around education and access. In this post-pandemic world rife with apocalyptic real-world events like Hurricane Ian, COVID, wildfires, inhumane sizzling temperatures, war, and other cataclysmic scenarios promulgating human suffering, there is an unfortunate side-effect. Fraud!

Financial institutions want to protect their clients and understand that AI can be leveraged as a tool to fight fraud, but they’re (in general) woefully under-prepared for what must be done to roll it out and manage what happens next. We all agreed to do our part here. Regulators essentially relaxed while the coronavirus spread its poison. However, as we’ve seen with the recent “misconduct tour” initiated by the SEC, those days of forgiveness appear to be over. In the last few months alone, it is well known that the SEC has levied more than $1 billion USD in fines for banks who have not been monitoring and/or archiving their employees’ and clients’ text messages. Hiding behind a policy that prohibits such activity is no longer adequate: without a proactive solution, banks can expect that the SEC will be visiting soon.

There are clean benefits to AI and machine learning (ML). Nobody at the event disputed this statement. Banks do, however, wish to retain control and limit the application of AI to well-defined problems. The slope is much slipperier when it comes to using the tech to make companies and people more efficient versus so efficient that the human roles are replaced by bots. That’s a topic that makes everyone nervous – compliance officers in particular.

This pseudo post-pandemic world has ushered in a whole host of new problems stemming from prolonged uncertainty to poor mental health to inflation. Combined, the effect is spurring questionable behaviors by CEOs to hourly workers around the globe. These behaviors are commonly making the headlines for personal misconduct. In many cases, they’re not making the headlines at all, but a growing workplace toxicity appears to be emerging in just about every organization around the world.

Banks are struggling to figure out exactly what their obligations are. Does personal misconduct apply to an after-hours incident where, for example, an employee physically or sexually assaults someone at a house party over the weekend? What ends up happening is that banks get caught up in their own hyperbole. They get overwhelmed, budgets skyrocket, and they end up missing “the forest through the trees” as they strive to build “the best EVER” in-house solution – even if they integrated third-party components into that solution. The challenge here is that small vendors are essentially shut out of the conversation and never get the invitation to play in the sandbox. And that’s unfortunate because the more competition there is, the more that RegTech as a field wins. Competition makes us all better for it.

The Challenges Ahead

Texting! Pretty much everyone here at the event rolled their eyes at the same time when this challenge came up. Some may see it as the best invention in the history of mankind. Others, like bank executives, view as the invention that’s going to ruin their reputations and put their firm out of business. Don’t forget – the SEC is just getting started on its e-communications misconduct tour. What happens next is unknown – will they come after individuals like hedge-fund managers, fine them personally, and/or sentence them to jail? Watch this space!

WhatsApp has two billion users because it’s a fabulous e-comms tool. Bank execs acknowledge that it’s being used by their staff – and even members of their exec team despite policies which prohibit doing so – yet it’s still not being monitored let alone managed for compliance. Microsoft Teams and Slack conversations are in the same sorry state. Both tools are ubiquitous, but neither is being effectively managed for compliance.

Then there’s the whole matter of “gigging it” as companies increasingly tap a global talent pool. Specifically, that entails freelancing and consulting – part time – where everyone adopts a BYOD (Bring Your Own Device) approach. How do you monitor that? Nobody here had an adequate answer.

Not to mention the whole matter of legacy tools. And compliance officer ABC’s favorite tools. Or how financial firms are cobbling together various tools as they attempt to have a wholistic overview of all the activities ongoing across the various firms that they’ve recently acquired. It’s anything but a pretty picture.

These challenges above are already well known. It’s the problems that are currently mere blips on the radar that are going to leave execs shaking in their shoes. Take cryptocurrency for example. It’s a wild west out there with blockchain infrastructures so nested that even the best hackers in the world can’t figure out who made what transaction from behind the veil of the dark web. Not to speak for the whole RegTech industry, but none of us really knows how to wrap our hands around the crypto octopus; we’re thinking about it, obviously, but ready to launch a solution yet.

e-Comms channels continue to multiply like rabbits. We know of WhatsApp, Instagram DMs, Meta Messenger, Slack, Teams, WeChat, and so on. But we don’t know what we don’t know. What other conversations are ongoing through various online networking groups, e-Learning apps, and other digital solutions that enable two entities (human or android) to communicate? If we don’t know where to look, we can’t capture any of it. And last we checked, “I didn’t know about it,” doesn’t hold up as a defense for non-compliance that regulators will accept.

Variety is good when it comes to choices like those you’d find in a box of chocolates. However, variety is not so good when it comes to every RegTech vendor offering up their own AI solution for monitoring. Each of has our own proprietary algorithms, and no, of course we’re not advocating that everyone publishes those algorithms for all to see. That adds complexity to an already challenging problem. And that means that risk is as variable. How much risk one solution has over another is tough to quantify.

Of course, everything is up on the cloud so that necessitates having faith that your firm’s little slice of a shared cloud is indeed private and impenetrable from others who are poking around in the same cloud. For many, that’s a leap of faith. For some, they can’t get there – at least not yet.

The Outlook for RegTech

So, what’s ahead? In no particular order, this is our best guess based on the conversations we had at the event:

·??????Clients and regulators will increasingly demand that vendors “show & tell” how they their technology works

·??????Along these lines, “black box” vendors will be snuffed out – if they don’t know how their own tech works, who does?

·??????Behavioral AI solutions will remain heavily scrutinized and considerable education along with tight governance boundaries will be essential to move the field forward

·??????Stop-starts and false-starts will likely increase as financial firms experiment with innovative new solutions only to realize at some point in the procurement process that the solution acquired has been “oversold”

·??????Chief Compliance Officers (CCOs) will be getting more work added to their plates to develop vetting processes that more thoroughly assess a vendor’s capabilities before bringing them in

·??????CCOs will network with each other more often to get the “real story” behind each vendor implementation and to adopt each other’s best practices

·??????CCOs and other execs at financial firms will come around to the idea that their RegTech solution provider needs to be elevated from the category of “vendor” to “partner” to truly collaboratively and effectively tackles some of these growing compliance challenges

·??????Today, the field is preoccupied with text messaging: the opportunities for non-compliance within video conferencing are not yet even part of the conversation – but they will have to be

·??????Flipping between various languages is reasonably manageable today but emoji speak has multiple lexicons of its own and these will soon take a place at the head of the table to figure out what they mean and how their meaning differs by geography and evolves over time

Looping back to how we began this article, nobody has a crystal ball. None of us knows what happens next. The future of RegTech is, well, in the future. But, based on all the main line and side line conversations that happened at this event, we do know that it’s going to be a wild ride. Buckle up!