By Neil Katkov
OWhat is the best technology to support risk management initiatives?
The answer to this question is increasingly nuanced as financial institutions face a crowded marketplace of regtech – the application of advanced technologies to operational functions dealing with risk management and regulatory compliance. Well-designed solutions that incorporate these advanced technologies can help address longstanding challenges in risky operations, but the regtech journey requires careful assessment of perhaps hundreds of regtech startups.
Banks need to be clear about how to apply regtech to risk functions and how regtech can support financial and operational stability, strategic business growth objectives, and regulatory compliance. Consider how regtech compares to the broader risk management technology market, what it offers, and how banks can systematically assess the complex market to use regtech most effectively to support risk management initiatives.
The evolution of risk management technologies
Risk management technology has evolved in three overlapping stages. Traditionally, internal groups (development teams) and external groups (software developers, systems integrators) provided the specialized technologies that support risk management functions. Today, a third group, regtech startups, make up a significant portion of the risk management technology landscape. By understanding these developments, financial firms can assess the modernity of their risk management technology portfolios.
The first stage is represented by software, specialized applications designed to support specific operational functions. Developed internally or externally, risk management software (such as FICO Tonbeller for financial crime compliance, FIS for financial risk management or RSA Archer for governance, risk and compliance) is the most often installed on site, updated via periodic releases.
The second stage is represented by platforms, generalized applications that specialized technology vendors develop to support a wide range of business functions. Various platforms help drive financial risk management (such as platforms provided by SAS Institute, SAP, or IBM) and operational risk management processes (including platforms from Pegasystems and UiPath). Platforms are usually licensed and installed on site.
Regtech, the third stage, provides technologies that address the inherent issues of risk management and compliance. These technological building blocks are big data; artificial intelligence, including machine learning, natural language processing and robotic process automation; Modern RESTful APIs, which facilitate rapid integration of the regtech solution with a bank’s internal systems and third-party services (including external and other regtech data sources); and cloud. Most pure play regtech solutions are cloud native, building on the ability of cloud platforms to provide scalable data storage and high performance computing. Regtech is typically deployed through a cost-effective software-as-a-service model and sold through a subscription. (Some regtechs also offer on-premises solutions to address the complexity and sensitivity of risk operations at large banks.) Regtech solutions are written in modern programming languages that support big data analysis. Maintenance is provided by continuous releases from the devops teams with updates as frequent as they are daily, thus avoiding the need for major software upgrades.
Over 1,000 companies populate the global regtech market, with AQMetrics, ComplyAdvantage and LogicGate some of the active vendors today. Investments in regtech have increased significantly in recent years. They surpassed the $1 billion mark in 2015, rose to $8.5 billion in 2019, dropped to $7.9 billion in 2020 during the pandemic, and are estimated to reach $18 billion in 2021. Technology spend by financial institutions on risk management is expected to reach $88.3 billion globally in 2022.
Regtech Risk Management Features
There is a wide range of use cases for regtech in risk management and compliance. These include the analysis of financial risks based on internal data (portfolio, customers) and on market news or macroeconomic indicators; entity resolution, ongoing know-your-customer processes, and automation of routine case management tasks for financial crime compliance; governance, risk and compliance functions; cybersecurity and more.
Banks can evaluate suitable vendors based on what each offers, how these regtechs deploy their technology solutions, and how those solutions fit within an institution’s technology and functional capabilities and goals. Functions supported by regtech include:
- Conduct. Management of conduct compliance issues, including sales practices, government and corporate relations, investments and outside business activities, and fraudulent transactions.
- Cyber security. Improved hardware and systems monitoring, analysis, forensics and data sharing.
- Financial Crime Compliance. Improving the performance of financial crime systems to prevent money laundering.
- Financial risk management. Assessment of market, credit and liquidity risks based on the status quo; Compliance with stress tests and other regulatory mandates.
- Governance, Risk and Compliance (GRC). Basic systems for operational risk management; risk assessment, monitoring and mitigation.
- Regulatory and tax reporting. Reporting functions for capital markets (such as trade transaction reporting for MiFID and EMIR) and tax reporting (including support for FATCA and CRS regulations).
- Management of regulatory changes. Confirmation that a financial institution’s policies and procedures comply with regulations.
- Supervisory technology. Advanced solutions for government oversight agencies and regulators that can help financial institutions comply with modernized regulatory processes.
Planning a successful regtech journey
When a financial institution begins or continues its regtech journey, part of the goal is to determine how to make the most of the many technology options available. What this means for each bank will vary depending on the specific risk. This requires positioning risky technology vendors within the overall regtech universe, comparing vendors based on how they implement AI and other building blocks of regtech, and understanding how various vendors offer functional capabilities to meet specific use cases. Together, these elements provide a regtech taxonomy that can help financial institutions assess the risk solutions offered by regtech startups and incumbent providers.
Banks that can navigate this crowded market will be well equipped to assess regtech and apply it to risk functions. Analyze risk functions in terms of criteria such as commoditization (risk functions that provide minimal competitive advantage), effectiveness (functions that face extreme operational inefficiencies), degree of risk (functions with high levels of exposure) and strategic importance (functions that provide strategic value to the business) can help companies identify and focus on areas that will help strengthen projects with quantifiable and meaningful results.
Successful deployments of regtech also depend on banks turning to risk technology holistically – across the spectrum of risk functions – rather than in silos. Cross-risk, for example, recognizes the interdependent impact of financial and operational risks (which are traditionally separated) on the resilience of businesses and operations. As such, and to support enterprise-wide decisions, CTOs are increasingly involved in technology risk considerations. Overall, banks that recognize the limitations of existing risky operations and the potential of advanced technology to address these issues will actively engage and implement the solutions available from the growing field of regtech providers.
Neil Katkov oversees the risk space at Celenta global research and advisory firm focused on technology and business strategy in the financial services industry.