Well beyond the FinTech hype is the easily-overlooked domain of RegTech, technology that’s enhancing financial regulatory efforts and compliance. This domain touches on a wide range of topics critical to financial companies including privacy, security, and the movement towards digital identities.
At this month’s Fintech Conference in Vancouver put on by the Digital Finance Institute, a panel of experts convened to discuss the opportunities and challenges in RegTech and compliance in the era of automation.
To set the context, one panelist divided the history of FinTech into a number of eras:
- FinTech 1.0 was the telephone and telegraph.
- FinTech 2.0 covers the introduction of the ATM up to e-banking.
- FinTech 3.0 was the reaction to the risks revealed by the 2008 financial crisis; and now
- FinTech 4.0 is one that is not reactive to crises, but a proactive reform of financial markets.
Regulators have always tried to protect consumers, ensure financial stability, prevent bad behaviors, and maintain the reputation of the financial industry. While this used to be reactive, where financial companies would comply with regulations created after examining data from a crisis, now the aim is to perceive risks accurately in real time and be predictive.
The temptation for RegTech companies is to find and market an automated solution for this. But there are two problems with this idea.
The first is that FinTechs’ behavior is not precisely defined when it comes to certain regulatory standards. FinTechs have made regulators’ jobs tricky. Part of a regulator’s job, for instance, is regulating unauthorized deposit taking and insurance activities. “Fintechs sometimes blur the lines,” says Frank Chong, Deputy Superintendent of Regulation at the Financial Institutions Commission of British Columbia.
As an illustration, peer-to-peer lenders currently provide personal loans, but one can envision a time when these same FinTechs enter into mortgage lending, an area that is heavily regulated.
The second problem is that no off-the-shelf compliance solution or combination of tools is going to comprise an acceptable compliance program. As Badour said, automated compliance is a challenge today because “you have laws that were drafted at a certain time in a certain context, and it’s very hard to operationalize them and turn them into an algorithm.”
That’s not the only difficulty. Consumer confidence in the financial industry is a top priority for regulators, and achieving that still requires levels of human engagement.
This was explained by Ana Badour, Partner in the Financial Services Group of McCarthy Tétrault LLP in Toronto, who highlighted the concept of the three lines of defense as a fundamental compliance principle. The three lines of defense are:
1. Business operations: Software developers, marketers, and others should be actively considering compliance risk and control when discussing product development.
2. Oversight functions: Compliance officers are included in the discussion on product launches and are responsible for documentation.
3. Independent assurance: Early checks such as internal audits determine if policies and procedures have actually been followed.
RegTech is a complement to this, Badour said, but can’t replace a comprehensive compliance function. For FinTechs and companies thinking of adopting regulatory technology, a bargain must be struck between automation and the traditional regulatory and compliance set up.
Chong said, “We have specific controls when it comes to capital liquidity, licencing, and governance. The FinTech space is less clear with regulators and policy makers. The hard truth is that policy makers will always be playing catch up with regards to the FinTech space.” Tech companies move quickly into new markets, and when regulators catch up and determine there are non-compliance issues, it becomes very difficult for companies to unwind their positions.
There is a wealth of opportunity in the FinTech and RegTech spaces, but also a number of significant challenges that must be carefully navigated. The panel encouraged companies in these spaces to engage regulators, and open an ongoing conversation to discuss the services they look to provide.