RegTech: Building A Regulatory Tool Kit for the 21st Century

[Transcript of Keynote given at FinnovAsia on May 30th 2016]


Since the 2007 financial crisis, we have witnessed a series of scandals ranging from PPI mis-selling to the LIBOR rigging scandal. The direct consequences of this has been the implementation of a more stringent regulatory regime increasing overall compliances costs. Indeed, since 2007, financial fines have increased 45-fold, incurring additional compliance costs of multiple billions of dollars. Indirectly, the financial instability that is being generated impacts the population with most recent reports estimating that cancer mortality has increased by 500’000 and 50%+ of Americans cannot afford an unexpected expense of US$400.

In my opinion, Regulatory () represents a dual opportunity. Economically, it resolves compliance cost concerns of CEOs, whilst socially it delivers a direct add-value to regulators to enhance market stability and consumer protection.

In other words, while in advanced economies early developments (e.g. P2P lending) appear to be a re-action to the symptoms of the previous financial crisis (e.g. credit shortage), RegTech appears as a more mature approach that may limit the severity of the next crisis.


Similarly to FinTech, the benefits of automatizing reporting and compliance processes are not new, as demonstrated by the introduction of pattern analysis or the work done by the SEC in the US in 2000. Furthermore, most of the post-crisis reforms focus on data transparency (e.g. Central OTC clearing), openness (e.g. PSD2) and standardization (e.g. unique entity identifier) However, whilst not new RegTech as a term has increasingly been used in the last 6 months. This uptick of activity warrants the necessity to start re-conceptualizing RegTech and set a foundation of understanding across the industry, regulators and policy makers.

Establishing a topology of the sector, RegTech covers four key areas:

  • AML/KYC – Anti-Fraud
  • Risk Management
  • Data Management
  • Compliance

As it currently stands, the most visible RegTech innovation seems to be in the e-KYC space, similarly to how payments and alternative lending used to define the bulk of FinTech innovation. The pain points encountered by given their current AML/KYC process and relative simplicity of developing a certified third party authentication platform (versus implementing a wide scale use of smart contracts to identify contractual liability of a firm in real time) explains the immediate focus given to this specific sub-sector. However, the digital AML/KYC process represents a superficial (i.e. customer-facing) use of RegTech similarly to how certain digital banking propositions are simply a better UX skin on top of an outdated core banking engine.

In my mind the real long term value (both from an investment and social perspective) is embodied in solutions that redefine the way is being created so that risk identification and compliance can leverage on data and automation to really be proportionate (e.g. to actual risk) and real time (e.g. as opposed to batch reporting). In that respect, the development of Regulatory Sandboxes represents an initial step for regulators to deploy and learn how to use RegTech as part of their regulatory toolkit.

In that regard, the FCA (in the UK) has, once again, championed the promotion of this objective with the announcement of a “regulatory sandbox” in Nov 2015 (e.g. currently accepting applications and will go live with 10 participants in September 2016). This approach has so far been positively echoed in other jurisdictions with ASIC in Australia and MAS in Singapore holding consultations. The benefits of sandboxes are diverse. For external stake holders (e.g. start-ups), they reduce time to market and compliance costs. For internal stakeholders (e.g. regulators) they add an interaction method with start-ups as well as a transition tool towards a more data-driven supervisory model.


However, these developments are currently very much in experimental phase. The fact that access to the sandbox is limited to a handful of participants and the scope of experimentation constrained by EU laws (e.g. exclusion of credit institutions, insurance or alternative fund managers as well as base line regulatory capital for some activities irrespective of portfolio/market size) shows that only specific FinTech start-ups will benefit. The counter to that being considered, given the current Brexit discussion. Was Brexit to materialize, the FinTech eco-system in the UK (heavily driven my EU regulatory requirements) would lose its appeal (and VC funding in EU is already down 40%+ in Q1), making the rationale of a sandbox a moot point. In other words, a Brexit would leave the sandbox with not enough kids to play inside!

I therefore see the current sandboxes (e.g. virtual, umbrella, regulatory) as the first building block towards a reconceptualized regulatory regime that is truly real-time and proportionate. This means that the parameters of the sandbox also need to be conceived with an end objective in mind and leverage a true opportunity to change the current paradigm of market supervision/regulation and firms’ compliance and reporting processes. An illustration of this shift would be as follows:


This is very much an ongoing conversation and a very rare occasion where the interest of FinTech, FinServ and Regulators fell easily aligned.

[linkedinbadge URL=””off” mode=”icon” liname=”Janos Barberis”] is Millennial in FinTech | HKU Law | Founder FinTech HK & SuperCharger | Co-Editor The FinTech Book