Fraudsters, Regtech and Regulators

December 18, 2020

Regtech has been under the spotlight recently due to increased pressure, and ramifications from regulators. Regulation is a natural product of a changing financial, and technological landscape. Never before has tight regulation been so important for protecting consumers, businesses, and a healthy market. Many companies, however, have a tough time keeping up with regulatory change. The last year has been especially tough on many companies as they attempt to acclimatize to GDPR. This has been worsened by a continued failure of regulatory bodies to integrate their proposed compliance strategies with the technology that they involve. Some are suggesting a machine-first approach in which regulations would be written with automated compliance strategies in mind. Despite great efforts, mishandling of data is still very common, as are the fines which accompany it.

Data breaches and GDPR

In January Google was fined 50 million euros for a breach of data protection rules. The French data regulator CNIL claimed a “lack of transparency, inadequate information and lack of valid consent regarding ads personalisation”. 50 million isn’t a huge dent for Google of course, but the bad press, and increased observation has further reaching consequences. GDPR has been the cause of several record breaking fines, acting as a warning for a future which will likely undergo periodical regulatory upheavals.

Number of data breaches notified from may 25, 2018, to january 28, 2019

Last month Raphaels Bank received its second major regulatory fine in under five years. The £1.9 million penalty was a result of poor outsourcing control which led to thousands of customers being unable to receive wages and make payments. The issue was caused by a third party who Raphaels outsourced work relating to prepaid cards. Even so, Raphaels was still wholly culpable for the regulatory breach do to a failure to assess the outsourcer’s ability to recover after disruption or tech failure. The complexity of information technology legislation reflects this increased risk. However, compliance strategies have been struggling to keep up with the radical changes. The possible points of failure when combining regulatory systems, and banking technology are so many that only an exhaustive technological solution can come close to solving the issue.  

Rampant rises in fraud have also helped to demonstrate the value of such innovations. Some of the worst offenders currently are Indian banks. The Reserve Bank of India has reported well over £8 Billion in banking frauds across India between 2018 and 2019. The RBI also divulged that 53,334 cases have been reported in the past eleven fiscal years amounting to a total of £23,336,175,000. Huge sums of money are slipping through the gaps in systems we should to be able to trust. But, it is possible that Regtech startups such as NetGuardians and Apiax could help to keep a handle on the situation.

Regtech’s rising startups and machine-first execution

NetGuardians is a Swiss RegTech company that helps financial institutions fight financial crime. This includes digital banking fraud, enterprise payment fraud, and internal fraud. Apiax is another startup to keep an eye on. Apiax are the creators of an advanced toolset to master complex financial regulations digitally. By turning complex regulations into digital rules, they can manage the full regulatory lifecycle. This helps to ensure compliance and rules out human error. The challenges facing regtech startups, however, are not small.

Regtech trends fintech banking software
Google trends for global searches on “Regtech” since 2014.

 

There is a sort of arms race between regtech providers and fraudsters. Right now, KYC and AML (anti-money laundering) solutions make up the bulk of regtech companies in the UK. They are all struggling against increasingly realistic fake documents as manual checks become unreliable, or even impossible. Not only is the battle raging between regtech and fraudsters, but also between regtech and regulators.

Claus Christensen, chief executive of Know Your Customer says:

“At the moment, regulation is written with technology in mind but to be executed manually. But if regulation were to be written with a machine-first execution in mind, it would be a significant step forward in making the onboarding process more efficient”.

This is of course a concept which regulators will have to get behind, and that may be a challenge. Fines, apart from keeping companies in check, provide a substantial lump of revenue for governing bodies.

Historically, excesses in fine revenue in the UK were put back into firms to reduce overall regulatory costs. Since April 2012 this revenue has been passed directly into the Treasury instead. Helping to institute plans to create automated regulatory compliance across the board could see as much as £2 Billion a year vanish from government coffers. There is also a worry that machine-first execution would cause job loss. However, Christensen is quick to point out that:

“This, though, doesn’t mitigate the complexity behind having to come up with a policy in the first place – only a human can do that. You still need experts to understand what the business needs and what the customer needs. Analysts and individuals will always be needed to see processes through from idea to fruition.”

Still, we are currently years, at least, from machine-first execution being the norm. Until then there are a few other kinds of regulatory technologies helping companies to tackle regulations head on, rather than being caught out.

Regulatory horizon scanning

Regulatory horizon scanning platforms are filling the current gaps. They provide banks and companies with adequate regulatory intelligence, and the ability to predict more accurately and act sooner. Horizon scanners are in essence information and data gathering services, finding, filtering, curating and analyzing relevant news and soft-data. Understanding and predicting future regulation and law can help regulation and compliance teams plan projects successfully and avoid fines. As well as planning for regulation, they help companies to plan for de-regulation which can frequently open up opportunities to take advantage of. These technologies have other use cases outside of compliance, being frequently used in educational institutions, and law firms.

Currently these systems provide companies with the best chance to handle regulation with finesse and relative ease. However, companies will continue to suffer and risk huge penalizing measures while regulation continues to operate in this interim. Suffering the complexity and frequency of regulations around information, data, and financial technologies, while being unable to effectively utilize technology to ease the burden. Despite some obvious hurdles, however, machine-first execution will one day be the norm. Exponentially increased regulatory pressure and non-compliance penalization is simply unsustainable. Sure it is a great form of government income, at least here in the UK, but such an anti-business regulatory ethic will only serve to hinder productivity, and shrink our economy.