By Neil Katkov
What is the best technology to support risk management initiatives?
The answer to that question is increasingly nuanced as financial institutions face a crowded marketplace of regtech—the application of advanced technology to operational functions dealing with risk management and regulatory compliance. Well-designed solutions that incorporate these advanced technologies can help address longstanding challenges in risk operations, but the regtech journey requires careful evaluation of perhaps hundreds of regtech startups.
Banks must have clarity into how to apply regtech to risk functions and clarity into how regtech can support financial and operational stability, strategic corporate growth objectives and regulatory compliance. Consider how regtech compares to the broader market of risk management technology, what it offers, and how banks can systematically evaluate the complex market to use regtech most effectively to support risk management initiatives.
The evolution of risk management technologies
Risk management technology has evolved over three stages, with overlap among them. Traditionally, internal groups (development teams) and external groups (software developers, system integrators) delivered the specialized technologies that support risk management functions. Today a third group, regtech startups, represents a significant portion of the risk management technology landscape. By understanding these developments, financial firms can assess the modernity of their risk management technology portfolios.
The first stage is represented by software—the specialized applications that are designed to support specific operational functions. Developed internally or externally, risk management software (such as FICO Tonbeller for financial crime compliance, FIS for financial risk management or RSA Archer for governance, risk and compliance) is most frequently installed on-premise, updated through periodic releases.
The second stage is represented by platforms—generalized applications that specialist technology providers develop to support a wide range of enterprise functions. Various platforms help drive financial risk management (such as platforms provided by SAS Institute, SAP or IBM) and operational risk management processes (including platforms from Pegasystems and UiPath). Platforms are typically licensed and installed on premise.
Regtech, the third stage, delivers technologies that address pain points inherent in risk management and compliance. These technology building blocks are big data; artificial intelligence, including machine learning, natural language processing and robotic process automation; modern RESTful APIs, which facilitate rapid integration of the regtech solution with a bank’s internal systems and third party services (including external data sources and other regtech); and cloud. Most regtech pure play solutions are cloud-native, drawing on cloud platforms’ ability to provide scalable data storage and high-performance computing. Regtech is usually deployed through a cost-effective software-as-a-service model and sold through a subscription. (Some regtechs also offer on-premise solutions to meet the complexity and sensitivity of risk operations at larger banks.) Regtech solutions are written in modern programming languages that support big data analytics. Maintenance is delivered through continuous releases from devops teams with updates occurring as frequently as daily, sidestepping the need for large software upgrades.
More than 1,000 companies populate the global regtech marketplace, with AQMetrics, ComplyAdvantage and LogicGate just a few of the providers active today. Investments in regtech jumped significantly in recent years. They surpassed the $1 billion mark in 2015, jumped to $8.5 billion in 2019, dipped to $7.9 billion in 2020 during the pandemic and are estimated at $18 billion in 2021. Technology spending by financial institutions on risk management is expected to reach $88.3 billion globally in 2022.
Regtech’s risk management functions
A wide range of regtech use cases exist across risk management and compliance. These include financial risk analysis based on internal (portfolio, customer) data and market news or macroeconomic indicators; entity resolution, continuous know-your-customer processes, and automaton of routine case management tasks in financial crime compliance; governance, risk and compliance functions; cybersecurity and more.
Banks may evaluate suitable providers based on what each offers, how those regtechs deploy their tech solutions and how those solutions fit into an institution’s technological and functional capabilities and goals. Functions supported by regtech include:
- Conduct. Management of conduct compliance concerns, including sales practices, government and corporate relationships, investments and outside business activities, and rogue trading.
- Cybersecurity. Enhanced hardware and systems monitoring, analytics, forensics and data sharing.
- Financial crime compliance. Improved performance of financial crime systems to prevent money laundering.
- Financial risk management. Assessment of market, credit and liquidity risks on a business-as-usual basis; compliance with stress testing and other regulatory mandates.
- Governance, risk and compliance (GRC). Core systems for operational risk management; risk assessment, control and mitigation.
- Regulatory and tax reporting. Reporting functions for capital markets (such as trade transaction reporting for MiFID and EMIR) and tax reporting (including support for FATCA and CRS regulation).
- Regulatory change management. Confirmation that a financial institution’s policies and procedures stay current with regulation.
- Supervisory technology. Advanced solutions for government supervisory agencies and regulators, which can help financial institution’s meet modernized regulatory processes.
Planning a successful regtech journey
As a financial institution starts or continues its regtech journey, part of the goal is to determine how to yield the best value from the many available tech options. What this means for each bank will vary, depending on specific risk. This requires positioning risk technology providers within the overall regtech universe, comparing providers according to how they implement AI and other regtech building blocks, and understanding how varied providers offer functional capabilities to meet specific use cases. Together these elements provide a taxonomy of regtech that can help financial institutions evaluate risk solutions offered by regtech startups and incumbent providers.
Banks that can navigate this crowded marketplace will be well equipped to evaluate regtech and apply it to risk functions. Analyzing risk functions in terms of criteria such as commoditization (risk functions that provide minimal competitive advantage), efficiency (functions that face extreme operational inefficiencies), degree of risk (functions with high levels of exposure) and strategic importance (functions that provide strategic value to the business) can help firms identify and focus on areas that will help strengthen projects with quantifiable, meaningful results.
Successful regtech deployments also depend on banks turning to risk technology holistically—across the spectrum of risk functions—rather than in silos. Cross risk, for example, recognizes the interrelated impact of financial and operational risks (which are traditionally separated) on business and operational resilience. As such and to support enterprise-wide decisions, chief technology officers are increasingly involved in risk technology considerations. Overall, the banks that recognize the limitations of existing risk operations and the potential of advanced technology to address these problems will actively engage with and implement solutions available from the growing field of regtech providers.
Neil Katkov oversees the risk space at Celent, a global research and advisory firm focused on technology and business strategies in the financial services industry.
