Regulatory technology, better known as RegTech, companies do pretty much what their name says: they manage financial industry regulatory processes using technology. Although not well known outside of industry circles, this thriving sector is now growing at a pace of 19.5 percent annually.

The size of the regtech industry is still relatively small, generating only $5.32 billion in revenue in 2019. However, it is expected to reach $21.73 billion by 2027, according to Reports and Data.

Yet, the industry is not exactly a new one. Its existence can be traced back to two decades ago when banks started facing more rules about what transactions they could process and who they could do business with as well as who needed IT infrastructure that could flag or block transactions that would breach regulatory compliance rules.

The biggest push to the regtech sector came with the heightened regulation over the last few years resulting in increased reporting requirements and other checks.

RegTech companies can be classified into several categories: some are offering to monitor suspicious transactions, while others are focused on smoothening out the details of client identification and verification.

However, all the services fall under one crucial task: to make financial companies compliant with the dynamic regulatory frameworks.

Rupert Brown, CTO and Founder at Evidology Systems
Rupert Brown, CTO and Founder at Evidology Systems

“The popularity of RegTechs is usually based on the fact that they provide an out-of-the-box solution for most statutory reporting requirements — the reports are not particularly complex, but they require significant data aggregation,” said Rupert Brown, the CTO and Founder at Evidology Systems, explained.

RegTechs are becoming the backbone of the financial services industry when it comes to regulatory compliance. Big financial companies were developing proprietary IT infrastructure before for their own compliance needs, but a recent IHS Markit survey revealed that the majority of them are now depending on regtech vendors.

The Current State of Regtech Regulation

Regtechs do not have any specific regulatory framework for them. These companies do not even fall under the category of fintech as they do not provide any financial services themselves. They only provide B2B services to streamline regulatory compliance.

“The prevalent model of RegTech regulation today is indirect regulation: meaning, the regulators are obligating the regulated entities to make sure their outsourced functions are fit-for-purpose,” Remonda Kirketerp-Møller, the Founder and CEO, Muinmos said.

“This is done, mainly, through all types of outsourcing guidelines. Sometimes regulators will also provide some technical standards and/or guidance as to the nature of the outsourced activity.”

Primarily, RegTech companies are now subject to due diligence processes and different levels of audits from customers in response to their regulators’ specific requirements and/or inquiries. These mostly fall under a self-regulatory environment.

However, RegTech companies could be held responsible for any shortcomings in their offerings under the “traditional laws of contract and false advertising.”

John Joy, CEO and Managing Attorney at FTI Law
John Joy, CEO and Managing Attorney at FTI Law

“If you hire a RegTech company to ensure compliance with a particular law, if they fail to uphold their obligation, your only recourse is likely to be through suing them for breach of contract, or potentially false advertising,” said John Joy, the CEO and Managing Attorney at FTI Law.

“This means taking an expensive court case against them and hoping that the contract you negotiated with the company will allow you to bring suit.”

However, there are some grey areas in which regulatory intervention can be possible for any breach of the standard by RegTech companies. Major regulators like the United States’ Securities and Exchange Commission (SEC) might take action against any false promises by regtech firms, but again, these are not proper regulations.

Is Regulation Necessary?

Regulation brings heaps of extra work to any company, but they help to build trust. And, when it comes to RegTech, this trust in their infrastructure is crucial as they are helping others to become compliant. Any lapses in the regtech infrastructure would result in the non-compliance of their clients.

remonda-kirketerp-moller
Remonda Kirketerp-Moller, Founder and CEO, Muinmos

“It’s a no-brainer as far as I’m concerned,” Kirketerp-Møller said when asked about the question of the necessity of regtech regulations.

“If RegTech firms are regulated, this would give reassurance to financial institutions wishing to outsource relevant aspects of the compliance function to RegTechs. Essentially, it would really drive the RegTech sector forwards, help the best companies within the sector to succeed, and ensure that fast, compliant and efficient systems are in place 24x7 at financial institutions.”

However, everyone does not agree when it comes to regulations. After all, regulations often become a roadblock to growth, and the regtech industry is still in its growth phase.

“Regtech is an emerging industry, and while regulation is usually a good thing for companies, given the nascent stage of the industry, it is more likely to hamper innovation at this point,” Joy pointed out.

Focus Areas for Regulations

Regulation is necessary, but it might be viable to regulate the entire regtech industry at once. Regtech services vary, and so any proposed regulations on the industry should also focus on particular niches.

“The first areas that should be regulated are the ones it is the easiest to determine their quality,” Kirketerp-Møller said. Some of these areas include automated identity verification services or data sources.

She added: “As for the manner in which RegTech regulations should be implemented, I’d say one way to go is a 'family' of ISO standards, developed with EU, UK, US, and other regulators worldwide. The advantage of having RegTechs regulated this way is that it’s not country-by-country, which can be both onerous and expensive, it creates a global standard which is very important when one deals in global trade, and it also does not burden regulators with more duties and costs.”

Ultimately, the regulation of RegTechs is crucial and imminent. However, the regulators have to determine how they want to watch over the industry without hampering growth aspects.

Regulatory technology, better known as RegTech, companies do pretty much what their name says: they manage financial industry regulatory processes using technology. Although not well known outside of industry circles, this thriving sector is now growing at a pace of 19.5 percent annually.

The size of the regtech industry is still relatively small, generating only $5.32 billion in revenue in 2019. However, it is expected to reach $21.73 billion by 2027, according to Reports and Data.

Yet, the industry is not exactly a new one. Its existence can be traced back to two decades ago when banks started facing more rules about what transactions they could process and who they could do business with as well as who needed IT infrastructure that could flag or block transactions that would breach regulatory compliance rules.

The biggest push to the regtech sector came with the heightened regulation over the last few years resulting in increased reporting requirements and other checks.

RegTech companies can be classified into several categories: some are offering to monitor suspicious transactions, while others are focused on smoothening out the details of client identification and verification.

However, all the services fall under one crucial task: to make financial companies compliant with the dynamic regulatory frameworks.

Rupert Brown, CTO and Founder at Evidology Systems
Rupert Brown, CTO and Founder at Evidology Systems

“The popularity of RegTechs is usually based on the fact that they provide an out-of-the-box solution for most statutory reporting requirements — the reports are not particularly complex, but they require significant data aggregation,” said Rupert Brown, the CTO and Founder at Evidology Systems, explained.

RegTechs are becoming the backbone of the financial services industry when it comes to regulatory compliance. Big financial companies were developing proprietary IT infrastructure before for their own compliance needs, but a recent IHS Markit survey revealed that the majority of them are now depending on regtech vendors.

The Current State of Regtech Regulation

Regtechs do not have any specific regulatory framework for them. These companies do not even fall under the category of fintech as they do not provide any financial services themselves. They only provide B2B services to streamline regulatory compliance.

“The prevalent model of RegTech regulation today is indirect regulation: meaning, the regulators are obligating the regulated entities to make sure their outsourced functions are fit-for-purpose,” Remonda Kirketerp-Møller, the Founder and CEO, Muinmos said.

“This is done, mainly, through all types of outsourcing guidelines. Sometimes regulators will also provide some technical standards and/or guidance as to the nature of the outsourced activity.”

Primarily, RegTech companies are now subject to due diligence processes and different levels of audits from customers in response to their regulators’ specific requirements and/or inquiries. These mostly fall under a self-regulatory environment.

However, RegTech companies could be held responsible for any shortcomings in their offerings under the “traditional laws of contract and false advertising.”

John Joy, CEO and Managing Attorney at FTI Law
John Joy, CEO and Managing Attorney at FTI Law

“If you hire a RegTech company to ensure compliance with a particular law, if they fail to uphold their obligation, your only recourse is likely to be through suing them for breach of contract, or potentially false advertising,” said John Joy, the CEO and Managing Attorney at FTI Law.

“This means taking an expensive court case against them and hoping that the contract you negotiated with the company will allow you to bring suit.”

However, there are some grey areas in which regulatory intervention can be possible for any breach of the standard by RegTech companies. Major regulators like the United States’ Securities and Exchange Commission (SEC) might take action against any false promises by regtech firms, but again, these are not proper regulations.

Is Regulation Necessary?

Regulation brings heaps of extra work to any company, but they help to build trust. And, when it comes to RegTech, this trust in their infrastructure is crucial as they are helping others to become compliant. Any lapses in the regtech infrastructure would result in the non-compliance of their clients.

remonda-kirketerp-moller
Remonda Kirketerp-Moller, Founder and CEO, Muinmos

“It’s a no-brainer as far as I’m concerned,” Kirketerp-Møller said when asked about the question of the necessity of regtech regulations.

“If RegTech firms are regulated, this would give reassurance to financial institutions wishing to outsource relevant aspects of the compliance function to RegTechs. Essentially, it would really drive the RegTech sector forwards, help the best companies within the sector to succeed, and ensure that fast, compliant and efficient systems are in place 24x7 at financial institutions.”

However, everyone does not agree when it comes to regulations. After all, regulations often become a roadblock to growth, and the regtech industry is still in its growth phase.

“Regtech is an emerging industry, and while regulation is usually a good thing for companies, given the nascent stage of the industry, it is more likely to hamper innovation at this point,” Joy pointed out.

Focus Areas for Regulations

Regulation is necessary, but it might be viable to regulate the entire regtech industry at once. Regtech services vary, and so any proposed regulations on the industry should also focus on particular niches.

“The first areas that should be regulated are the ones it is the easiest to determine their quality,” Kirketerp-Møller said. Some of these areas include automated identity verification services or data sources.

She added: “As for the manner in which RegTech regulations should be implemented, I’d say one way to go is a 'family' of ISO standards, developed with EU, UK, US, and other regulators worldwide. The advantage of having RegTechs regulated this way is that it’s not country-by-country, which can be both onerous and expensive, it creates a global standard which is very important when one deals in global trade, and it also does not burden regulators with more duties and costs.”

Ultimately, the regulation of RegTechs is crucial and imminent. However, the regulators have to determine how they want to watch over the industry without hampering growth aspects.