“While our vision remains the same, the way in which we are approaching regulation is transforming. The way we monitor and regulate is increasingly data-driven. Regtech offers us the opportunity to better detect, understand and respond to misconduct. Through increasing access to data and more sophisticated analytic tools, we can be more proactive and pre-emptive in understanding and addressing the risks we see. ”
— Greg Medcraft, ASIC in “The Fourth Industrial Revolution: Impact on financial services and markets”
Promise and potential
In my opinion, there’s a curious disconnect in financial services between Regulatory expectations and industry conduct. Sometimes, they are starkly disparate. Other times they appear to align so closely that the suggestion of any division seems ridiculous.
I see this alignment most obviously is the Institutions’ fervent embrace of the Life Insurance Framework and their willingness to assist the Regulator to reject ‘bad apples’ (an approach that is certainly much easier than addressing the barrels in which the apples are stored). In some other respects, however, the Industry’s alignment with the Regulator ebbs and flows. Even while they seem to agree on the destination, they take different paths and move at different speeds.
For example, consider regulatory technology (‘reg-tech’). Reg-tech refers to an ecosystem of platforms, applications and systems designed to better manage and monitor Participants’ legal and regulatory obligations. If you’re a licensee, for example, reg-tech promises to better manage some or all of the obligations imposed on you by s912B, the ASIC Act and the other applicable laws, policies, standards and guides.
ASIC, to their credit, have been articulating the need for reg-tech for some time. As early as 2013, ASIC observed in REP362 that the better licensees were embracing technology to significantly improve their compliance framework. A review of their recent releases identifies that their optimism may have been unfounded but the need for reg-tech has only increased as the burden of compliance, and the complexity of the relevant obligations, has similarly increased. You may remember that, in 2013, ASIC wrote
“[ASIC] therefore support the following initiatives that some … licensees are reportedly implementing:
(a) data analysis to help consolidate, manage and monitor risks at a licensee
and adviser level;
(b) targeted risk-based methodologies for choosing files to review;
(c) internal risk-classification methodologies for products on the approved
(d) rigorous training and competency checks of new advisers; and
(e) clearly documented consequence frameworks applied strictly and
consistently when advisers are deemed to be non-compliant.”
— REP 362 ASIC Review of financial advice industry practice: Phase 2
The alacrity with which some large Institutions have welcomed those technology solutions evangelised by the ASIC Chairman is remarkable. It’s remarkable both because they had allegedly already embraced “data analysis” and “targeted risk-based methodologies” and because the Chairman had also endorsed the CPA’s move into advice.
Cynicism aside, regardless of the motives behind the embrace of regulatory technology, it’s moved from being an obsession for compliance-nerds (relax, I take no offense) to a more widely-appreciated risk investment. In the same way that digital-advice is slowly encroaching on traditional advice markets (and subverting existing distribution models), reg-tech solutions like ours are enjoying similar successes.
The question is not whether reg-tech will be as popularly accepted as robo-advice is (it is already more widely accepted) but whether it will be more widely used and more effective.
The international research suggests that a significant proportion of larger financial services firms have invested in, or are anticipating investing in, regulatory technology, but few surveys address the substance of the technology, the scope of the service or the effectiveness of the systems. Reviewing adviser websites and social media in real time seems impressive except when you consider how few compliance failures are perpetrated by adviser websites and tweets. Nevertheless, technology (when coupled with experience and expertise) promises to help Participants avoid the scandals, failures and reputational disasters that have afflicted some Participants. It’s a trend to be celebrated. Stacey English and Susannah Hammond noted in Thomson Reuters 2017 “Cost of Compliance Report” that
“A third of all firms overall (33 percent) and almost half of G-SIFIs (48 percent) are expecting more compliance involvement in the assessment of fintech and regtech solutions in the coming year. This is in addition to the 48 percent of all firms which expect to spend more time in 2017 assessing cyber resilience in their firm. ”
— Thomson Reuters “Cost of Compliance 2017”
The Industry’s eagerness to invest in technological compliance solutions is both commendable and personally appreciated, but a measure of caution is required. The fundamental failure of most reg-tech “solutions” is that they are, in most cases, applications looking for a problem rather than automated solutions to real problems. Solutions should be “compliance driven” rather than “technology driven”. In my opinion, deep subject mastery (and proven industry experience) is much more important than awesome UI and proprietary workflow. These things are important, but reg-tech’s purpose is not simply to be promoted by Regulators and purchased by Participants; its purpose is to address conduct risks and regulatory burdens efficiently, effectively and in a way that improves the profitability and sustainability of the user’s business.
As a compliance expert, my advice to Advisers and Licensees is to embrace the technology that will improve your business and solve your problems. As a consumer, my advice to Advisers and Licensees is to remember that advertising and advertorials prove nothing but the capacity to fund advertising and advertorials. Speak to your Compliance experts about what they use, test your options and investigate what the reg-tech solutions offers beyond the vague implication of regulatory endorsement.
Embrace reg-tech but choose the reg-tech solution that matches the “nature, scale and complexity” of your business.
Think Different and enjoy all the benefits that good reg-tech delivers.