We have used a very straightforward definition of RegTech in the creation of the RegTech Directory.
“The application of technology to help firms satisfy their regulatory obligations”
The RegTech Directory focuses on products that serve financial services, but we recognise that there are many products that focus on other industry sectors. We developed a taxonomy of RegTech products based on the types of regulation they address and the RegTech Directory is therefore organized using the categorizaton below.
Products in this category aim to address the challenges financial institutions and other regulated firms experience in complying with anti-money laundering, fraud detection and counter-terrorism financing legislation. These products provide solutions in the following areas:
- Customer Due Diligence – Know Your Customer, customer identity and verification, risk assessment
- Name / Company Screening – PEPs & sanctions, adverse media
- Transaction monitoring and suspicious transaction reporting
- Fraud – real-time monitoring
Requirements for regulatory reporting span many different types of data – from individual capital markets or mortgage transactions to aggregated capital adequacy and risk management data. This category includes products that address these requirements for a number of different regulations including (but not limited to) the following:
- Capital requirements and own funds reporting templates (known as COREP), based on the new EU framework for banking regulation under the Capital Requirements Regulation and Capital Requirements Directive (CRR/CRD IV)
- Complying with regulatory reporting requirements for IFRS-based financial reporting templates for supervisory purposes (known as FINREP)
- Markets In Financial Instruments Directive (& Regulation) II Transaction reporting
- EU Securities Financing Transaction Reporting (SFTR)
- Statistical Reporting e.g. for the Bank of England or ECB
- Basel 3 Liquidity reporting
- ECB AnaCredit
Market Integrity and Transparency
Financial markets are regulated in order to ensure they are fair, efficient and transparent. Types of activity that are prohibited under this regulation are insider dealing and market manipulation. In addition, regulations such as MiIFID II and Dodd-Frank aim to protect investors and facilitate greater market transparency. Whilst this is a broad category, products typically tend to focus on these sorts of activities:
- Market surveillance techniques such as holistic surveillance over multiple data sources including trade and order data, electronic and voice communications, and behavioural data in order to identify potential market abuse and misconduct.
- Niche players who specialise in spotting market abuse in specific data types (e.g. phone calls, messaging systems, crypto-assets)
- Data analytics products that surface insights and facilitate historic investigations (e-discovery)
- Suspicious activity detection
Regulatory change management and ongoing compliance monitoring is a critical activity for all regulated firms due to the volume, velocity and variety of regulatory changes. This category includes products that enable regulated firms to:
- Perform horizon scanning and ongoing monitoring of regulatory developments.
- Interpret, assess and analyse new regulations to determine their relevance and impact.
- Map changing regulatory rules to internal policies, processes and controls
- Manage the risks associated with the complex and changing regulatory environment and the deployment of that knowledge to the right people, enabling the right decisions at all levels of the organization
Category: Cyber/Data Privacy/Identity
This category covers products which address cybersecurity risks, data protection and data privacy and ensuring that the identity of all devices and applications within a firm’s are known, recognized and verified. Specific products may address one or more of the following:
- Protecting the privacy of electronic information and keeping it safe from damage or theft and enabling compliance with the General Data Protection Regulation (EU)
- Protection of networks and systems and data from cyber attacks
- Ensuring mobile devices and data are not misused from within companies (internal actors)
Regulatory Risk Analytics and Calculations
Several aspects of regulation require regulated firms to perform complex risk calculations, scenarios and simulations for various purposes such as pricing, capital allocation and stress testing. Firms are also required to perform calculations for prudential regulation such as Basel 3 and Solvency 2. Products that are listed in this category will help regulated firms solving the following problems:
- Performing complex risk calculations for regulatory requirements such as Basel III, AIFMD FRTB, Solvency II, & UCITS IV
- Running scenario analysis and risk simulations that require large amounts of computing power
- Providing auditability and transparency of algorithms used for both trading and risk management
Regulatory Data and Information Management
Before firms can accurately analyse or report on regulatory data, there is a lot of work to do to improve data quality, understand the lineage of individual data items and apply best practice data governance principles. There is also a drive towards the need for common, granular data models to break down organizational data silos. Products in this category provide solutions to:
- Managing risk and regulatory data to satisfy the requirements of BCBS 239 for data aggregation and harmonization and other regulatory requirements such as reporting or stress testing
- Automation of production of key regulatory information requirements such as KIDs for packaged retail and insurance-based investment products and the associated reporting
- Aggregation of data from numerous and disparate data sources
- Automation of data intensive processes such as reconciliations
- Proving the lineage and quality of data used for regulatory purposes
Compliance with tax legislation and reporting requirements is becoming more and more complex, particularly for firms that operate internationally. In addition, new regulations such as FATCA and the UK’s Making Tax Digital initiative have created the need for more efficient and streamlined technology solutions to deal with tax.
Products in this category tend to solve compliance problems that are either agnostic to specific types of regulation – such as training, marketing compliance, supply chain risk – or have solutions that span a number different types of regulation.
This category includes RegTech products that focus on industry sectors other than financial services (e.g. healthcare) and products where regulatory compliance is one of many use cases for the technology.