As another year draws to a close in the RegTech industry, the sector is peering up at a new unexpected leviathan in its midst – Generative AI. The technology, virtually unknown in the mainstream at the start of this year, has created not just new opportunities but completely new challenges for the industry to grip its teeth into.
In the first instalment of a two-part review, FinTech Global looks back at the last year in RegTech to detail some of the key trends that have stood tall in the sector this year. In the first part, we hear from industry thought leaders who discuss topics such as AI, data, large language models and decentralised finance.
While not to underplay other trends in the RegTech market over the last year, as in most sectors – Generative AI has had a meteor-like impact on technological processes in the sector and has required new thinking to be born.
Patrick Conroy – global head of technology sales at ACA Group – made clear his belief that whilst the rise of AI this year has been powerful, it has been a long time in the making.
He said, “If we go back three or five years, people were very skittish about dipping their toe into AI, as they didn’t have any sort of practical understanding of what the technology was or how they would apply it within their firm.
“In the last few years, we’ve seen machine learning and natural language processing really become mainstream in both regulatory technology solutions and also in the capital markets, where our clients are finding interesting ways to leverage AI to drive the fundamentals of scale efficiency and effectiveness within their compliance oversight and monitoring.”
While companies have been using processes like robotic process automation in their backgrounds for quite some time, Conroy believes ChatGPT concepts have really pushed things to the forefront this year. What is really different, he believes however, is firms are now coming with use cases.
Conroy said, “Now these firms are thinking about how do we govern this and apply this and bring this into our firm and leverage this. A big piece of the focus for a lot of our clients is really a heightened focus on data harmonisation.”
In the view of Antoine Moreau, CIO of RegTech firm Regnology, the first visible impact of GenAI on the sector has been the realisation of the need to accelerate the transformation towards the public cloud to be able to structure a roadmap where AI and machine learning and GenAI are included.
Likewise, Chris Caruana – VP of strategy for HAWK:AI – believes that GenerativeAI has ‘taken the wheel’ this year. He explained, “There’s automation, and then there’s AI agents drafting narratives, consolidating large amounts of textual data, and seizing on a global buzz to “transform” the regulatory technology industry.
“The challenge that we’ve blown past as a community is that we’re asking an industry, which is more risk-averse than ever, to embrace AI agents taking over critical functions of their financial crime programs. See the friction?”
Muinmos CEO Remonda Kirketerp-Møller christened 2023 as ‘the year of the GPT’. She said that harnessing the power of Gen AI is something that is on the minds of every business these days, and RegTechs are no different. In her view, so far this has been done ina. Very minor way – and there are still privacy issues that prevent the use of public language models but ‘the options are exciting and this trend will probably be very prominent in the next year as well’ – at least until, she adds, the ‘next thing’ comes along.
One of the biggest knock-on effects of the Generative AI rise has been the awareness that has increased about AI in general. Dilip Mohapatra, CEO of Australian RegTech Cognitive View, waxed that ChatGPT has created a ‘huge awareness’ of AI and has helped businesses understand the technology’s possibilities.
He said, “Regtech adoption is increasing, and many businesses have taken the initiative to understand how it can help them reduce operational risk and cost. Gen AI Co-pilots are yet to be mainstream, but they provide compliance and risk professionals’ work. Compliance and risk decision-makers are keen to learn what AI can do for them but are equally concerned about the risk that comes with it.”
He expressed that as the regulatory bodies globally initiated the dialogue released draft policies around AI governance and compliance, its adoption has created seriousness amongst all businesses and sectors.
Another Australian RegTech – Arctic Intelligence, also had something to say on the technology, via its CEO Anthony Quinn. He said, “In terms of key trends, obviously everyone is talking Generative AI. In financial crime risk assessments, the space we are focused on, most financial institutions, even large ones, are conducting these using spreadsheets. So there is a maturity journey they need to go on first digitising away from a spreadsheet into a purpose-built platform, then automating via CSV or API uploads before AI or other capabilities will deliver value”.
Evgeny Likhoded – president of Corlytics – used his opportunity to stress that the use of AI in the field of compliance has advanced significantly, leveraging GenAI capacity to solve different use cases.
He explained, “It is becoming more and more crucial for the industry to stay up to date with AI developments. Recent surveys show that 41% of compliance professionals are already using AI, with the top popular use cases being improving policies and procedures, monitoring third parties and communications, keeping pace with regulatory change.”
A similar viewpoint was echoed by Nithya Das, the chief legal and administrative officer at Diligent, who mentioned that with keeping up with regulatory concerns a top concern for compliance professionals, technology that allows companies to streamline and simplify regulatory compliance – leveraging automation and AI – has been in high demand in 2023.
She remarked, “For example, Diligent and Ascent Technologies partnered to combine Ascent’s AI-driven compliance data with Diligent’s regulatory compliance management solution, allowing organizations to easily map compliance requirements to internal controls, policies, and procedures, enabling compliance at every organizational touchpoint. In an age of overwhelming regulations, automated tools are necessary to ensure your monitoring efforts identify potential non-compliance in a timely manner.”
Other industry thought leaders to express their thoughts of the AI raise include Encompass Corporation’s North America president Alex Ford, who stated that the focus on AI ‘was even greater than foreseen’ as ChatGPT, in her mind, ‘ignited imaginations and fears’.
On this point, Ford continued, “What this has told us is that there is a massive opportunity for RegTech to help, as AI regulation comes into focus and firms need ways to monitor regulation, apply regulations and prove they have done so.”
John Ogie Sheehy, founder and global CIO of ViClarity, also brought this topic to the forefront of the discussion – expressing that companies are looking to see how AI can help them be more innovative, and with the use of algorithms it can help with manual tasks and predict outcomes for large volumes of data processing. “While there are areas of concern about the use of AI in certain industries, the trend is now that businesses are more open to exploring this than ever before.”
There is also the rise of AI-driven solutions for compliance. RegTech firm MAPFinTech stated, “In 2023, the RegTech industry saw a surge in the development and implementation of AI-driven solutions for compliance. For instance, many companies adopted AI-powered analytics tools capable of processing vast amounts of data to detect anomalies, patterns, and potential risks in financial transactions. These systems not only improved the accuracy of risk assessments but also enabled proactive monitoring, allowing organisations to stay ahead of regulatory requirements.”
Data governance
If AI – and more specifically, Generative AI – was a trend that had everyone talking this year, the continuing rise and importance of data lies in tandem with this.
In the view of both Klaas Van Imschoot and Robrecht Vander Haeghen, product director and product manager respectively at Regnology – data governance as top priority for banks is standing clear as a key aspect of the last year in RegTech.
With the European Central Bank’s publication of the ‘Guide of Effective Risk Data and Risk Reporting’ on July 23 and the most recent publication by BIS on ‘Progress in adopting the Principles for Effective Risk Data Aggregation and Risk Reporting’ the Regnology pair believe adherence to the BCBS 239 principles is again a ‘top-of-the-mind concern’ in the industry and they expect it to get even more attention in the next years.
They said, “Data quality and data governance were also among the top themes during Regnology’s 30th RegTech Convention. Data accuracy, timeliness and completeness have been long-standing issues in the space of regulatory reporting and reporting in general. With the recent publications, top-level attention is going to these topics.
“Regulators such as the ECB are implementing strategies to detect issues by measuring the consistency, timeliness, and correctness of regulatory submissions over time. The ECB calls this the resubmission framework and we can expect similar measures to come into force at other regulators. This of course detects problems at the very end of the value chain.”
The product-focused pair also said that with Regnology’s software solutions, detection of data quality issues can be moved further ‘to the left’ on the value chain, thereby greatly reducing the cost of addressing the problems and enhancing the accuracy and consistency of the overall output.
They went on, “To address the regulator’s concerns in the space of traceability and data governance, Regnology’s strategy is to focus on detailed data lineage capabilities supporting the reporting process with an unparalleled transparency, combined with an embedded data catalogue to structure data ownership and the identification of critical data elements. In combining these functionalities, Regnology is poising itself as the ideal partner to address BCBS239 compliance in the reporting space.”
Unified surveillance
On the earlier topic of Generative AI, ACA’s Conroy linked this with a key topic for the firm this year – unified surveillance.
He explained, “If you were to go back to the mid 2000’s, everyone was pretty much on a best of breed approach, in terms of solutioning, their technology and diverse point solutions. In the background, what this created was a lot of disparate sets of data and a disparate set of workflows, as well a traditionally siloed approach to managing the different verticals of compliance and risk.
“Fast forward to the current state today and firms are looking across the organisation, they’re thinking about this from an enterprise approach. With respect to surveillance, they’re thinking about the ways in which they can increase the sophistication of their oversight, but identify meaningful results, reduce false positives, and really hone in on finding the needle in the haystack – and this has been exacerbated by a lot of new data sources that have been typically considered to be non-traditional.”
When considering where clients are headed and what they’re trying to focus on, Conroy believes over the next few years a lot of them are looking at trying to go after what was originally thought as the ‘Holy Grail’. This he explains, is how can firms bring enriched workflows and datasets across what have been disparate workflows and datasets to bring them together in a harmonised state.
He went on, “There’s been a lot of exploration on that, and a lot of clients have wondered whether the juice is worth the squeeze, and whether its even possible. What we’ve seen is a big uptick in the emergence of a heightened focus on driving scale within the capital market space – there’s been a couple of drivers to that, one is that compliance and risk are still somewhat challenged with respect to allocation of budget. Many times, they’re still tasked with doing more with less.
“There’s also a path to change the types of skillsets required. A traditional compliance practitioner skill set has normally been rooted in either a legal background or a financial background. But very often, it’s not complemented with a technology background. Over the last five years, we’ve seen the skillsets required have really done a 180, where there’s more of a focus on technology and complementing what have traditionally been the regulatory and the industry knowledge backgrounds.”
To deal with this, Conroy stated that firms have taken a variety of different approaches. They’ve either inserted into their teams technologists with strong business acumen, or they’ve looked for hybrid skill sets with people that are able to be multifaceted in terms of their overall ability to generate results and ROI.
A lot of the regulatory focus this year has surrounded the topic of communications, and off-channel communications has been a key one. “Where firms have historically been reliant on their policies and procedures to mitigate certain risks such as not communicating via communication channels, we’re seeing a heightened focus in terms of the attestations and certifications around those,” said Conroy. “Firms are now increasing their education internally on this, and a result of that is that they’re doing it on a more frequent basis.”
When it comes into the area of monitoring, this opens up a whole new set of challenges in terms of obtaining and synthesising that data and making sense of it in an effective manner.
Conroy went on, “Where our concept of unified surveillance really takes on a more transformative foothold within the industry, is that from a vendor perspective, a lot of firms have been thinking about the different types of datasets that clients would need. Our strategy at ACA has been really to scan across the population of industry, participants can really gauge their focus and adequacy to be able to solve for these challenges, and meet their prioritizations aligned with the regulatory focus.
“When we think about transformation, our focus has been on really taking an end to end approach or a unified approach to this. Our focus has been to really unify all of the data souces, build out the fundamental warehouse for all of them and then work on what the workflows would look like and the detection methodology to allow for a more streamlined and efficient way of monitoring and detecting.”
Tying this all back to the topic of AI, Conroy emphasised that with the emergence of applicability for NLP and machine learning and the way AI can remove false positives, this has empowered a lot of compliance practioners to look at things from a different angle they may have done five years ago.
He concluded, “Where I see the biggest trend on the heightened focus on getting this right is a tremendous amount of necessity to focus on the data itself, but many firms are now taking the challenge head on in terms of what are the building blocks necessary to get to the end state.”
In another statement related to unified solutions, Diligent’s Nas emphasised, “As the world transitions into a new era where clarity, efficiency, and innovation are paramount, it’s crucial to consolidate the disparate risk management platforms that currently fragment corporate visibility. Traditional tools like spreadsheets, siloed across various departments, are inadequate — the absence of a unified risk platform is itself a vulnerability, one that can no longer be overlooked in today’s intricate business landscape.”
The rise of LLMs
In line with the aforementioned rise of artificial intelligence has been the rise of large language models – also known as LLMs. According to Vell Herard, CEO of RegTech firm Saifr, a big trend in 2023 has been the adoption of LLMs by everyone, including financial services companies.
However, out of the box, Herard underlined that LLMs won’t product output that meets regulatory guidelines. A lot of compliance is now moving toward using models to help manage compliance risks.
He said, “I don’t think 2023 was surprising because models have been used for the last 30+ years for other kinds of risks such as marketing risk, credit risk, operational risk, etc. Consequently, there is a model risk management regime built by regulators and industry around their proper use. So, we expected there would be developments by both industry and regulators around model risk management.”
Blockchain and decentralised finance
Another couple of areas that have seen a considerable amount of focus this year have been blockchain technology and decentralised finance.
MAP FinTech explained, “Blockchain technology witnessed increased adoption within RegTech for its potential to enhance transparency and security. One example is the utilisation of blockchain in identity verification processes.
“Companies deployed decentralised identity verification solutions using blockchain to securely store and manage customer identities, ensuring compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) regulations. This technology allowed for a more efficient and secure exchange of sensitive information while maintaining compliance standards.”
The firm added, “However, unexpected challenges also emerged. The rapid growth of decentralised finance (DeFi) and the adoption of cryptocurrencies posed regulatory challenges that required innovative RegTech solutions. For example, RegTech firms worked on developing sophisticated monitoring tools capable of tracking transactions involving cryptocurrencies to ensure compliance with anti-fraud and anti-money laundering regulations.”