Notes from: How to build a robust AML RegTech ecosystemnotesfrom
Webinar: How to build a robust AML RegTech ecosystem, presented by Napier and Know Your Customer
Date: 24 Jun 2021 – 10 am BST (5 pm GMT+8)
- Julian Dixon, CEO, Napier
- Claus Christensen, CEO, Know Your Customer
- Wendy Langridge, Chief Regulatory Officer, BCS Global Markets
- Sian Lewin, Co-Founder and Head of Client Delivery, RegTech Associates
- Phil Cotter, Group Head Customer and Third Party Risk Solutions, Data and Analytics, London Stock Exchange
Disclaimer: As the title of this post states, these are my notes from and reflections on a particular Webinar. In many cases, I am not quoting panelists or speakers verbatim, which can lead to misinterpretations of what was actually said, or intended to be communicated by, the speakers and panelists. Where this happens, the error is wholly mine.
(I really should pay more attention when I’m in a Webinar, hopefully doing these notes entries takes me a step in that direction.)
At some point in the last year, the term regtech seems to have shifted to mean technology intended to support regulated entities’ compliance with regulations; the last time I heard it, it meant technology intended for regulators. Or did I just misunderstand it? Regtech hasn’t really been much on my radar as it was relatively new to the Philippines when I wrapped up work on Seedbox.
Not so in the UK, where RegTech Associates has seen fit to put together a RegTech directory, and apparently 800+ firms have made the cut. This is not surprising; the UK has long been a financial center, and despite the chaos brought about by Brexit, it remains one of the financial capitals of the world.
My notes and takeaways from the Webinar:
- The dominant mode of engagement between financial services firms (let me just use the term banks for simplicity, although this is absolutely not restricted to banks) involves the banks engaging with multiple regtechs as a best-in-class or best-fit strategy. This amounts to a regtech “stack” which should be managed appropriately. For regtechs, this means they must learn how to partner with others strategically. Who regtechs partner with, and the terms of engagement with these partners, can determine how successful it will be.
- While regtechs often present themselves as being able to do everything required for compliance, this is not necessarily true. Bank partners should be careful to ascertain how much the regtech is actually able to deliver against the regulation.
- One commenter in the chat complained about having to parse through so many options with regard to regtech solutions.
- Bank procurement cycles run long – on average, 18-24 months – and this can cause problems for the regtech, particularly when the regtech is not well funded. Speaking from a personal perspective, this is a real risk that is faced by local banks and other financial institutions (FIs) engaging with startups. The FI should have clauses in its contracts that obligate the startup to transfer or at least sell its technology to the FI in case of insolvency or business closure.
- There is also a disconnect between the product development cycles of banks (I’m back to using the term for UK institutions now) and regtechs. In particular, sprints were discussed – the average sprint of a technology firm covers between one to two weeks of work, but product development cycles for banks run much longer than that. The panelists discussed having regtechs rework their sprints to cover a longer stretch of time – perhaps between four to six weeks to address the difference.
- The panelists discussed feature sets and how non-core featuresets are sometimes dealbreakers in regtech offerings to banks – this includes features like single sign on, information security certifications, and so on. This is something regtechs should be aware of, and they may need to adjust in order to make the sale.
- Banks should have change management systems in place, as implementing new technologies is remarkably disruptive. Regtechs need to be good at educating their customers about their solutions.
- There was a brief discussion as well about the conflicts between the challenges of compliance with data privacy regulation and with AML and financial crime compliance. The panelists cited the case of Europol having been banned by the EU government from involvement in FIU.net – a tool central to AML/CFT efforts in Europe – for failing to comply with GDPR requirements. (I think there’s enough write a whole #mindfluff piece about, so I’ll say no more here.)
I signed up for this Webinar quite late – almost the day before – thinking I would perhaps pick up one or two insights about building a regtech startup. I left it with many thoughts about the Philippine market. Taking into account the limited budgets local firms can bring to bear for acquiring regtech solutions, can a locally founded regtech solution flourish? And yet, can the local market reasonably thrive without engaging with regtechs? In the end, it may boil down to simple economics. The regulators are keen to drive compliance among FIs (“the carrot and the stick”) and imposing higher fines may settle the matter definitively by making it more expensive to not have regtech than the alternative.