RegTech took 2019 by storm. After several years of slowly building momentum, it looks like it has moved into the next gear, with more capital being deployed to the sector and more financial institutions adopting the services.
In just the first three quarters of 2019, a total of $6.5bn was invested into RegTech startups around the world. Comparing this to the $4.4bn which was raised in the whole of 2018, or the $1.8bn secured in 2017, it shows how far it has come.
One of the reasons the sector has been able to take form is largely down to the sheer number of regulations entering the market these days. This year has seen regulations like the Senior Managers and Certification Regime and the Second Payments and Services Directive (PSD2) come into force and the further enforcement of legislations such as the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA).
The industry has been rife with new regulation and company launches, updates to existing legislation, investments into companies, partnerships and acquisitions, and much more. As the year comes to an end, we have looked back at some of our most read articles to see what issues were at the top of our readers minds.
How is the market reacting to AML5?
The final implementation date of the 5th Anti-Money Laundering Directive (AML5) is not far off, with member states needing to be ready by January 10 2020. The regulation differs from its predecessor in various ways but is not a drastic overhaul. Some of the new requirements are that credit institutions and financial institutions will be banned from keeping anonymous accounts, passbooks or safe-deposit boxes, and existing ones are subject to due diligence. Other changes include a lower limit of €150 on prepaid cards and cryptocurrencies will be subject to the same AML checks as other providers.
Earlier in the year, we spoke with ElectronicID CEO Iván Nabalón to discuss how the market is handling compliance with the new regulation. Overall, Nabalón was optimistic with the regulation stating the business opportunities presented are so substantial, financial institutions will adopt the standard significantly before the deadline.
He said, “In light of other more relevant policy priorities, implementations in the AML sphere by local EU member state regulators are prone to being produced by the cut-off date. In our conversations with regulators and reviewers, they are grateful that financial institutions are starting to place new community legislation at the heart of their new projects.”
To read the full story click here.
Unmonitored video communication is a growing ‘blind spot’ and firms shouldn’t wait for regulators to point it out
With the growing regulatory environment and a greater onus on protecting clients and their personal information, firms need to ensure their compliance systems are strong and capable of new monitoring processes. Balancing communication compliance solutions for both legacy systems and new environments is one of the biggest challenges facing financial institutions, according to Theta Lake founder and CEO Devin Redmond.
Video is becoming an increasingly popular method for companies to communicate with customers but also internally. Research from Biteable claims social video generates 1,200% more engagement from users, meaning financial institutions cannot afford to avoid the communication method. However, existing communication monitoring tools were not designed for video and simply taking a transcription of what is said is not enough for compliance. Firms need to find better ways of monitoring the video.
Redmond said, “Vendors investing in video to capitalise on the obvious benefits, are met with new compliance requirements. If you try to use your legacy technology which is not designed to handle video, it will not work. It cannot figure out if somebody held their personal data up to the camera, misses if the firm’s employee did something risky, or had something displayed behind them in the background.”
To read the full story click here.
The real GDPR risks lie with SMEs, not corporates
The General Data Protection Regulation (GDPR) seems to have become the big villain of regulations. When it was implemented in May 2018, the news was dominated about how it was going to impact the industry and the heavy fines which would be issued on a near daily basis. The future, which was foretold has not come to pass, but that does not mean there have not been enforcements. Earlier this year, British Airways was fined a hefty £183.9m by the UK’s Information Commissioner’s Office (ICO) after it was found of card skimming to collect personal and payment information from customers.
Its not just the big firms to be hit with financial penalties. Sergic, a real estate marketplace startup, was forced to pay €400,000 for its compliance failures. Compliance Compendium CEO Jonathan Jacob told RegTech Analyst that a misconception is brewing with some SMEs that they’re too small to be fined by the ICO for data protection failures, but that’s not the point, it’s their legal obligation to make sure they are compliant.
Jonathan Jacob said, “Before the start of the regulation, I think there were many people shouting from the rooftops in similar way to the “year 2000 bug” (Y2K) and even saying that this was the Y2K for data. A data watershed, so to say. I was very adamant that this would not be the case and sceptical about their motives for saying such things. However, it certainly was a date to take seriously because it’s the date that companies needed to start treating data held on individuals with respect.”
The regulators may have been lenient at the start but as we approach the second year of enforcement, crackdown on compliance will only get stronger.
To read the full story click here.
Insurance companies cannot risk overlooking the importance of compliance
A lot of attention in the RegTech world is given to the financial regulations but little is given to those impacting insurance. According to Priscilla Cournède, head of group prudential and regulatory developments at SCOR, the insurance industry is relatively more focused on developing products and serving clients than further developing its compliance framework.
Between 2014 and 2018 there has been more than $10.9bn invested into the RegTech sector, of which just 1.1% of this has been distributed to companies supporting Solvency II compliance. Priscilla Cournède said, “Solvency 2 led to a quite positive evolution of the insurance space by spreading a risk-based approach. It let insurance companies to analyse their portfolio in depth and strengthen their governance. However, now, the industry would rather focus on developing products and serving clients than developing further its compliance framework.”
Solvency II came into effect in 2016 with the main goal of improving protections on customers, modernising the supervisory review processes, increasing competition among EU insurers and improving market integrations.
While there is more work to do with the regulation, Cournède sees as the biggest regulatory burden facing insurance at the moment. The reason is because it impacts all areas of the business and goes beyond just accounting, actuarial and IT.
To read the full story click here.
PSD2 open banking; What does it all mean and where is it going?
The EU directive PSD2 has had a tough year. Firms were frantically trying to get their systems ready for the implementation date of September 14. The regulation was massive shift for players in the financial world. It meant data owned by banks was no longer theirs as consumers had gained the right to choose how their information was used and if it was shared with third-party providers.
Konsentus CCO and co-founder Brendan Jones spoke to RegTech Analyst earlier in the year to discuss the direction of the regulation and whether firms would actually be ready.
The main takeaway from the interview was that implementation would be very different in each country. Some will be quick to adapt to the new needs while others will take longer due to cultural mentality, legacy systems or existing infrastructure.
He said, “I think you’ve got to look at this on a country by country basis. For example, here in the UK, when the regulations start in September 2019 requiring FIs to be fully live, I think a lot of the industry will be ready. But I think it will be a very slow burn for consumers to adopt the services and it will take time for them to gain confidence that the services are indeed delivering better financial value and that their information always remains secure.”
To read the full story click here.
Copyright © 2018 RegTech Analyst