Modern FinTech saw the light of day with the launching of ATM machines in the late 60s. A few years later, NASDAQ was born, credit cards exploded and banks started to deploy mainframes and minicomputer computers to support their operations. The 1990s brought both the Internet and the consolidation of global financialization that accelerated Fintech’s development while financial regulations were either scrapped or severely limited in key economies. The 2008-09 Global Financial Crisis was a wake-up call to regulatory institutions that, as usual, were struggling to catch up with rapid technological innovations in the financial sector. Emerging technologies such as Bitcoin and Blockchains added more salt to the open regulatory wound. Enter RegTech (Regulatory Technology).
Avoiding systemic risks is one of the core targets of financial regulations. FinTech’s incessant drive to create new business models, processes, applications and products in an environment where regulation is minimal has the potential to generate systemic risks. Regulators must thus detect such potential before the domino effect takes over. In this light, RegTech is the counterpart of FinTech. It calls for deploying digital technologies for regulatory monitoring, reporting and compliance. 
Modern RegTech is still an emerging innovation. While using communications technology in regulatory processes is as old as the telegraph, applying new digital technologies is less than a decade old. Some academics suggest we are entering the third wave of regulatory technology, RegTech 3.0. Nevertheless, most regulators and those regulated by them included have yet to fully grasp RegTech’s potential benefits. Moreover, most might not even be aware of it, more so when regulation seems to be a dirty word in many contexts.
Indeed, there is nothing mystical about RegTech. Composed of a set of different digital technologies, RegTech is yet another powerful tool in the immense arsenal used to propel digital transformation in the public and private sectors. While its distinct trait is its focus on governance and compliance, RegTech deployment still demands a profound overhaul of the current business process used by regulators and the regulated to design and implement regulatory frameworks and ensure systematic compliance. Such a mapping will reveal not only existing redundancies, gaps and challenges but also pinpoint the critical bottlenecks that could be effectively bypassed by deploying RegTech strategically all around. However, it is also vital not to lose sight of the close links between the regulators and the regulated. Indeed, they are the opposite sides of the same coin. One cannot move in any direction without the other fully involved, providing a solid rowing arm.
RegTech core technologies comprise the usual suspects such as cloud computing, Machine Learning/Deep Learning, predictive analytics, data mining, NLP, biometrics and cybersecurity platforms, among others. RegTech allows for real-time monitoring while promoting automation and reducing regulatory costs. It also calls for the deployment of state-of-the-art technologies and the integration between legacy and new platforms. The resulting increased regulatory effectiveness and efficiency help sustain innovation while strengthening the links between innovators and regulators. If deployed successfully, RegTech can finally allow regulatory entities to keep pace with FinTech innovation. RegTech benefits are also critical. In addition to reporting and compliance, it can help with fraud detection, data management, identity management, surveillance and monitoring while augmenting integrity and transparency.
The most well-known RegTech tools include sandboxes and incubators and accelerators. The former allows for the controlled experimentation of financial innovations under the oversight of regulators who, in turn, learn more about FinTech’s inner dynamics. The sandbox is operated by regulatory entities and might require the creation of public-private partnerships for successful implementation (as regulators might not have the capacity to manage the technology part of the equation). However, sandboxes also introduce risks as, for example, both innovators and regulators might not be familiar with them. Moreover, successful experimentation of a new business model or financial product does not guarantee that all systemic risks have been tamed. Sandbox failure can thus lead to reputation loss for both sides. Singapore is an excellent example of sandbox deployment, while CGAP has developed a guide for policymakers on the topic.
Accelerators and incubators are usually run by the private sector, which works closely with a regulatory entity. The approach is different as the goal is to mentor financial innovators, support early-growth firms, and target specific product development. Links to the venture capital sector are also critical. Unlike sandboxes, where firm selection is more random, innovation here is propelled by completion among companies striving to develop the best model or product within a specified timeframe. And here, regulators’ risks are minimal when compared to sandboxes. The indisputable leader here is the United Kingdom.
Interestingly, while most countries have yet to embrace RegTech or assume that existing regulations suffice to manage FinTech, the U.S. and the EU have so far done comparatively little. Their approach is much more hands-off, intervening only when absolutely necessary. Needless to say, the level of financial development within a country sets limits for RegTech deployment. If financial innovation is still taking baby steps, RegTech might be an overkill.
RegTech is here to stay. And it can also be deployed in other sectors where regulations are critical and smart compliance might promote more sustainable innovation. Yet, those supporting more BigTech regulation have yet to use the RegTech card, which is not always red in color.
Raúl
