Latest Products

RegTech and Adaptability

Thursday 19 January 2017

Republished from the December 2016 edition of the Quarterly GRC Professional: The Rise of RegTech.

RegTech seems to be the new buzzword. While the term might be new, however, the philosophy of regulatory technology has been around as long as firms needed technological solutions to increasing regulatory costs. Regulations have doubled since watershed moments like 9/11 and the global financial crisis.

Julian Fenwick, CEO of GRC Solutions, spoke to GRC Professional. “I think there are a number of things driving the hype,” he said, “but let’s start with the increasing cost of compliance, and the size of the fines that have been applied to regulated entities. Those two drivers have meant there is increased investment into regtech, and that has increased the open-mindedness from potential buyers to look for the efficiencies regtech can provide—whether from a training point of view, or when understanding KYC, technology or ways to streamline how compliance is done in organisations. NAB increased their compliance spend form $86 million in 2012 to over $265 million by 2014
[i]. There is a huge amount of money in the business now that clients are spending and people are investing.”

Where did regtech begin?
“I’ve been in the business since 1999,” Fenwick said. “That’s almost 17 years. Certainly, during that first ‘dot-com’ bubble, we were looking at ways to deliver legal information better, faster, cheaper…though we called it Legaltech back then.”

Fenwick explained, “We developed a whole lot of different platforms, and some were expert systems to help organisations manage things like advertising compliance and trade promotions.” He added that this involved taking the marketing people through a question-and-answer—as an “almost quasi-legal sign-off”—through to online training platforms and plain English legislative databases.

“Now, you’ve got investment in screening technologies with vast databases, artificial intelligence tools, and systems with embedded predictive analysis and machine learning,” Fenwick said. “I think that goes hand-in-hand with the increased cost of regulation as well as the competitive threat posed by the FinTech sector forcing financial institutions to look for efficiencies.”

He said the development of regtech technologies changed significantly since the dot-com bubble, and some of the technologies simply did not exist then, such as broadband. Now, perspectives have adjusted to include the existing technology.
“Certainly, back then, we were talking to IT departments that would never have let us put anything outside of their firewall. These days, they beg us to have things that are cloud-based”, Fenwick stated.

These days our business is developing adaptive eLearning technology. When you look at the costs of mandatory training in highly regulated industries, the main cost is the hours of staff time taken up with training. By recognising prior learning, we can minimise that burden saving organisations millions of dollars in lost productivity. At the same time, we are improving engagement and training outcomes by offering staff interesting content that they haven’t seen year on year before.
He added that vendors are now more attuned to having open APIs (application programming interfaces) between their platforms so they can talk one another. There is also talk of regulators and banks opening up their systems with API’s to allow for better sharing of data or “data democratisation”

Governments and banks are also looking at the open API issue, however there are valid concerns around data governance standards, higher potential for fraud, and liability issues that will all need to be dealt with.

“So I don’t have to build an end-to-end piece of software, I can just do what I do very well and plug into somebody else’s learning management platform and risk management system, and somebody else’s HR platform, and that way, take all that information on the existing platforms, without creating duplication of data and effort” Fenwick explained.

He added that this method has a number of benefits in itself:

  1. We can think about focussing on our speciality, knowing that other people are focussing on other areas.
  2. When we are talking to other organisations that may have incumbent systems, we’re not asking them to throw out everything they have already built. We’re just adding on another layer, or plugging into that existing layer and enhancing what they already do.

Fenwick said the growth and development of regtech is the market meeting the demand. And yet regtech should not be used as a substitute for organisations becoming more efficient when creating internal policies to avoiding breaching regulations.

Data governance, regtech and changing perspectives
“You’re dealing with what might be considered very sensitive information,” Fenwick continued. “You have to adhere to certain protocols, and that might mean your servers have the highest levels of security. Or, it could be you are dealing with anonymising data,” he added. “Do I need to know that the person who just did their anti-money laundering training is the CEO at Macquarie Bank? No, I don’t. All I need is anonymised data that can pass that result back to me.”

Fenwick said that what he did need was to understand the profile of the individual. This falls into the conversation happening more globally about data-sharing and who should have access to the data in question.

“It’s like what is happening at the moment in Singapore,” he said, “where the banks are saying why do we each have to do our own PEP (politically exposed person) screening? Why can that not be centralised, if every bank is screening people? Why isn’t that the responsibility of the Monetary Authority of Singapore, or some other body that could be centralised and save everybody time and money screening against the same criteria, or making mistakes? For example, you might be screening someone who meets some of the criteria, but not all, and so they get through. But the bank up the road already knocked them back.”

He added that it was no different when you used to have to show your driver’s licence to get into nightclub, in case you got chucked out of one just down the road.

“Why can’t we do that in banking?” Fenwick asked. “I think the question has been around privacy, and around data governance, but we are getting to a point where we can have secure communication between systems.

“We can’t 100% guarantee security, but if that information is communicated at the same level of security that it would be internally, then we haven’t changed the risk level?”

The regtech question
Looking at the other RegTech businesses out there we are all working with a combination of knowledge management and technical innovation. “I think it’s an interesting combination of ‘are we a tech business? Or are we content business?’ And we have to be both,” Fenwick said. “We have to be good at both. I think that can be a bit confusing to the market at times. Are we a publisher? Are we a consulting business? Are we a tech start-up? I think it is a bit of everything, so don’t define yourself as one or the other.”


Julian Fenwick is the Managing Director and founder of Governance Risk & Compliance Solutions. He is also the CEO of Better (US) Incorporated, and one of the founders of the International Regulatory Technology Association (RegTech).
Julian moved into the regulatory compliance industry in October 2000. Since that time he has been instrumental in the development of the online compliance training industry in the APAC region.  He has also been influential in the design of a number of other compliance technology platforms.
Julian is a regular presenter in Australia and Asia on innovation, entrepreneurship, RegTech, and managing organisational compliance. He is an enthusiastic supporter of the Australian start-up community with a particular interest in adaptive eLearning technology.

Julian holds a Masters of Business Administration from the University of Sydney and is a graduate member of the Australian Institute of Company Directors and a member of the GRC Institute.