Second Generation not Second-hand RegTech – A dozen key attributes

Once upon a time, you hoped the regulator looked elsewhere and not at you. Then you hoped your commitment to take action would be enough. And then you realised you’d left it too late. Now you’re running to catch up, but not sure you can. The harsh reality is you now have to prove that your company – or you - has made ‘best endeavours’, to prove it’s addressing the multitude of existing regulations. Many, if not most, regulations are principles-based, i.e. you have to be able to prove that you’re compliant – and be prepared to provide a legal argument to support your position. In effect, you have to show your workings-out in the margin. Simply re-tasking the back office to populate a spreadsheet and send it to the regulator every day does not make you compliant. 

There has to be a clear line of sight from the regulation to the evidence of compliance – we call this the ‘argument’, which lies at the heart of Evidology QED. Unless you can show how you decided which controls you have applied to which regulatory clauses, you have no plausible defence when trying to prove you’re compliant.

Once upon a time, you hoped the regulator looked elsewhere and not at you. Then you hoped your commitment to take action would be enough. And then you realised you’d left it too late. Now you’re running to catch up, but not sure you can. The harsh reality is you now have to prove that your company – or you - has made ‘best endeavours’, to prove it’s addressing the multitude of existing regulations. Many, if not most, regulations are principles-based, i.e. you have to be able to prove that you’re compliant – and be prepared to provide a legal argument to support your position. In effect, you have to show your workings-out in the margin. Simply re-tasking the back office to populate a spreadsheet and send it to the regulator every day does not make you compliant. 

Regulations are really like reference data: they are not static, they evolve over time. To make matters more complicated, there are ongoing case law judgements which need to be applied. We do this every day in the financial markets, applying reference rates to derivatives contracts. How does your RegTech solution deal with and provide evidence of regulatory change?

The spreadsheet was a first-generation FinTech platform, and now it’s also a first generation RegTech platform. Although it still has a place as a scratchpad, it can no longer be used to prove compliance. Many people still use it as a comfort blanket, but principles-based regulations are just far too complex for spreadsheets.

The approach of using ‘methodology catalysts’ to try and sell armies of junior consultants who are just trained to follow fragments of some grand ‘transformation’ process will run into the sand. This could be costly but, more importantly, will not get you to where you want to be. You need to be clear about the functional scope and time-to-value of how you approach compliance.  

Can your RegTech solution be reused across different regulations, and does it have specialised domain added value, or do you have to start from scratch for every implementation? Evidology has leveraged many framework and methodology constructs to provide its rich functionality to enable you to create reusable model templates for each domain it’s applied to.

Does your platform ‘actuate’ compliant behaviour in the enterprise, or does it merely provide pretty, embellished graphics as dashboards of some other platform’s efforts? Evidology’s approach helps you to create an ongoing culture of compliance.

Corporate CTO and Architecture groups failed long ago to impose consistent and meaningful enterprise standards because they were not allowed to use blackmail, physical violence or firearms. Many regulators are part of Government IT platforms that limit deployment or access rights even further. Understand and adapt to those constraints and bureaucracy. Second generation RegTech platforms must be able to be deployed either standalone, behind the corporate firewall, or on multiple industry standard cloud platforms.

Whilst the term Agile has become very stale and devalued in corporate parlance, it’s critical for second generation solutions to participate in continuous delivery processes rather than sitting at the end of a ’waterfall’ supply chain, trying to act as a final traffic light. It is not enough just to be a ‘reviewer’ – active contribution is key. To achieve this, next gen RegTech systems embed executable code or data analysis queries that are directly bound to the regulatory clauses and methodology steps which are used to achieve compliance.

Semantic technologies have been regarded as a ‘great opportunity’ for improving regulatory understanding and compliance. But take a close look at the semantic technology marketplace and the balance sheets of the surviving players before you leap.

Semantic technologies fare particularly badly when applied to principles-based regulations, where there are few sufficiently detailed domain-specific clauses for meaningful, machine-based interpretation.

Having only just got to second generation RegTech, it might seem premature to ask how we get to third generation, but technology evolves quickly, hence this point. Successful vendors need to foster an ecosystem of interchange formats which import, export and support third party tools, especially in academia and in specialised forms of risk computation. These two sectors will provide the leading indicators of how the industry will evolve.

Compliance is really about the decisions people make, which lead to physical and technical failures that cause actual or systemic harm. Systems that evidence root cause issues and their subsequent risks and impact are key to making progress on this.