Regtech startups are saving firms billions in regulatory fines and displacing manual risk and compliance with cutting-edge technology.
Over 143 million Americans will be at risk of financial fraud for years following the Equifax cybersecurity breach, while an estimated 3 million Wells Fargo customers unknowingly had their digital identity stolen to open fraudulent trading accounts.
It’s been nearly a decade since the financial crisis exposed how a weak risk management framework and lack of governance can almost permanently debilitate even one of the strongest capital markets. Yet despite a massive regulatory overhaul following the crisis, recent incidents show just how vulnerable the industry still is when it comes to hackers, fraud, and mismanagement.
Looking at the top breaches since the financial crisis highlights some of the impacts that major gaps in regulation have on consumers.
To meet the need for better and more efficient regulation of businesses, especially for financial firms, an emerging crop of regulatory technology startups are building tools aimed at helping companies improve compliance, mitigate risk, and streamline processes.
In addition, regtech companies can help corporations avoid fines for non-compliance by keeping them on top of the growing levels of regulatory and compliance requirements. Looking ahead, if early adoption continues, regtech could play a pivotal role in predicting and preventing the next financial crisis.
In this analysis, we dive into the drivers behind the rise of regtech and spotlight companies creating regtech solutions to meet specific regulatory challenges.
Investments to regtech startups are on pace for a record year. Private market investors have poured approximately $5B across 585 deals into regulatory technology startups in the last 5 years.
The volume of regulation has created more surface area for compliance gaps. Firms’ resources are already strained keeping up with existing regulatory requirements. Regtech software is digitizing compliance procedures and eliminating the backlog.
Regulators have tightened their grip through new legislation and new regulators. Regulators show no sign of easing up, especially in light of recent risk incidents. Firms can turn to regtech companies to streamline compliance workflows and reduce the margin for error.
Existing infrastructure can’t keep up with regulation. New regulatory requirements are increasingly technical and data-oriented. Existing infrastructure is built on legacy code, not easily replaced, and can’t keep up with the technical requirements regulators are expecting. Firms are turning to regtech solutions for cheaper, scalable options.
The next phase of regtech. Today, solutions are complementing existing workflow. The next wave of regtech will leverage advanced technology like machine learning, natural language processing (NLP), and blockchain to replace old policies and procedures.
Looking ahead, we see companies increasingly turning to new regulatory technology to navigate the shifting regulatory landscape. (To see the companies innovating in this area, check out the 100+ startups in our regtech market map.)
What is regtech?
We define regtech broadly to include any technology and/or software created to address regulatory challenges and help companies understand regulatory requirements and stay compliant.
Companies in this space help customers meet compliance standards, ensure risk management protocols are in place, and put in place controls that actively mitigate risk.
This technology ranges from complementing existing compliance, audit, and risk workflows to replacing and wholly automating them through leveraging cutting-edge technologies like artificial intelligence, machine learning, and the blockchain.
While this analysis will highlight a few of the key drivers fueling regtech interest, it’s important to recognize that it is still early days in the category.
Using the CB Insights Trends tool, we see that the amount of media attention for the use of technology in both compliance and regulation is on the rise, from just a scant number of media articles a few years ago to being a much larger part of public conversation.
Below, here are a few of the most important drivers fueling regtech growth and adoption, as well as select startups addressing the gaps.
Driver 1: Increasing regulatory pressure has created more surface area for compliance gaps
The sheer number of regulations that the financial services, healthcare, and other major industries are responsible for tracking against is already daunting — and regulators show no indication of easing up.
For perspective, there are over 750 regulators globally issuing on average 201 daily regulatory alerts. The regulatory calendar captures the major regulations on the horizon for the next 5 years; however, the list could grow as new legislation is passed.
The graphic below puts the ever-growing surface area for compliance gaps in context.
Incumbents still primarily rely on legacy paper processing for compliance and additional compliance requirements are creating strain.
In the years following the financial crisis, the quickest solution was to increase headcount in audit, risk, and compliance, the critical control functions at a firm. However, because of tightening resources and the competitive talent pool for professionals in these fields, this is not a sustainable solution. Now, instead of throwing bodies at the problem, firms are pushing to digitize and automate manual workflows.
Startups like Ripcord, a robotic digitization software, are helping firms automate and replace their current paper processing and regulatory reporting systems. Ripcord’s technology uses natural language processing (NLP) to search records, certifies that firms are compliant, and creates a digital audit trail for compliance professionals and regulators to securely access data.
Driver 2: Regulators have increased jurisdictional oversight — and are using it to crack down on bad actors
Since the ’08 – ’09 financial crisis, the regulatory landscape has been significantly reformed.
Regulators now have more jurisdiction, as a result of legislation like the Wall Street Reform Act and Dodd-Frank. Oversight has also increased, through the creation of new agencies and initiatives like the Consumer Finance Protection Bureau (CFPB), which was established to protect consumers.
Complicating compliance further, regulators have independent regulatory mandates — meaning they create their own requirements, which tend to overlap.
For example, in the US there are approximately 15 regulators that oversee the financial services industry. As shown below, depending on the type of entity, firms can have multiple regulators overseeing them, and may need to meet various types of requirements.
Regulators are exercising their new oversight by increasing the costs of non-compliance. Since the crisis, financial services firms have paid over $321B in misconduct and mismanagement fines to regulators globally.
Regtech can help simplify the landscape and help firms avoid fines for missing requirement deadlines by creating dashboards to track regulation and requirements.
FiscalNote, for example, offers a platform that synthesizes regulatory data from legislators, lawmakers, regulators, and news outlets, based on a client’s profile and preferences, to alert firms to applicable items. These tools help firms cut down on the time and resources required to decipher new laws and regulatory requirements. FiscalNote raised a $5M Series C-II that included NEA, Visionnaire Ventures, and others in Q1’17.
Driver 3: Non-compliance continues to plague the industry
Despite the stricter costs of non-compliance, new scandals continue to emerge. As noted above, Wells Fargo has been riddled with scandals, including “widespread illegal” sales practices that included fraudulently opening over 3 million deposit and credit card accounts without customers’ knowledge.
In September, the firm neither confirmed nor denied the charges, but agreed to pay a $185M fine issued by the U.S. Office of the Comptroller of the Currency, the CFPB, and the city attorney.
Since then, CEO John Stumpf stepped down and the firm has gone under investigation for fraudulent auto insurance practices, namely misrepresenting GAP insurance. Wells Fargo is now also under investigation by federal prosecutors for suspicious foreign exchange trades.
Wells Fargo is just one example of firms making headlines for fraud, suggesting the industry still lacks sufficient preventative controls and oversight.
Centralizing requirements is another way regtech companies are helping firms move from reactive to proactive in keeping up with requirements.
Software providers like Fenergo offer customers an out-of-the-box repository of rules. Clients identify their legal entity type, jurisdiction, legal entity role, booking entity, and products offered, and Fenergo’s platform returns relevant regulations, requirements, and actions the firm needs to take to be compliant with its respective regulation.
Fenergo has raised $80M in equity funding from Insight Venture Partners, Investec Ventures, and Aquiline Capital Partners.
Driver 4: Regulators are raising the technical bar on compliance requirements
In light of regulators increasing the technical requirements on firms, manual ad hoc reporting is being overhauled.
As firms are required to implement data analytics, quantitative risk modeling, real-time reporting, and more, they are turning to regtech to comply. This is in part due to the high costs associated with overhauling existing server-based infrastructure, as well as firms’ concerns about the risks associated with gaps in existing technology.
Regulators are also generally not prescriptive about what firms should do to meet new requirements. Ambiguous requirements layered on top of legacy systems are two more reasons many firms are now looking externally to partner with software providers. Regtech startups are cheaper because they operate in the cloud, are more agile, and can scale to meet the shifting regulatory landscape.
To help beef up the technology stack, regtech companies are creating software to automate compliance workflows. This includes companies like WorkFusion, which provides a suite of automation software that digitizes documentation, centralizes data, and provides a secure portal to transmit information across various industries.
WorkFusion raised a $35M Series D in Q1’17 from Georgian Partners, Greycroft Partners, iNovia Capital, Mohr Davidow Ventures, Nokia Growth Partners, RTP Ventures, and Wildcat Venture Partners. The startup will use the funding to expand its offerings, adding features like sanctions screening and reducing false positives in the know your customer (KYC) process.
Driver 5: Firms push for standardization
The complexity of the regulatory landscape has firms calling for regulators to standardize requirements. The regulators, in turn, have begun to collaborate with each other, as well as with startups.
Regulators are forming working groups to help consolidate requirements and cross-educate. They have also started to push to adopt new technology internally.
One positive outcome has been the creation of internal sandboxes like the CFTC Lab and the CFPB’s Project Catalyst to provide resources and promote technological experimentation across the industry.
The future of regtech
Today, many of the regtech solutions gaining traction with customers are complementary. These technologies bring efficiencies to workflows through digitization and streamlining.
Going forward, the next wave of regtech innovation will be leveraging AI, machine learning, natural language processing, and blockchain technology to replace existing processes and people entirely.
Regtech could also play a role in providing assurance and compliance on the blockchain. One-way regtech on blockchain is being leveraged to create a distributed ledger audit trail.
For example, Elliptic is an early-stage company that has raised $7M in total funding from Santander InnoVentures and others to build an audit trail for Bitcoin. Elliptic’s proprietary identity database contains millions of Bitcoin addresses across thousands of global locations. The startup flags illicit activity on the Bitcoin blockchain and is leveraged by Bitcoin companies and law enforcement agencies.
In the future, regulatory technology could wholly automate and replace existing regulatory compliance policies and procedures. The short-term impact may be to help firms switch from passive to proactive regulatory interpretation and response. In the longer term, regtech solutions could reduce the need for human or centralized intervention for firms, and perhaps even for regulators themselves.