Businesses in the financial services sector have seen their compliance burden explode in the last decade. As this area of business comes under greater focus, and resources are put under significant pressure, so the desire to come up with an efficient and, if possible, cheap solution becomes ever more fervent.
So it is no wonder that the idea of RegTech has got financial services companies so excited. It offers the tantalising prospect of streamlined systems and processes which will address firms’ compliance burden, leaving them to get on with running their businesses. This should benefit everyone.
However, regulated firms need to consider what happens when RegTech goes wrong. Regulatory rules make pretty clear that the relevant regulated firm is responsible when it fails to comply with one of its obligations (whether as a failure of its RegTech or otherwise). Moreover, after the introduction of the Senior Managers Regime to all regulated firms, one or more individuals at those firms will be held accountable for failures.
This should not get lost in the general excitement about RegTech and the efficiencies it can bring. Regulated firms cannot outsource their responsibility and it is vital that this remains front of mind. The benefits brought by RegTech solutions may be sufficient to address these concerns, but this will be down to the judgement of individual firms and senior managers. Until there is regulatory framework around RegTech providers, firms looking to employ RegTech solutions will need to continue to read the small-print very carefully.
The Financial Conduct Authority (FCA) handbook, Prudential Regulation Authority (PRA) guidelines and the Bank of England rule book can amount to thousands of pages alone and it is estimated by the professional services group Duff & Phelps that some banks could spend up to 10% of their revenues on compliance within the next few years. The roll out of Mifid II and GDPR regulations this year highlight the constant battle to remain up to date.