RegTech is real and 120+ startups to prove it

Thanks to all contributions and suggestions, please see below the updated RegTech list. The list now includes well over 120 companies and has been categorized into 11 categories.

Not new, but in fashion

Clearly RegTech is nothing new; incumbents and technology companies have invested in regulatory solutions for many years, but RegTech as an interesting investment theme has emerged only in the last year and is now really becoming mainstream. For example, I have attended and been part of panels at 3 RegTech conferences already and I see many more being organized. Also, after some of the early bloggers (such as Devie Mohan and the team at Lets Talk Payments), I see many more blogs and my previous list has been re-used many times (with or without a reference :-) — I am sure some smart business people have found a way to sell this list).

Not a threat to financial services companies, but a valuable partner

As opposed to FinTech which is generally seen as early stage companies looking to disrupt financial service companies, most RegTech companies solve problems faced by incumbents which results in much greater willingness to engage in conversations and partnerships.

Removing the bottlenecks to innovation

Hopefully, RegTech being in fashion will speed up the delivery of solutions which today are hampered for 2 key reasons. First, there is a limited amount of venture investment in the space. If you exclude investments made by incumbents and established technology providers, less than $200m per annum has been invested in early stage RegTech startups (see also funding below). Given the attention, the space now has and first concrete examples of successful early stage companies. I already see much more interest from VCs, and I believe the amounts of funding will increase significantly over the next few years.

Second, the long sales cycle of selling a product to a financial services firm can be an inhibitor for startups. Probably an unintended result of regulation, financial firms have become very conservative in working with new(er) external vendors. Here is where firms and regulators have a responsibility to catalyze innovation by collaborating with interesting solution providers at an early stage (and not subject them to countless procurement requirements; these can be addressed at a later stage). Also, financial firms should see the value of collaborating early with technology firms in terms of changing their own culture and should not hesitate to pay startups for pilots to ensure they are also motivated to a success.

Not hibernating

The acquisition of Promontory by IBM also shows that existing technology companies see RegTech as an interesting area. I haven’t spent much time in my blogs on what major technology companies like Accenture, Bloomberg or IBM offer (neither what incumbents are building themselves) but clearly they are not hibernating and working on their own solutions.

Regtech is broader than FinTech

Regarding categorization, there are now 11 solution categories and I have now also included a category for non-financial RegTech (financial services may be subject to a lot of regulation but are certainly not the only regulated industry). So, even though most focus today is on RegTech being a sub-segment of the FinTech ecosystem, it is actually a broader layer with interesting solutions also being developed for other industries.

Data (quality) is king

A general theme for RegTech is that it all starts with data and almost all solutions have a form of advanced data analytics. At the same time, due to their legacy systems and acquisitions, financial firms have notoriously bad data quality and can only dream of aggregated “data lakes.” For those firms that do have their data organized properly, I can only imagine the insights you could attract about your business and customer needs as well as achieve much higher efficiency levels. Financial firms that manage to make this transition will have huge competitive advantages and potentially even lower regulatory requirements.

Financial Services = Financial Technology

As leading FinTech investor Pascal Bouvier stated months ago, we are currently in the second wave of the transformation of Financial Services firms into Financial Technology companies. While the first wave was concentrated on the potential of startups developing technology that would take down traditional banking models, the second wave has seen startups working with incumbents to provide viable solutions. Especially in RegTech, there are many examples of successful collaborations and partnerships between startups and incumbents.

Get ready for the third wave, which Pascal believes is just around the corner, which will show the application of emerging technologies, such as artificial intelligence and robotics, and the likely entry into financial services of large tech companies like Facebook, Apple and Amazon. I believe RegTech will play a major role here as well, both as service provider to FinTech and catalyst for new products and services.

London and New York dominate

As I mentioned last time, the UK and US still have the greatest number of different startups and diversity of problems being tackled. Given the UK’s Financial Conduct Authority pro-active approach to innovation, I am not surprised London is at the top of the list. As fellow RegTech investor Michael Meyer has said many times, regulators need to foster innovation and push financial firms to embrace working with early stage innovators. I am surprised though with the relatively low number of startups in Asia and still am very interested in even earlier stage startups that look to develop a RegTech solution. Feel free to keep contributing and suggesting names to me in the comments or directly to me.

Limited funding so far

As an indicator of the stage of development, I have included the stage of last funding round per company based on public information on Crunchbase or from the company itself. The ones without funding information have generally been self-funded so far or are relatively early stage. Interestingly out of 127 companies, there were 9 Series B, C, or D rounds; 8 Series A rounds and 20 seed/venture rounds. If I add up all the external money raised by these companies and where no information was available include a proxy $0.5 million, the total amount would be around $950 million for the last 4–5 years; so around $200 million per year which seems small in comparison to the billions that are spent on regulation annually within the financial services industry.

Incomplete and imperfections

Some of companies on the list have solutions for multiple categories, but I have still only included them in 1 category. Also, as mentioned previously, the list doesn’t include existing technology developed by incumbents or major technology providers.

Bright future

For an industry which is transforming into a technology industry, the future is very bright. The application of emerging technologies will not only make processes more efficient but also lead to new products and markets and may even allow previously unprofitable client segments (e.g. lending to small companies or self-employed individuals) to have (better) access to financial products. However, in order to get there, we will need regulators and incumbents to embrace change.

As always I’d love feedback on this and please keep suggesting companies.

Jan-Maarten Mulder is an early stage venture investor in FinTech & Data companies across Europe and a former banking and finance executive.

NB: if you are (or know) a business development / sales professional with broad experience selling regulatory solutions to financial services companies, please let me know since I see a lot of new RegTech initiatives looking for quality candidates..

Comment per category / key trends

Market Surveillance

Any participant active in the global capital markets is looking for an advantage. Unfortunately, in some cases, such advantages are unlawful such as insider trading or placing “fake” orders to manipulate prices (spoofing). New tools are being developed to monitor participants and to identify nefarious behavior based on trading data and contextual information such as market information, newsfeeds but also chats and email. Ancoa and Sybenetix* are examples of companies in this space. The most promising companies often combine advanced data analytics with behavioral science to provide faster and more efficient ways to manage conduct. One of the hardest elements of market surveillance is to limit the number of false positives — nobody wants to analyze countless false notifications. As new regulations extend surveillance to more activities and asset classes, traditional technology and methods become prohibitively expensive. In addition, aggregating chat and voice communication by traders across multiple channels and converting into usable data can be challenging. Machine learning could play a major role here too.

Due to upcoming regulatory requirements, most focus today is on surveillance for buy or sell-side firms, however such tools are also going to be important for exchanges, clearing houses and regulators as they need to meet new requirements more cost effectively. In addition, another application of this technology is to assess performance of traders based on the same multitude of data and potentially also deliver more alpha. By applying behavioral analytics, participants can be proactive in both surveillance and performance, opening up new ways to get a competitive advantage.

(*disclosure: I am an investor in Sybenetix)

Regulatory Reporting

The amount and frequency of regulatory reporting has grown tremendously over the years. I recently spoke to the head of regulatory affairs from a major European bank who said they regularly send reports of over 50,000 pages every quarter to the ECB. Apart from the usefulness of such reports, there are 2 important bottlenecks that RegTech companies are addressing. First, extracting data from often legacy systems is often a very difficult and error-prone process for financial firms. A number of RegTech companies have developed data aggregation tools that take information from different source databases and combine to get one complete dataset. The tools often also provide feedback regarding any inconsistencies in the source information. The second bottleneck relates to the actual reporting — regulation often changes and often is described as published principles for which the firms need to interpret and create their own reporting. Given the staggering amount of regulation, firms often have multiple employees just to monitor required and ad hoc reporting. Fortunately, there are a number of RegTech firms that specialize in monitoring regulation and often provide an up to date reporting format. Companies in this space include Fintellix, Modelity and many others.

The next evolution is to move towards smart regulation using smart contract technology to create a form of dynamic oversight. This would allow regulators to change capital requirement live based on real market events instead of adjusting for historical events (Aldo de Jong of Claro Partners pointed this out in a comment on my last blog a few months ago).

Stress Testing/Capital Planning

Stress testing of financial services firms’ balance sheets is becoming a popular risk management and regulatory tool. When the European Banking Authority recently took over supervision of banks from the national regulators, it performed a massive stress test of all the major European banks. I have learned from people involved that almost every bank had difficulties in delivering accurate and timely data. Not surprising given that data in banks is often contained in separate databases on outdated systems with often incomplete or wrong information and regulators have not provided specific instructions for how to complete tests.

With new available technologies and data quality initiatives, a number of firms are building scenario and stress test platforms to manage risk and/or calculate capital requirements. Examples are AlgoSave, Ayasdi, Suade and Percentile. Capital planning tools can also help reduce the capital ratios of banks by proving to regulators that they have adequate reserves. This could significantly increase return on equity, a very difficult task for banks over the last 8 years.

Fraud Detection

Closely related to KYC, this category includes solutions to protect against external and internal fraud. Solutions include identity verification or suspicious activity alerts. Arguably, this extends well beyond RegTech & FinTech into Ecommerce for example which is certainly not my area of expertise. However, some companies have a strong focus on financial services and examples include Netguardians, Risk Ident and Trustev who each use sophisticated analytics to monitor and detect all kinds of fraudulent activities during transactions.

Controls Automation

These technologies automate interpretation and application of regulatory rules and oversight of internal processes in order to flag potential issues. Many of the control functions at financial services companies are working with outdated, manual systems and cannot cope with the complexity of the financial services industry. So far the response has been to set more controls and hire more people to manage these as well as push controls towards the front office which distracts sales people or traders from what they are hired for. There is a huge opportunity to automate these controls and several firms are working on smart solutions for different parts of the financial services industry. Examples are Capnovum, Continuity, Droit Fintech and Quarule.

Cybersecurity/Data Privacy

With online becoming the main communication channel for financial services companies, the strength of cybersecurity and, in particular, data privacy is critical for business operation and trust. In addition, financial firms are increasingly working with external vendors that operate outside of the firm’s firewall. Specific regulatory cybersecurity provisions and vendor obligations puts the onus on financial institutions to secure their systems. Companies like Alyne have developed tools to qualify the cybersecurity protocols of vendors to financial services companies which also can be used for insurance companies to assess cybersecurity insurance underwriting risks.

Risk Management

Traditional risk management at financial services is typically based on inflexible systems and often front end focused — i.e. trading limits, value at risk calculations, etc. Advanced data analytics and visualization will reduce the time to analyze risk parameters allowing firms to spend more time on acting on insights. New tools will also allow firms to better analyze risk from middle and/or back office functions which are often overlooked — e.g. operational risks. For example, AlgoDynamics helps trading firms evaluate portfolio risk by anticipating disruptive market events.

CDD/KYC

As I explained last time, one of the major challenges of new or ongoing client due diligence, in particular with small(er) companies or individuals, is that it is very difficult to accurately link names to bad press due to different spellings, local language, etc. This makes the onboarding and monitoring process slow and often incomplete. Unique identifiers or blockchain technology (for example Tradle) can play a role here, but result in data privacy discussions which are further complicated by different approaches by regulators. Another approach is to mine open source information followed by human analysis. In any case, the tools that are being developed will make client acceptance more efficient and reduce the manual work this often entails. Any successful solution should be better than just a clever workflow tool and combine data from multiple sources and deploy strong analytics tools to come to decisions where human involvement is only needed for exceptions. Examples include ComplyAdvantages, Fenergo and Passfort.

Communication Monitoring

Today’s world of multi-channel communication including Whatsapp, Facebook Messenger, etc, leads to headaches for compliance officers due to the difficulty of tracking all communications. Apart from ensuring that any communication is in line with internal guidelines, regulation increasingly requires firms to store all client communication. In order to satisfy such requirements, firms can either somehow integrate and monitor various communication channels or migrate account managers to controlled messaging environments. Novastone is an example of a RegTech company that is building an auditable communication tool to replace email with an instant messaging platform which allows for secure information exchange and transaction authentication. In addition, there are companies which focus on capturing voice communication such as Qumram. Applying technology that allows voice recordings to be transferred into searchable data would have huge opportunities in various other RegTech segments including market surveillance.

Other

There are also technologies emerging not included in the above categories addressing regulatory issues including compliance training (very important for firms), model management, violation analytics and internal audit. For example, Corlytics helps firms track regulatory enforcement activity across the industry and Aesthetic Integration provides very interesting tools to validate models and algorithms.

Non “FinTech” Regtech

RegTech is not only for the financial industry. Regulatory requirements exist in most market segments around the world. These technologies typically offer solutions to help firms deal with logistical problems relating to compliance; for example, BigControls helps firms manage incentives payments, and KoreConX helps automate document and information storage.

Expanded list of RegTech universe

I’d like to thank everyone for their contributions, this expanded list would not have been possible without all the input received on my earlier blogs, so thanks a lot to everyone. Also, I want to thank John Anderson, formerly with Promontory Financial Group and now MBA student at UVA Darden for all his help in completing this article and list.

THE LIST

RegTech Universe

CDD/KYC

1. Albany Group (UK, 2007) — Client due diligence solutions

2. ComplyAdvantage (UK, 2014) Series A 2016 — AML data and surveillance platform

3. Contego (UK, 2011) Angel 2014 — KYC validation tools for individuals and companies

4. Cynopsis Solutions (Singapore, 2014) — Transaction monitoring for combating money laundering and terrorism financing activities

5. Encompass (UK, 2012) Venture 2016 — Due diligence/onboarding automation and reporting

6. Fenergo (Ireland, 2009) Private Equity 2015 — KYC data management, client onboarding lifecycle

7. Financial Crimes Solutions (Australia, 2011) — AML risk assessment solutions

8. IdentityMind (USA, 2011) Series B 2015 — Risk assessment of merchant accounts

9. Invoxis (France, 2013) — Automated onboarding and risk analysis processes

10. KYC Exchange (Switzerland, 2013) — KYC data collection platform

11. KYC3 (Luxembourg, 2014) — Customer monitoring and reports

12. KYC-Chain (Singapore, 2013) — Blockchain-based customer onboarding

13. Muinmos (Denmark, 2012) — Validates whether a client can trade in a service/instrument

14. Onfido (UK, 2012) Series B 2016 — Identify verification and KYC background checking

15. OpusDatum (UK, 2007) — Transactions monitoring/risk assessments for AML/sanctions

16. Passfort (UK, 2015) Seed 2015 — KYC data collection and verification

17. Provenir (USA, 2004) — Multiple source KYC data analysis

18. Signzy (India, 2015) — Digital onboarding using AI and cryptography

19. SimpleKYC (Australia, 2015) — KYC workflow including beneficial owners

20. Skry (USA, 2014) Seed 2016 — Transactions and counterparty monitoring on the blockchain

21. Tradle (USA, 2014) Seed 2015 — Blockchain-based customer onboarding and AML reporting

22. TransparINT (USA, 2013) — Multi-source adverse media searches

23. Trulioo (Canada, 2011) Series B 2015 — Identify verification and watch-list screening

24. Trunomi (USA, 2014) Seed 2015 — Allows customers to share data with banks for onboarding

Communications Monitoring

25. Beyond Enterprise (UK, 2014) — Helps firms assess the status of their communications monitoring program

26. CheckRecipient (UK, 2013) Seed 2015 — Intelligent outgoing email protection

27. Enepath (Singapore, 2015) Series A — Integrated verbal communication solution for trading desks

28. Novastone (UK, 2014) — Secure messaging tool for communication with clients

29. QumRam (Switzerland, 2011) Seed 2016 — Automatic digital activity recorder

30. RecordSure (UK, 2013) — Records sales calls and identifies red flags

Controls Automation

31. Capnovum (2014) — Combines regulatory monitoring, collaboration and communication tools with PMO capabilities and best practice processes

32. Commcise (UK, 2013) — Commission management software

33. Continuity Control (USA, 2008) — Automatic alert generation and workflow solution

34. CoVi Analytics (UK, 2015) Seed 2015 — Compliance as a Service (CaaS), reducing the cost of compliance and helping insurers make decisions faster

35. Droit (USA, 2012) Series A 2016 — Automates client trade compliance

36. EarlyIQ (USA, 2012) — Verifies that investors are accredited for Regulation D investments

37. FusionATCM (Netherlands, 2015) — Trading platform with built in risk and compliance reporting

38. InvestGlass (2014) Seed 2014 — Offers robo-advising solutions

39. KeeSystem (2009) — Automated compliance platform for asset managers

40. Met Facilities (UK, 2013) — FCA regulatory hosting umbrella for funds, start-ups, fin-techs and financial services firms

41. Neota Logic (USA, 2010) — Customizable compliance automation solutions

42. Quarule (USA, 2014) — Intelligent compliance and risk control tools

43. Red Marker (Australia, 2015) — Identifies potential compliance issues with websites and manage their remediation

Cybersecurity/Data Privacy

44. Alyne (Germany, 2015) — Enhances cyber security, risk management and compliance capabilities

45. Aprivacy (Canada, 2010) — Secure communications control and analytics

46. DarkTrace (UK, 2013) Series B 2015 — Identifies new emerging threats in real time by detecting anomalies in the system

47. Helm (USA, 2015) — Cyber security and data protection compliance assessment for fintech and regulators

48. Sysnet Global Solutions (Ireland, 1989) — Cybersecurity management for merchants’

49. Vigitrust (Ireland, 2003) — Helps with info security strategy, assessments, and testing

Fraud Detection

50. Feature Space (UK, 2005) Venture 2016 — Adaptive behavioral analytics

51. Mitek (USA, 1985) — Mobile identity capture and verification

52. Netguardians (Switzerland, 2007) — Audits human behavior across channels and transactions

53. Risk Ident (Germany, 2012) — Intelligent protection against online fraud

54. Trustev (Ireland, 2013) Acquired 2015 — Multiple source identity confirmation

Market Surveillance

55. Ancoa (UK, 2010) Series A 2015 — Market surveillance solution based on (contextual) data analytics

56. Behavox (UK, 2014) series A 2016 — Employee surveillance solution

57. Chainalysis (USA, 2014) Seed 2016 — Market surveillance/fraud detection on bitcoin transactions

58. Compliance Science (USA, 2003) Series A 2016 — Compliance management workflows based on each employee’s risk profile

59. Digital Reasoning (USA, 2000) Series D 2016 — Contextual analysis across structured and unstructured data

60. Elliptic (UK, 2013) Series A 2016 — BitCoin transaction monitoring

61. Neurensic (USA, 2015) Debt 2016 — Identifies high-risk trading behavior from previous market abuse instances

62. Polycoin (Israel, 2014) — BitCoin transaction monitoring

63. RedOwl Analytics (USA, 2011) Series B 2015 — Detects and deters unwanted/illegal behaviors

64. Sybenetix (UK, 2011) seed 2016 — Market surveillance solution based on combination of (contextual) data analytics and behavioral science

65. TradeFlow (Ireland, 2014) — Trade data tracking and risk alerting

66. Trapets (Sweden, 2000) — detection of insider trading and market abuse

67. Voitrax (Israel, 2014) — Tracks trader communications to identify potential market abuse

Non-Fintech

68. Avox (USA, 2003) — Data entity identification data enrichment

69. BigControls (USA, 2014) — Business incentives management

70. KoreConX (USA, 2013) — Organizes, manages and shares corporate information securely

71. SWIPE (WordFlow) (Australia, 2013) — Converts documents and databases into websites

Other

72. Aesthetic Integration (UK, 2013) Seed 2016 — Financial algorithm testing

73. AlgoValue (USA, 2011) — Valuation tool for fair valuation calculations

74. Comply365 (USA, 2007) Series A 2014 — Interactive compliance training

75. Corlytics (Ireland, 2014) Seed 2015 — Tracks regulatory enforcement activity

76. Cube (UK, 2012) — Automated management of compliance requirements

77. Flextrade (USA, 1996) — Order management system

78. GRC Solutions (Australia, 1999) — Compliance training solutions

79. TheMarketsTrust (Luxembourg, 2012) — Valuation of contingent, convertible bonds

80. Tillr (UK, 2015) — Internal audit automation

Regulatory Reporting

81. 28MSEC (USA, 2008) Venture 2013 — Repository where existing data definitions and taxonomies can be imported, reconciled, and unified and used for reporting

82. Abide Financial (UK, 2010) — End-to-end solution for all regulatory reporting

83. Accudelta (Ireland, 2015) — Data solution to manage Key Information Documents

84. AssetLogic (UK, 2014) — Central repository for investment data and documents

85. Bearingpoint (Netherlands, 2002) — Provides software solutions for prudential regulatory reporting, solvency reporting, liquidity reporting, and complex instruments reporting

86. Cappitech (Israel, 2013) — EMIR trading and regulatory reporting for funds

87. Clausematch (UK, 2012) — Data solution to manage Key Information Documents

88. CrowdCheck (USA, 2012) — Solutions for Reg A, Reg D, and Reg CF participants

89. DerivativesTech (Germany, 2015) — Data solution to manage Key Information Documents

90. FD-Reporting (Luxembourg, 2015) — International reporting for funds

91. Fintellix (India, 2006) Series B 2012 — Leverages existing data infrastructures to manage local regulatory reporting rules

92. Fortia Financial Solutions (France, 2012) — Data based compliance management and reporting solutions for asset managers

93. Fund Recs (Ireland, 2013) Grant 2014 — Data management and reconciliation software for funds

94. FundApps (UK, 2010) Seed 2010 — Automatic beneficial ownership reporting

95. Fundsquare (Luxembourg, 2013) — Secure communication channel between funds and financial supervisory authorities

96. Governance.io (2Gears) (Luxembourg, 2011) Angel 2015 — Fund structure and ownership reporting tool

97. Hexanika (USA, 2013) Seed 2016 — Global regulatory reporting templates and data management

98. Idisclose (USA, 2015) — Prepares crowdfunding and private placement disclosures

99. Modelity (Israel, 2000) — Data solution to manage Key Information Documents

100. MoneyMate (Ireland, 1991) — Data solution to manage Key Information Documents

101. QuanTemplate (Gibraltar, 2011) Series A 2015 — Regulatory reporting and data analytics for insurance companies

102. REGIS-TR (Luxembourg, 2010) — European trade repository set up to enable market players to report derivative trades as required under EU regulation

103. Secondfloor (Netherlands, 2005) Seed 2010 — Generates analytics and regulatory and management reports with workflow controls

104. Silverfinch (UK, 2014) — Regulatory data hub for asset managers and insurers

105. TransFICC (UK, 2016) — Reporting for fixed income and derivatives trading operations

106. ViClarity (Ireland, 2008) — Automated risk/compliance monitoring and reporting platform

107. Vizor (Ireland, 2000) — Designed for regulators to better monitor their regulated entities

Risk Management

108. Algodynamix (UK, 2013) — Portfolio risk analytics that predict disruptive market events

109. AQMetrics (Ireland, 2012) Series A 2016 — Risk monitoring solutions for funds and investment banks

110. Athena Portfolio Solutions (Israel, 2015) — Tracks live market data to generate portfolio risk alerts

111. Global Fund Watch (Sweden, 2015) — Due diligence of fund counterparties

112. Neo RM (USA, 2015) — Measures risk management controls

113. Open GAMMA (UK, 2009) Series D 2016 — Predicts CCP margin requirements

114. Open Risk (Netherlands, 2014) — Centralized risk management dashboard

115. Promapp (New Zealand, 2002) — Centralized risk management dashboard

116. Risk System (Ireland, 2013) — Regulatory risk management for funds

117. Scaled Risk (France, 2012) — Big data platform informing risk management processes

118. Trade Informatics LLC (USA, 2007) — Trade counterparty risk management

119. Traiana (USA, 2000) Series D 2005 — Pre and post trade risk management, including credit risk

120. Visual Risk (Australia, 2001) — Processes, analyses and displays complex data in a graphical manner for internal treasury functions

Stress Testing/Capital Planning

121. Algorithmica Risk Management System (Sweden, 2001) — UCITS IV and Solvency II simulations

122. AlgoSave (Israel, 2015)– Calculates expected credit losses and impairment calculations for accounting and BASEL purposes

123. Ayasdi (USA, 2008) Series C 2015 — Machine learning platform able to process stress testing and capital planning initiatives

124. OS-IS (Netherlands, 2010) — Calculating credit risk for stress testing scenarios

125. Percentile (UK, 2014) Seed 2016 — Firm-wide data aggregation for risk simulation and reporting

126. Suade (UK, 2014) Seed 2015 — Focuses on BASEL III capital requirements

127. Symetrics (Netherlands, 2012) — Banking stress testing models