Thanks to all contributions and suggestions, please see below the updated RegTech list. The list now includes well over 120 companies and has been categorized into 11 categories.
Not new, but in fashion
Clearly RegTech is nothing new; incumbents and technology companies have invested in regulatory solutions for many years, but RegTech as an interesting investment theme has emerged only in the last year and is now really becoming mainstream. For example, I have attended and been part of panels at 3 RegTech conferences already and I see many more being organized. Also, after some of the early bloggers (such as Devie Mohan and the team at Lets Talk Payments), I see many more blogs and my previous list has been re-used many times (with or without a reference :-) — I am sure some smart business people have found a way to sell this list).
Not a threat to financial services companies, but a valuable partner
As opposed to FinTech which is generally seen as early stage companies looking to disrupt financial service companies, most RegTech companies solve problems faced by incumbents which results in much greater willingness to engage in conversations and partnerships.
Removing the bottlenecks to innovation
Hopefully, RegTech being in fashion will speed up the delivery of solutions which today are hampered for 2 key reasons. First, there is a limited amount of venture investment in the space. If you exclude investments made by incumbents and established technology providers, less than $200m per annum has been invested in early stage RegTech startups (see also funding below). Given the attention, the space now has and first concrete examples of successful early stage companies. I already see much more interest from VCs, and I believe the amounts of funding will increase significantly over the next few years.
Second, the long sales cycle of selling a product to a financial services firm can be an inhibitor for startups. Probably an unintended result of regulation, financial firms have become very conservative in working with new(er) external vendors. Here is where firms and regulators have a responsibility to catalyze innovation by collaborating with interesting solution providers at an early stage (and not subject them to countless procurement requirements; these can be addressed at a later stage). Also, financial firms should see the value of collaborating early with technology firms in terms of changing their own culture and should not hesitate to pay startups for pilots to ensure they are also motivated to a success.
The acquisition of Promontory by IBM also shows that existing technology companies see RegTech as an interesting area. I haven’t spent much time in my blogs on what major technology companies like Accenture, Bloomberg or IBM offer (neither what incumbents are building themselves) but clearly they are not hibernating and working on their own solutions.
Regtech is broader than FinTech
Regarding categorization, there are now 11 solution categories and I have now also included a category for non-financial RegTech (financial services may be subject to a lot of regulation but are certainly not the only regulated industry). So, even though most focus today is on RegTech being a sub-segment of the FinTech ecosystem, it is actually a broader layer with interesting solutions also being developed for other industries.
Data (quality) is king
A general theme for RegTech is that it all starts with data and almost all solutions have a form of advanced data analytics. At the same time, due to their legacy systems and acquisitions, financial firms have notoriously bad data quality and can only dream of aggregated “data lakes.” For those firms that do have their data organized properly, I can only imagine the insights you could attract about your business and customer needs as well as achieve much higher efficiency levels. Financial firms that manage to make this transition will have huge competitive advantages and potentially even lower regulatory requirements.
Financial Services = Financial Technology
As leading FinTech investor Pascal Bouvier stated months ago, we are currently in the second wave of the transformation of Financial Services firms into Financial Technology companies. While the first wave was concentrated on the potential of startups developing technology that would take down traditional banking models, the second wave has seen startups working with incumbents to provide viable solutions. Especially in RegTech, there are many examples of successful collaborations and partnerships between startups and incumbents.
Get ready for the third wave, which Pascal believes is just around the corner, which will show the application of emerging technologies, such as artificial intelligence and robotics, and the likely entry into financial services of large tech companies like Facebook, Apple and Amazon. I believe RegTech will play a major role here as well, both as service provider to FinTech and catalyst for new products and services.
London and New York dominate
As I mentioned last time, the UK and US still have the greatest number of different startups and diversity of problems being tackled. Given the UK’s Financial Conduct Authority pro-active approach to innovation, I am not surprised London is at the top of the list. As fellow RegTech investor Michael Meyer has said many times, regulators need to foster innovation and push financial firms to embrace working with early stage innovators. I am surprised though with the relatively low number of startups in Asia and still am very interested in even earlier stage startups that look to develop a RegTech solution. Feel free to keep contributing and suggesting names to me in the comments or directly to me.
Limited funding so far
As an indicator of the stage of development, I have included the stage of last funding round per company based on public information on Crunchbase or from the company itself. The ones without funding information have generally been self-funded so far or are relatively early stage. Interestingly out of 127 companies, there were 9 Series B, C, or D rounds; 8 Series A rounds and 20 seed/venture rounds. If I add up all the external money raised by these companies and where no information was available include a proxy $0.5 million, the total amount would be around $950 million for the last 4–5 years; so around $200 million per year which seems small in comparison to the billions that are spent on regulation annually within the financial services industry.
Incomplete and imperfections
Some of companies on the list have solutions for multiple categories, but I have still only included them in 1 category. Also, as mentioned previously, the list doesn’t include existing technology developed by incumbents or major technology providers.
For an industry which is transforming into a technology industry, the future is very bright. The application of emerging technologies will not only make processes more efficient but also lead to new products and markets and may even allow previously unprofitable client segments (e.g. lending to small companies or self-employed individuals) to have (better) access to financial products. However, in order to get there, we will need regulators and incumbents to embrace change.
As always I’d love feedback on this and please keep suggesting companies.
Jan-Maarten Mulder is an early stage venture investor in FinTech & Data companies across Europe and a former banking and finance executive.
NB: if you are (or know) a business development / sales professional with broad experience selling regulatory solutions to financial services companies, please let me know since I see a lot of new RegTech initiatives looking for quality candidates..
Comment per category / key trends
Any participant active in the global capital markets is looking for an advantage. Unfortunately, in some cases, such advantages are unlawful such as insider trading or placing “fake” orders to manipulate prices (spoofing). New tools are being developed to monitor participants and to identify nefarious behavior based on trading data and contextual information such as market information, newsfeeds but also chats and email. Ancoa and Sybenetix* are examples of companies in this space. The most promising companies often combine advanced data analytics with behavioral science to provide faster and more efficient ways to manage conduct. One of the hardest elements of market surveillance is to limit the number of false positives — nobody wants to analyze countless false notifications. As new regulations extend surveillance to more activities and asset classes, traditional technology and methods become prohibitively expensive. In addition, aggregating chat and voice communication by traders across multiple channels and converting into usable data can be challenging. Machine learning could play a major role here too.
Due to upcoming regulatory requirements, most focus today is on surveillance for buy or sell-side firms, however such tools are also going to be important for exchanges, clearing houses and regulators as they need to meet new requirements more cost effectively. In addition, another application of this technology is to assess performance of traders based on the same multitude of data and potentially also deliver more alpha. By applying behavioral analytics, participants can be proactive in both surveillance and performance, opening up new ways to get a competitive advantage.
(*disclosure: I am an investor in Sybenetix)
The amount and frequency of regulatory reporting has grown tremendously over the years. I recently spoke to the head of regulatory affairs from a major European bank who said they regularly send reports of over 50,000 pages every quarter to the ECB. Apart from the usefulness of such reports, there are 2 important bottlenecks that RegTech companies are addressing. First, extracting data from often legacy systems is often a very difficult and error-prone process for financial firms. A number of RegTech companies have developed data aggregation tools that take information from different source databases and combine to get one complete dataset. The tools often also provide feedback regarding any inconsistencies in the source information. The second bottleneck relates to the actual reporting — regulation often changes and often is described as published principles for which the firms need to interpret and create their own reporting. Given the staggering amount of regulation, firms often have multiple employees just to monitor required and ad hoc reporting. Fortunately, there are a number of RegTech firms that specialize in monitoring regulation and often provide an up to date reporting format. Companies in this space include Fintellix, Modelity and many others.
The next evolution is to move towards smart regulation using smart contract technology to create a form of dynamic oversight. This would allow regulators to change capital requirement live based on real market events instead of adjusting for historical events (Aldo de Jong of Claro Partners pointed this out in a comment on my last blog a few months ago).
Stress Testing/Capital Planning
Stress testing of financial services firms’ balance sheets is becoming a popular risk management and regulatory tool. When the European Banking Authority recently took over supervision of banks from the national regulators, it performed a massive stress test of all the major European banks. I have learned from people involved that almost every bank had difficulties in delivering accurate and timely data. Not surprising given that data in banks is often contained in separate databases on outdated systems with often incomplete or wrong information and regulators have not provided specific instructions for how to complete tests.
With new available technologies and data quality initiatives, a number of firms are building scenario and stress test platforms to manage risk and/or calculate capital requirements. Examples are AlgoSave, Ayasdi, Suade and Percentile. Capital planning tools can also help reduce the capital ratios of banks by proving to regulators that they have adequate reserves. This could significantly increase return on equity, a very difficult task for banks over the last 8 years.
Closely related to KYC, this category includes solutions to protect against external and internal fraud. Solutions include identity verification or suspicious activity alerts. Arguably, this extends well beyond RegTech & FinTech into Ecommerce for example which is certainly not my area of expertise. However, some companies have a strong focus on financial services and examples include Netguardians, Risk Ident and Trustev who each use sophisticated analytics to monitor and detect all kinds of fraudulent activities during transactions.
These technologies automate interpretation and application of regulatory rules and oversight of internal processes in order to flag potential issues. Many of the control functions at financial services companies are working with outdated, manual systems and cannot cope with the complexity of the financial services industry. So far the response has been to set more controls and hire more people to manage these as well as push controls towards the front office which distracts sales people or traders from what they are hired for. There is a huge opportunity to automate these controls and several firms are working on smart solutions for different parts of the financial services industry. Examples are Capnovum, Continuity, Droit Fintech and Quarule.
With online becoming the main communication channel for financial services companies, the strength of cybersecurity and, in particular, data privacy is critical for business operation and trust. In addition, financial firms are increasingly working with external vendors that operate outside of the firm’s firewall. Specific regulatory cybersecurity provisions and vendor obligations puts the onus on financial institutions to secure their systems. Companies like Alyne have developed tools to qualify the cybersecurity protocols of vendors to financial services companies which also can be used for insurance companies to assess cybersecurity insurance underwriting risks.
Traditional risk management at financial services is typically based on inflexible systems and often front end focused — i.e. trading limits, value at risk calculations, etc. Advanced data analytics and visualization will reduce the time to analyze risk parameters allowing firms to spend more time on acting on insights. New tools will also allow firms to better analyze risk from middle and/or back office functions which are often overlooked — e.g. operational risks. For example, AlgoDynamics helps trading firms evaluate portfolio risk by anticipating disruptive market events.
As I explained last time, one of the major challenges of new or ongoing client due diligence, in particular with small(er) companies or individuals, is that it is very difficult to accurately link names to bad press due to different spellings, local language, etc. This makes the onboarding and monitoring process slow and often incomplete. Unique identifiers or blockchain technology (for example Tradle) can play a role here, but result in data privacy discussions which are further complicated by different approaches by regulators. Another approach is to mine open source information followed by human analysis. In any case, the tools that are being developed will make client acceptance more efficient and reduce the manual work this often entails. Any successful solution should be better than just a clever workflow tool and combine data from multiple sources and deploy strong analytics tools to come to decisions where human involvement is only needed for exceptions. Examples include ComplyAdvantages, Fenergo and Passfort.
Today’s world of multi-channel communication including Whatsapp, Facebook Messenger, etc, leads to headaches for compliance officers due to the difficulty of tracking all communications. Apart from ensuring that any communication is in line with internal guidelines, regulation increasingly requires firms to store all client communication. In order to satisfy such requirements, firms can either somehow integrate and monitor various communication channels or migrate account managers to controlled messaging environments. Novastone is an example of a RegTech company that is building an auditable communication tool to replace email with an instant messaging platform which allows for secure information exchange and transaction authentication. In addition, there are companies which focus on capturing voice communication such as Qumram. Applying technology that allows voice recordings to be transferred into searchable data would have huge opportunities in various other RegTech segments including market surveillance.
There are also technologies emerging not included in the above categories addressing regulatory issues including compliance training (very important for firms), model management, violation analytics and internal audit. For example, Corlytics helps firms track regulatory enforcement activity across the industry and Aesthetic Integration provides very interesting tools to validate models and algorithms.
Non “FinTech” Regtech
RegTech is not only for the financial industry. Regulatory requirements exist in most market segments around the world. These technologies typically offer solutions to help firms deal with logistical problems relating to compliance; for example, BigControls helps firms manage incentives payments, and KoreConX helps automate document and information storage.
Expanded list of RegTech universe
I’d like to thank everyone for their contributions, this expanded list would not have been possible without all the input received on my earlier blogs, so thanks a lot to everyone. Also, I want to thank John Anderson, formerly with Promontory Financial Group and now MBA student at UVA Darden for all his help in completing this article and list.
1. Albany Group (UK, 2007) — Client due diligence solutions
2. ComplyAdvantage (UK, 2014) Series A 2016 — AML data and surveillance platform
3. Contego (UK, 2011) Angel 2014 — KYC validation tools for individuals and companies
4. Cynopsis Solutions (Singapore, 2014) — Transaction monitoring for combating money laundering and terrorism financing activities
5. Encompass (UK, 2012) Venture 2016 — Due diligence/onboarding automation and reporting
6. Fenergo (Ireland, 2009) Private Equity 2015 — KYC data management, client onboarding lifecycle
7. Financial Crimes Solutions (Australia, 2011) — AML risk assessment solutions
8. IdentityMind (USA, 2011) Series B 2015 — Risk assessment of merchant accounts
9. Invoxis (France, 2013) — Automated onboarding and risk analysis processes
10. KYC Exchange (Switzerland, 2013) — KYC data collection platform
11. KYC3 (Luxembourg, 2014) — Customer monitoring and reports
12. KYC-Chain (Singapore, 2013) — Blockchain-based customer onboarding
13. Muinmos (Denmark, 2012) — Validates whether a client can trade in a service/instrument
14. Onfido (UK, 2012) Series B 2016 — Identify verification and KYC background checking
15. OpusDatum (UK, 2007) — Transactions monitoring/risk assessments for AML/sanctions
16. Passfort (UK, 2015) Seed 2015 — KYC data collection and verification
17. Provenir (USA, 2004) — Multiple source KYC data analysis
18. Signzy (India, 2015) — Digital onboarding using AI and cryptography
19. SimpleKYC (Australia, 2015) — KYC workflow including beneficial owners
20. Skry (USA, 2014) Seed 2016 — Transactions and counterparty monitoring on the blockchain
21. Tradle (USA, 2014) Seed 2015 — Blockchain-based customer onboarding and AML reporting
22. TransparINT (USA, 2013) — Multi-source adverse media searches
23. Trulioo (Canada, 2011) Series B 2015 — Identify verification and watch-list screening
24. Trunomi (USA, 2014) Seed 2015 — Allows customers to share data with banks for onboarding
25. Beyond Enterprise (UK, 2014) — Helps firms assess the status of their communications monitoring program
26. CheckRecipient (UK, 2013) Seed 2015 — Intelligent outgoing email protection
27. Enepath (Singapore, 2015) Series A — Integrated verbal communication solution for trading desks
28. Novastone (UK, 2014) — Secure messaging tool for communication with clients
29. QumRam (Switzerland, 2011) Seed 2016 — Automatic digital activity recorder
30. RecordSure (UK, 2013) — Records sales calls and identifies red flags
31. Capnovum (2014) — Combines regulatory monitoring, collaboration and communication tools with PMO capabilities and best practice processes
32. Commcise (UK, 2013) — Commission management software
33. Continuity Control (USA, 2008) — Automatic alert generation and workflow solution
34. CoVi Analytics (UK, 2015) Seed 2015 — Compliance as a Service (CaaS), reducing the cost of compliance and helping insurers make decisions faster
35. Droit (USA, 2012) Series A 2016 — Automates client trade compliance
36. EarlyIQ (USA, 2012) — Verifies that investors are accredited for Regulation D investments
37. FusionATCM (Netherlands, 2015) — Trading platform with built in risk and compliance reporting
38. InvestGlass (2014) Seed 2014 — Offers robo-advising solutions
39. KeeSystem (2009) — Automated compliance platform for asset managers
40. Met Facilities (UK, 2013) — FCA regulatory hosting umbrella for funds, start-ups, fin-techs and financial services firms
41. Neota Logic (USA, 2010) — Customizable compliance automation solutions
42. Quarule (USA, 2014) — Intelligent compliance and risk control tools
43. Red Marker (Australia, 2015) — Identifies potential compliance issues with websites and manage their remediation
44. Alyne (Germany, 2015) — Enhances cyber security, risk management and compliance capabilities
45. Aprivacy (Canada, 2010) — Secure communications control and analytics
46. DarkTrace (UK, 2013) Series B 2015 — Identifies new emerging threats in real time by detecting anomalies in the system
47. Helm (USA, 2015) — Cyber security and data protection compliance assessment for fintech and regulators
48. Sysnet Global Solutions (Ireland, 1989) — Cybersecurity management for merchants’
49. Vigitrust (Ireland, 2003) — Helps with info security strategy, assessments, and testing
50. Feature Space (UK, 2005) Venture 2016 — Adaptive behavioral analytics
51. Mitek (USA, 1985) — Mobile identity capture and verification
52. Netguardians (Switzerland, 2007) — Audits human behavior across channels and transactions
53. Risk Ident (Germany, 2012) — Intelligent protection against online fraud
54. Trustev (Ireland, 2013) Acquired 2015 — Multiple source identity confirmation
55. Ancoa (UK, 2010) Series A 2015 — Market surveillance solution based on (contextual) data analytics
56. Behavox (UK, 2014) series A 2016 — Employee surveillance solution
57. Chainalysis (USA, 2014) Seed 2016 — Market surveillance/fraud detection on bitcoin transactions
58. Compliance Science (USA, 2003) Series A 2016 — Compliance management workflows based on each employee’s risk profile
59. Digital Reasoning (USA, 2000) Series D 2016 — Contextual analysis across structured and unstructured data
60. Elliptic (UK, 2013) Series A 2016 — BitCoin transaction monitoring
61. Neurensic (USA, 2015) Debt 2016 — Identifies high-risk trading behavior from previous market abuse instances
62. Polycoin (Israel, 2014) — BitCoin transaction monitoring
63. RedOwl Analytics (USA, 2011) Series B 2015 — Detects and deters unwanted/illegal behaviors
64. Sybenetix (UK, 2011) seed 2016 — Market surveillance solution based on combination of (contextual) data analytics and behavioral science
65. TradeFlow (Ireland, 2014) — Trade data tracking and risk alerting
66. Trapets (Sweden, 2000) — detection of insider trading and market abuse
67. Voitrax (Israel, 2014) — Tracks trader communications to identify potential market abuse
68. Avox (USA, 2003) — Data entity identification data enrichment
69. BigControls (USA, 2014) — Business incentives management
70. KoreConX (USA, 2013) — Organizes, manages and shares corporate information securely
71. SWIPE (WordFlow) (Australia, 2013) — Converts documents and databases into websites
72. Aesthetic Integration (UK, 2013) Seed 2016 — Financial algorithm testing
73. AlgoValue (USA, 2011) — Valuation tool for fair valuation calculations
74. Comply365 (USA, 2007) Series A 2014 — Interactive compliance training
75. Corlytics (Ireland, 2014) Seed 2015 — Tracks regulatory enforcement activity
76. Cube (UK, 2012) — Automated management of compliance requirements
77. Flextrade (USA, 1996) — Order management system
78. GRC Solutions (Australia, 1999) — Compliance training solutions
79. TheMarketsTrust (Luxembourg, 2012) — Valuation of contingent, convertible bonds
80. Tillr (UK, 2015) — Internal audit automation
81. 28MSEC (USA, 2008) Venture 2013 — Repository where existing data definitions and taxonomies can be imported, reconciled, and unified and used for reporting
82. Abide Financial (UK, 2010) — End-to-end solution for all regulatory reporting
83. Accudelta (Ireland, 2015) — Data solution to manage Key Information Documents
84. AssetLogic (UK, 2014) — Central repository for investment data and documents
85. Bearingpoint (Netherlands, 2002) — Provides software solutions for prudential regulatory reporting, solvency reporting, liquidity reporting, and complex instruments reporting
86. Cappitech (Israel, 2013) — EMIR trading and regulatory reporting for funds
87. Clausematch (UK, 2012) — Data solution to manage Key Information Documents
88. CrowdCheck (USA, 2012) — Solutions for Reg A, Reg D, and Reg CF participants
89. DerivativesTech (Germany, 2015) — Data solution to manage Key Information Documents
90. FD-Reporting (Luxembourg, 2015) — International reporting for funds
91. Fintellix (India, 2006) Series B 2012 — Leverages existing data infrastructures to manage local regulatory reporting rules
92. Fortia Financial Solutions (France, 2012) — Data based compliance management and reporting solutions for asset managers
93. Fund Recs (Ireland, 2013) Grant 2014 — Data management and reconciliation software for funds
94. FundApps (UK, 2010) Seed 2010 — Automatic beneficial ownership reporting
95. Fundsquare (Luxembourg, 2013) — Secure communication channel between funds and financial supervisory authorities
96. Governance.io (2Gears) (Luxembourg, 2011) Angel 2015 — Fund structure and ownership reporting tool
97. Hexanika (USA, 2013) Seed 2016 — Global regulatory reporting templates and data management
98. Idisclose (USA, 2015) — Prepares crowdfunding and private placement disclosures
99. Modelity (Israel, 2000) — Data solution to manage Key Information Documents
100. MoneyMate (Ireland, 1991) — Data solution to manage Key Information Documents
101. QuanTemplate (Gibraltar, 2011) Series A 2015 — Regulatory reporting and data analytics for insurance companies
102. REGIS-TR (Luxembourg, 2010) — European trade repository set up to enable market players to report derivative trades as required under EU regulation
103. Secondfloor (Netherlands, 2005) Seed 2010 — Generates analytics and regulatory and management reports with workflow controls
104. Silverfinch (UK, 2014) — Regulatory data hub for asset managers and insurers
105. TransFICC (UK, 2016) — Reporting for fixed income and derivatives trading operations
106. ViClarity (Ireland, 2008) — Automated risk/compliance monitoring and reporting platform
107. Vizor (Ireland, 2000) — Designed for regulators to better monitor their regulated entities
108. Algodynamix (UK, 2013) — Portfolio risk analytics that predict disruptive market events
109. AQMetrics (Ireland, 2012) Series A 2016 — Risk monitoring solutions for funds and investment banks
110. Athena Portfolio Solutions (Israel, 2015) — Tracks live market data to generate portfolio risk alerts
111. Global Fund Watch (Sweden, 2015) — Due diligence of fund counterparties
112. Neo RM (USA, 2015) — Measures risk management controls
113. Open GAMMA (UK, 2009) Series D 2016 — Predicts CCP margin requirements
114. Open Risk (Netherlands, 2014) — Centralized risk management dashboard
115. Promapp (New Zealand, 2002) — Centralized risk management dashboard
116. Risk System (Ireland, 2013) — Regulatory risk management for funds
117. Scaled Risk (France, 2012) — Big data platform informing risk management processes
118. Trade Informatics LLC (USA, 2007) — Trade counterparty risk management
119. Traiana (USA, 2000) Series D 2005 — Pre and post trade risk management, including credit risk
120. Visual Risk (Australia, 2001) — Processes, analyses and displays complex data in a graphical manner for internal treasury functions
Stress Testing/Capital Planning
121. Algorithmica Risk Management System (Sweden, 2001) — UCITS IV and Solvency II simulations
122. AlgoSave (Israel, 2015)– Calculates expected credit losses and impairment calculations for accounting and BASEL purposes
123. Ayasdi (USA, 2008) Series C 2015 — Machine learning platform able to process stress testing and capital planning initiatives
124. OS-IS (Netherlands, 2010) — Calculating credit risk for stress testing scenarios
125. Percentile (UK, 2014) Seed 2016 — Firm-wide data aggregation for risk simulation and reporting
126. Suade (UK, 2014) Seed 2015 — Focuses on BASEL III capital requirements
127. Symetrics (Netherlands, 2012) — Banking stress testing models