Included VC
Published in

Included VC

🔧 Exploring the Obscure World of Regulation Technology (aka RegTech)

Regulation technology (RegTech) — the name given to the space where companies focused on developing technology driven solutions for regulatory processes reside.

The term is mostly used with companies created in the aftermath of the 2008 financial crisis, in an attempt to support financial institutions with the increasing regulations they needed to comply with. Because of this, many associate the term RegTech exclusively with fintechs or insurtechs.

On the internet, one can find tons of articles related to fintech with various opinions and several deep dives, but there are very few written on its cousin, RegTech. Furthermore, while the increase in regulation for the financial sector is a global movement, this specific article will focus on exploring some of the drivers, challenges and players in Europe, specifically in relation to financial crime. This is a sector I have had a couple of encounters with while working for financial institutions, and one that will hopefully add value to other fintech/financial services professionals.

This brings me to my first question….

What are the key drivers of the RegTech space?

The main driver of this space is of course regulation. In Europe, regulators have increased their reviews on prioritizing financial crime compliance. In the last year there were two developments:

  1. In May 2020, the EU Commission published a six-point action plan aimed at improving the response to financial crime.
  2. In September 2020, the European Commission adopted a report known as the 5th anti-money laundering Directive, which further complemented the rules available until that point for financial authorities.

Complying with all this regulation is not cheap. Thus, financial institutions spend a considerable amount of money and time in teams that are focused on dealing with financial crime issues. According to a survey by RegTech company Refinitiv, financial crime represents 3.5% of the global turnover lost, and it is estimated that fraud, money laundering, theft and cybercrime made up to $956 Billion revenues lost for 2018. While these numbers are global, it can be inferred that there is a sizable portion of investment from European financial services institutions that goes into complying with regulation.

In addition to that, the cost of financial crime does not only involve direct personal costs and fraud losses, but also regulatory fines and foregone revenue, as can be seen in the following graph:

Image extracted from the Financial crime and fraud in the age of cybersecurity report by McKinsey in October 2019.

Direct and indirect personal costs relate to the infrastructure already in place to be able to prevent and detect financial crime.

Direct fraud losses are related to measures taken after the fraud has occurred and relate to identifying and remediating the breaches, fraud losses and the cost of the financial intelligence unit. Indirect costs and foregone revenue are, as we can see, the most significant part of the costs as there can be unavailable systems, failed authentication, transactions decline, incorrect risk categorization and most importantly customer-experience impact or attrition, or even reputational damage.

One of the worst scenarios for a financial institution is garnering reputational damage. When I was an advisor for financial institutions, this was one of the go-to risks when looking into financial risk.

Reputational damage is the bogeyman of financial institutions.

I saw “reputational damage” coming for us, I saw it outside.

On top of that, there are also regulatory fines and remediation costs, which can be a considerable amount for a bank or a fintech, and usually are not done discreetly. Here is an interesting website if you want to check out what fines for banks can look like.

Just as everything around us is becoming more digital, financial crime is also becoming highly reliant on technology.

What is more, the pathways between fraud, financial crimes, and cyber breaches are converging and to pursue one crime, there is usually a combination of all those tactics used by digital attackers that are adapting to the digitization and automation of financial services. With the shift towards digital services accelerated by the pandemic, the amount of cybercrime aimed at targeting them has risen. According to Feedzai, the last quarter of 2020 shows consumers saw a 650% increase in account takeover scams, a 600% in impersonation scams and a 250% increase in online banking fraud attacks versus the first quarter of 2020.

How does a financial crime RegTech work?

Several institutions we call data providers give the RegTechs access to databases with information regarding criminal records, Politically Exposed Persons (PEPs) in the country and flags. The RegTechs obtain the data and create tools that can help the end-users perform their checks in a faster, standardized and more precise manner through a friendlier interface. In the end, these RegTechs are supposed to add value as an intermediate to focus on making users such as the risk manager, the compliance officer, and the KYC manager with the necessary information to make decisions and keep the financial institution safe and regulation compliant.

Who are the players in the space?

Now that we have gained some base knowledge on RegTechs and the problems they solve, it is important to learn that not all RegTechs are the same. XangeVC did a great job mapping out some European RegTechs in this category:

© XAngeVC

From this, we can see that by mid-2019 there were +140 RegTech startups in Europe, and the number just continues to increase over time as financial crime becomes a growing concern. The four verticals within the RegTech space are the following:

  1. Compliance Management
  2. Risk Management
  3. Regulatory Reporting
  4. Financial Crime (AML/KYC)

The distribution of the 140 startups is the following: 30% in compliance management, 27% in AML/KYC, 26% in risk management, and 17% in regulatory reporting.

I wanted to highlight that there have been additional players joining the AML/KYC space over the last couple of years, and so I made a map for myself:

This list is not exhaustive, but if you know of more interesting AML/KYC RegTechs let me know!

This new decade has started as a good moment to take a look at the AML/KYC space. In 2020, there were a couple of companies that raised a considerable amount from investors. These companies include:

Just last month, Jumio and Feedzai raised $150M and $ 200M, respectively. In terms of exit opportunities, in the first quarter of 2021, there was already an acquisition in which Equifax acquired Kount for $640M. Although Kount is a company that deals specifically with KYC services, this definitely sets a positive precedent for other RegTech acquisitions in the future.

As we have seen in this brief post, there are many exciting opportunities coming up in the RegTech space, especially in the AML/ KYC vertical.

As the financial criminals become more sophisticated, so must the financial entities (incumbents and fintechs).

I hope this information can help create more awareness of the regulation technology space, and if you are interested in having a quick chat on the topic, feel free to reach out!

💁🏽‍♀️ You can follow my journey and more musings on Twitter and connect with me on Linkedin.

👉🏼 Follow Included VC



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store