Eventus

News & Views

Finding the right RegTech partner for you – Part 1

Finding the right RegTech partner for you – Part 1

Originally published on Fintech Global

The global RegTech sector is projected to reach a value of $66.9bn by 2032, growing at a 22.6% CAGR from 2023, according to a report from Allied Market Research. Given its size, it is evident that the market is full of various types of RegTech solutions all claiming to revolutionise the output of compliance teams. However, with so much noise in the market, finding the right solution is like finding a needle in a haystack. FinTech Global spoke to several RegTech providers for an insight into what to look for.

In this first part, hear the thoughts from industry experts at MCO (MyComplianceOffice), RelyComply, ACA Group, Muinmos and Eventus.

This is what each of them had to say:

MCO (MyComplianceOffice)

 In the modern world, the most common starting point when seeking an answer is to ask Google. Whether it is the most logical response, doing a web search for a solution to a specific pain point feels like the best way to find some vendors. However, Dave Kubersky, CRO at MCO, believes that using a web search to create a list of vendors and picking one based on what they do often ends with a less than optimal selection.

Instead, Kubersky advises firms to start by building a shared understanding of the business needs driving the new technology and identifying RegTech companies with both the ethos and capabilities that fit best. “With that detailed and shared understanding, every potential solution can be objectively evaluated using the same standards, objectives and core business requirements to find the right company to work with.”

An important reminder Kubersky provided firms was that while capabilities are key to the decision, a RegTech’s ethical outlook, core personnel, business model and customer service are just as important. Getting answers to these questions might be tough, but Kubersky suggests asking vendors to identify criteria like company culture and ownership, levels of ongoing investment in the platform, company roadmap, tenure and expertise of leadership and other key employees, and the availability and geographic locations of customer service and support.

In terms of the key factors to look out for, Kubersky pointed to six key points. The first of these is the technical fit and whether the system can easily integrate with existing internal systems. Next is the quality of the platform and system architecture. Does the system have a solid and intentional architecture or is it built on outdated technology or bolted on acquisitions? Similarly, how often does the firm schedule major and minor updates?

The third factor to keep an eye out for is the technical and customer support. Kubersky said firms should see if there is support available over the weekend, in the evenings or around the world. If support is only available in certain time zones, but the firm operates globally, this could cause trouble in the future.

Functionality was the next factor Kubersky mentioned. Firms should see if the software can do what it needs to, whether it can be customised to meet specific needs, and is it easy to use for compliance and by employees. The penultimate factor is pricing. Kubersky stated that quotes should be accurate and reasonable, ensuring firms can easily recognize the value they receive and avoid surprise costs down the line. “That return on investment is just as important as the number on the quote,” he added.

Finally, Kubersky said firms should consider how well the solution fits with the firm’s long-term needs. If there is regulatory change or new business developments, will the platform adapt to meet these needs. Similarly, if the firm expands internationally, will the tool support those territories or would a new platform be required.

These are not the only factors firms should be looking out for when considering a new solution. There are a number of warning signs to keep an eye out for. Kubersky urged decision makers to pay close attention to the experience they have with the sales team. “These initial interactions are usually an indicator of what the working relationship will be with the firm during implementation and beyond. Is the sales team giving you prompt and personal attention regardless of the size of your firm? Are they giving fair and accurate pricing and not playing fast and loose with the numbers? Are they asking you about the firm’s individual needs – and are they willing and able to configure their system to meet those requirements? If the answer is no to any of these questions, it’s a red flag that there might be fit and support issues down the road.”

Finally, Kubersky offered some advice to firms looking for a new RegTech solution. He said, “Firms on the hunt for new technology [should] understand the business requirements behind the acquisition, identify the right internal stakeholders to be consulted in the decision and bring them to the table early, and develop a structured process for identifying and evaluating vendors that assigns roles and responsibilities. Starting with that solid framework and defined methodology will set a firm up for success.”

For more advice from MCO, their whitepaper – Getting IT Done – Optimize the Software Selection Process for the Best Outcome – offers further guidance.

RelyComply

Given the size of the RegTech market, similarities between solutions are inevitable. Coupled with this, many financial institutions have a relatively light due diligence process that involves a product demo, pricing, and basic feature assessment. According to Bradley Elliott, CEO of single-view AML compliance platform RelyComply, this often leads to a poor assessment of whether the solution can meet their needs.

Elliott said, “Financial institutions should consider partnering with RegTech companies willing to invest time and resources in technical and operational scoping sessions. These sessions can help develop comprehensive statements of work and define proof-of-value (POV) exercises to be conducted before commencing commercial negotiations or finalising contracts. While this approach may take longer, it enables financial institutions to more fairly benchmark vendors, assessing them beyond mere face value, thereby mitigating risk and reducing the total cost of ownership.”

When going through the decision process for picking the right RegTech solution provider, Elliott encouraged firms to seek those with a proven track record of success, industry expertise and a comprehensive understanding of regulatory requirements. Other factors to be mindful of are whether the technology is agile, scalable, flexible and can integrate with existing systems. Some final points to also think about are the transparency, responsiveness, and client-centric approach of the firm. These are good indicators of a reliable partner, he said.

There are also some red flags to look out for. These include inadequate regulatory knowledge, a lack of transparency, limited scalability, and a lack of references.  “Solutions offering quick fixes or needing a comprehensive understanding of your institution’s specific compliance challenges should also be approached with scepticism”, Elliott added. “Be wary of any claims that technology, particularly AI, is a universal solution to all problems. It is advisable to avoid vendors who are not willing to invest time and effort in understanding your unique needs and conducting a proof-of-value (POV) exercise.”

In terms of advice, Elliott said, “First and foremost, clearly understand your requirements and what is important to your business from a technology, operational, and regulatory perspective.” Firms should prioritise solutions that align closely with the specific needs of the firm and are willing to demonstrate their capabilities through a proof-of-value exercise.

Firms should also look for solutions that have successful implementation in companies with similar use cases, as well as those with simple implementation, can adapt to specific business workflows and can evolve with new regulatory requirements.

ACA Group

For Leigh Emery, Managing Director at governance, risk, and compliance (GRC) solution provider ACA Group, the first step in identifying the right RegTech partner relies on wholly assessing the problem that needs to be solved. Emery said, “The first step in identifying the right RegTech partner for your firm is to fully scope the problem(s) you are intending to solve and the benefits you intend to gain through technology.”

As part of this, firms should ask whether the solution is aimed at increasing effectiveness, making cost savings or something else. While this might not seem revolutionary, Emery warned that not fully understanding the goal is a common mistake firms make when starting their diligence process, ultimately leading to the selection of the wrong partner or solution.

Once the goals have been clearly outlined, firms need to identify the providers in the market and how their strengths and weaknesses will align with the defined needs. “It is important to seek the advice of your peers and begin a thoughtful demonstration and diligence process with the identified providers.”

Emery highlighted a number of key factors to look for in a RegTech solution provider. The first of these is a demonstrated expertise, and features that meet a firm’s needs. Questions to ask are whether the provider understands the regulatory and jurisdiction-specific nuances needed for the compliance program. “Providers without extensive experience in the regulatory landscape may not understand specific roadblocks or challenges within the technology space, which may limit efficacy.” A perfect time to look for their expertise is during the demo stage. Does it highlight their expertise and are they comfortable responding to firm-specific questions or challenges during this stage.

Another important aspect to be mindful of is whether the platform will be able to deliver, innovate and evolve in line with needs. Key questions to ask for this are what the onboarding and migration support from existing systems is, what ongoing customer success, training and technical support is offered and are there any geographical locations/time zone considerations. Emery also urged firms to examine the RegTech platform’s roadmap, is it transparent, does it align with the firm’s own direction, does it anticipate regulatory shifts, and does it show a desire to innovate with emerging technology.

Given the sensitive nature of data handled by compliance teams, security practices should also feature in the decision process. Emery advised firms to consider the information and cybersecurity practices of the vendor. For instance, do they conduct SOC1/SOC2 audits, risk assessments, penetration testing, do they have secure coding practices and manage supply chain risk. If there is an incident, what is their resiliency model for business continuity and disaster recovery, do they have cyber insurance, and can they respond to breaches? While these might not seem as important as product features, they can go a long way for giving peace of mind and protecting a firm from serious and costly breaches.

One final area to assess is the size and reputation of the firm. In terms of the reputation, ask for references or ask industry peers for their experiences. As for size, Emery said, “There are pros and cons to providers of all sizes, so it’s important to find one that fits your needs in a partnership. Smaller vendors may be nimbler in nature and more willing to make customizations or requested product enhancements based on your needs, but may not have an established delivery track record. Larger providers have the organizational strength to better support you at scale, but generally have a much more set roadmap.”

Finding the perfect solution is a long and tough process. What can make things harder is when a provider meets most of the requirements, but not all of them. In this situation, Emery suggests considering whether and how long that gap in capabilities would be manageable. “Be agile in your thinking, but also inquire about the availability of those features – are they on the roadmap? If so, what’s the timeline? Are they willing to commit to delivery in writing?

“Critical features you require should already exist, as opposed to being a roadmap item, but be agile where possible. While no solution is perfect, you should assess your ability to be iterative in your adoption and participate in expanding the functionality over time – but be sure the provider has the ability and willingness to do so.”

Similarly, if the provider has the features, but they are small, decision makers should consider whether the company will have enough resources to ensure success and are they able to scale their services as demand increases.

Munimos

The starting point for identifying the right RegTech partner is assessing the specific regulatory compliance needs, including the current pain points and future requirements. That is according to Remonda Kirketerp-Møller, founder and CEO at client onboarding technology developer Muinmos. Kirketerp-Møller noted that by starting here, firms can already narrow down the list of RegTech providers that specialise in addressing those specific challenges. Following this, firms should review market research to spot the RegTech companies with a proven track record in the financial industry.

Once the shortlist has been created, firms should evaluate technological innovation and scalability. Kirketerp-Møller said, “The ideal RegTech partner should not only offer innovative solutions that address current compliance issues but also demonstrate scalability to adapt to future regulatory changes and business growth.

So, what are the key factors to look out for? Kirketerp-Møller believes a deep understanding of the regulatory environment and experience in handling compliance for similar institutions are essential. “This expertise ensures that the RegTech solution can effectively navigate the complexities of the regulatory landscape.”

Some other key factors are the ability to seamlessly integrate with existing systems without causing disruptions is crucial, and the customisability of the solution to meet the specific needs of the firm.

One final factor is the security and data protection. “Given the sensitive nature of compliance data, robust security measures and data protection are non-negotiable. Ensure the RegTech provider adheres to the highest standards of data security and privacy.”

As for the red flags, Kirketerp-Møller pointed to three major warning signs. The first of these is a lack of industry-specific expertise. For instance, if a RegTech provider lacks experience in the specific segment of the financial industry, it could be difficult to fully understand and address the firm’s compliance challenges.

Another factor to be cautious of are solutions that lack configuration. “Flexibility and adaptability are key in a rapidly changing regulatory environment,” Kirketerp-Møller said. The final red flag is poor customer support. Whether it is inadequate support or slow response times, these can impact the compliance team’s ability to respond swiftly to compliance issues.

When making the decision, Kirketerp-Møller offered three bits of advice. The first of these was to consider the total cost of ownership. This means looking beyond the initial purchase price and considering other ownership costs, such as implementation, training, maintenance, and any necessary upgrades over time.

The next point of advice was to request demonstrations. Prior to making the final decision, a firm should request a live demonstration as this hands-on experience will give valuable insights on how the solution will meet the needs of the firm.

The final point was to look for a collaborative partnership. “The best RegTech relationships are collaborative. Look for a partner interested in understanding your business deeply and committed to evolving with you over time.”

Eventus

Katy Pritchard, Senior Director, Marketing at enterprise trade surveillance provider Eventus, believes financial institutions should look for RegTech providers with a proven track record. Other important factors are firms with a strong focus on innovation and a robust understanding of regulatory challenges across markets and asset classes.

Pritchard added, “Regulators and technology evolve, so your technology partners should support your effort to keep pace and even stay ahead of this evolution. Technology partners in RegTech should offer adaptable and scalable solutions tailored to your risk assessment and designed to mitigate pain points faced by legacy systems.”

Pritchard offered specific advice for firms looking to find a trade surveillance platform. With regulators escalating their enforcement of trade surveillance regulations, a key element to seek in a RegTech provider is their automation capabilities. Pritchard said, “Find a partner that can automate tasks traditionally wasted by analysts on noise. A recent industry survey indicated that 90% of alerts generated by legacy systems are false positives. Analysts should be focused on actionable alerts and mitigating risk.”

Another important factor is finding a solution that is flexible. Pritchard noted that the surveillance solution should not force compliance teams to use rigid frameworks. As such, firms should ask whether they can clone procedures with user-adjustable parameters by asset class, account or aggregation unit, can they tailor the surveillance procedures quickly and can they use dynamic parameters for behavioural analysis.

The next factor to be mindful of is the service offering. Pritchard urged firms to find a partner and not just pick a solution so they can tick a box. “Ideally, your technology partner has a team of veteran compliance officers and surveillance heads with the experience and expertise to support you on your journey. They feel your pain, they have done the job, and they understand the daily challenges you face.”

Finally, Pritchard encouraged firms to find a partner that is focused on innovation. This means picking a partner that is continually developing and innovating as the regulatory requirements evolve, as well as client needs.

Moving to the red flags, the surveillance technology partner should demonstrate they understand the business needs from the outset. This includes a relevant implementation and service plan.

As for advice on picking a partner, Pritchard said, “Updating legacy technology in a regulated environment is difficult and comes with its challenges. While legacy systems may offer comfort in familiarity i.e., the “don’t fix it if it’s not broken” mentality, there are serious hidden risks and costs to this outdated approach.

“The “fatigue” from thousands of false positives, constant re-calibration, and stress on human and financial resources is real.  To achieve measurable progress, firms need to take the first step by prioritising progress over comfort. Don’t overlook the potential for substantial long-term savings and operational efficiencies. More importantly, we have found that firms transitioning away from legacy systems detect long-hidden operational risks with their data that are hard to detect until you go through such an exercise.