EBA EU RegTech analysis: the good, the bad and the ugly

The European Banking Authority (EBA) has published its analysis of RegTech in the EU Financial Sector. The report provides a deep-dive into the five prominent areas of RegTech solutions: anti-money laundering, fraud, prudential reporting, ICT security and creditworthiness assessment, with a view to understand the benefits, challenges and risks presented by RegTech solutions for both providers and financial institutions (FIs).

The report draws on information collected from a variety of industry surveys, interviews, and workshops and explores regulatory technology from the perspective of providers, the FIs that use it, and financial regulators. We dissected the 81 page report to weed out the key findings.

The benefits of RegTech depend on who you’re asking

The EBA’s report found that financial institutions who have deployed RegTech solutions highlight three key benefits of RegTech:

1. Enhanced risk management
2. Better monitoring and sampling capabilities
3. Reduced human error

Further down the list, but still prominent, are benefits such as the enhancement of systems and data integration, as well as the ability to free up professionals to focus on higher value tasks.

Interestingly, the perceived benefits of RegTech were found to be different depending on whether the question was asked of a RegTech provider or an FI. The EBA’s report suggests that this lack of consistency across provider and user could actually be a hurdle in discussions about the adoption of RegTech solutions.

In some cases, RegTech providers are touting benefits and solutions that do not match with the priorities of the FIs that they are pitching to. In such instances, FIs fail to recognise solutions within the technology, not because the solution doesn’t exist, but because the alignment of priorities is out of sync. The cost of RegTech is one such example; it is a pain point that RegTech providers prioritise and speak to but is actually considered a low priority by FIs.

The solution to this, the report suggests, is closer cooperation between RegTech providers and the FIs that will be using them. This would inevitably lead to better awareness of the actual pain points that FIs experience, which in turn would lead to more accurate and targeted solutions, with greater advantages.

RegTech spend is low, despite cost being low priority

The notion that the cost of RegTech solutions is a low-priority for financial institutions may suggest that their compliance or IT departments have deep pockets or are achieving RegTech buy-in from the board. The EBA’s report finds that the spend on RegTech solutions when viewed as part of the overall IT budget is low, falling below 20% of overall spend. Perhaps then the reason that cost is a low priority, is because the cost of RegTech is relatively low when compared to overall budget spend.

This is not true across the board, however, with the EBA highlighting some instances where financial institutions do have a “significant reliance” on RegTech, with RegTech spend accounting for up to 40%-60% of their IT budget. The EBA found few instances of RegTech solutions exceeding 60% of total IT spend.

Do you get what you pay for?

So, is the solution worth the spend? According to the EBA’s report, yes.

The level of recorded satisfaction in terms of value-add for RegTech is high, with 10% reporting that they are “very satisfied” and 60% stating that they are “satisfied” with the realised benefits of RegTech.

FIs have historically debated whether to buy RegTech solutions, or to build them in house. In terms of satisfaction levels, there was little difference between those who used external solutions versus those opting for internal builds. Overall, satisfaction with external RegTech software ranked slightly higher.

What’s stopping FIs from implementing RegTech solutions?

RegTech may reap rewards, be cost effective and deliver on its promises, but it continues to be ‘new technology’ rather than a mainstream tool to manage compliance. The reason for this could lie in the barriers that prevent RegTech from being a simple ‘plug and play’. When surveyed, FIs highlighted 6 main challenges faced when adopting RegTech:

1. Data-related challenges and cybersecurity threats
2. Interoperability and integration with existing legacy systems
3. Changes to regulation
4. Cost and procurement process
5. Lack of necessary skills and training
6. Perceived immaturity of RegTech providers solutions

It is interesting to see that five of these six challenges are internal challenges, based on perception or internal hurdles, rather than blockers from the RegTech providers themselves. The EBA is quick to note this, and suggests it is “primarily for these companies to take further action aimed at removing barriers” in order to break down the barriers to RegTech adoption.

RegTech risks centre around a lack of skills and tools

RegTech, as with any new technology, is not without risks. This is especially true of RegTech that is not implemented or utilised properly. The EBA’s report highlights compliance, concentration, business continuity and internal governance as some of the key RegTech risks.

Strikingly, the EBA report highlights that RegTech especially poses risks for regulators, as they may lack the “skills and tools” needed to adequately supervise the use and success of businesses using RegTech. For instance, a regulator that is unable to effectively utilise algorithms in its own activities may lack the understanding to supervise algorithms within the FIs it regulates. This is not true across the board, especially given the UK FCA’s recent Market Watch that explicitly set out how it is using internal algorithms in its regulatory activity.  

CUBE comment

EBA’s RegTech report shines a revelatory light on the RegTech market. It is not the first report exploring RegTech, nor will it be the last, but it does offer some valuable insights for financial institutions and RegTech providers alike… and could certainly be positioned as RegTech sales guide (what are customers really interested in).

What I found most interesting, however, is a point that was not explored in detail, but resonates across the length and breadth of financial services and regulation. It is the point that a “lack of common regulatory standards could pose barriers for wider market adoption of RegTech across the single market.”

Once again, a “lack of regulatory standards” rears its ugly head. This lack of standards is not unique to the uptake of RegTech. We saw recently from a speech by SEC Commissioner Elad Roisman that a lack of regulatory standards was cited as a barrier to ESG disclosure rules. We have also seen a lack of regulatory standards used as a reason why emerging, global technology such as crypto poses so many challenges.

This ‘lack of regulatory standards’ speaks to something bigger, a lack of collaboration across borders and industry. This isn’t a new idea, as far back as 2019 the Monetary Authority of Singapore’s Managing Director, Ravi Menon, said that countries must “learn from one another’s experience” if they are to succeed in the implementation of new technologies. The same can be said of financial regulations; compliance with global regulations will only be truly successful when regulatory standards are achieved.