Pay now or pay later: Regtechs make play to spare banks steep fines

The purchasing power of the money financial services firms spend on regulatory fines can be difficult to conceptualize. So it can be useful to express the figures in more practical terms. For instance, a gallon of gas in California costs around $5, while the median price of a house sold in Q4 of 2022 was $467,700. So, the $17 million fine imposed in February by the US Securities and Exchange Commission (SEC) on the Options Clearing Corp. (OCC) for failing to pass its stress testing and clearing fund methodology rule between October 2019 and May 2021, equates to buying 36 houses or 3.4 million gallons of gas—that’s enough to drive around the globe more than 3,400 times.

Then there was the $1.1 billion in fines that Goldman Sachs, Citi, Bank of America, Morgan Stanley, and others were made to pay in penalties last year for their failure to monitor employees using unauthorized messaging apps such as WhatsApp and Telegram. That amount of money would buy 2,351 houses or 220 million gallons of gas—enough to drive to the moon and back … 460 times.

Putting steep fines like these into context shows the real costs to financial services firms that breach compliance regulations. The SEC recovered its highest recorded sum of monetary penalties in the 2022 fiscal year, for a combined total of $6.4 billion, of which civil penalties constituted $4.2 billion.

The tightening of regulatory rules and the more stringent punishments for breaking these rules are indicative of a sea change in the SEC’s strategy. In a press release detailing the SEC’s record penalty recovery, Gurbir Grewal, director of the division of enforcement, said there was no expectation to break new records each year, but there was a belief that behaviors would change, and compliance would be expected.

The focus on risk and compliance has sharpened in recent weeks because of the notable failures of Silicon Valley Bank (SVB) and Signature Bank, and the collapse and subsequent sale to UBS of Credit Suisse. A report released this week by compliance technology and data analytics firm SteelEye found that 76% of financial services firms have increased compliance expenditure over the past year. And 38% of firms surveyed stated that they have invested in technology to help reduce manual and analog workloads.

“I can tell you exactly what I see,” says SteelEye CEO Matt Smith. “It’s not the SVBs or the [failed cryptocurrency exchange] FTXs that are driving increased spend. Fines like the WhatsApp case wake people up to the need to invest in technologies. In the past, people relied on policy. If the policy says you can’t use WhatsApp, then it’s not good enough if people are using it, right?”

Smith says there are two approaches a company can take to investing in compliance: hiring compliance professionals or working with regtechs. While he says the overall increase in spend on compliance will be on compliance professionals, those who invest in regtech solutions are seeing lower costs as a result.

“More importantly, I think an increase in spend in regtech is going to lead to a decrease in spend in compliance as a whole,” he says, though it should be noted that he obviously has a horse in this race. “I think it will be interesting in the 2024 surveillance survey. We can ask, ‘Do you think that the increased expenditure you saw in 2022/2023 led to a net decrease in expenditure in 2024?’ My guess is the answer will be yes.”

The regtech difference

John “Ogie” Sheehy founded regtech company ViClarity in the midst of the financial crisis. A trained physicist, he left college to work for large computing companies such as Hewlett-Packard, IBM and Dell. In 2008, he decided to leave his well-paid job and “pursue the life of an entrepreneur.”

Two major factors drove Sheehy to take the leap. The first was that he felt he could create a solution to in-house problems that could be produced and implemented quickly, cheaply and simply. He felt that the risk and compliance side of the business, even in some of the biggest corporations, never got the attention other departments did.

I just went, ‘There’s got to be a better way. We are the biggest technology firm in the world and we’re solving a global issue with an Excel spreadsheet.

John Sheehy, ViClarity

The second factor was that Sheehy had worked for IBM around the time the Sarbanes–Oxley Act was passed and had seen firsthand the inefficient ways that companies were handling employees’ physical access and systems access to remain compliant with regulations.

“I always remember that at IBM we strapped up this huge Excel spreadsheet and we’d put all the staff members’ names in and we had this matrix of where they worked and what access they had into the building and whether they could get into the manufacturing floor or just the office,” says Sheehy. “I just went, ‘There’s got to be a better way. We are the biggest technology firm in the world and we’re solving a global issue with an Excel spreadsheet.’”

After leaving his native Ireland’s branch of Dell, Sheehy pitched his idea to smaller Irish firms and found that he was able to address a lot of concerns around the general lack of transparency and lack of accountability in the Irish Credit Union Market. ViClarity, which has now expanded out of Ireland to the US and the rest of the world, was molded by the tumult of the 2007–2008 financial crisis as Sheehy realized that firms needed not only compliance management, but risk and vendor management, too.

Risky Business

Regtech software is often incredibly useful for in-house compliance teams, especially when regulators like the SEC and the UK Financial Conduct Authority (FCA) are increasingly vigilant in making examples of rule-breakers. These teams have traditionally been overlooked when it comes to resource allocation, which increases both the pressure on the department to meet regulation requests as well as the likelihood of possible mistakes that can affect the whole company.

David Rowland, CTO of StarCompliance, a regtech company focusing on employee compliance, spent 19 years at Morgan Stanley before taking on his current role. Having been on the other side of the table when making buying decisions around third-party software, he says making a bigger investment in technology is the correct way to go.

“Generally speaking, compliance departments are less well-funded than the revenue-generating areas of a financial services firm,” he says. “I think compliance departments do tend to be lower priority in terms of where a firm spends its IT budget. To a certain extent, firms are surviving or are trying to survive with less technology and less automation in these areas. That’s an unsustainable model; you can’t just keep throwing people at compliance processes.”

Rowland predicts that as regulations become more robust and increase in variety, financial services firms that do not currently have a technology partner offsetting some of the workload are going to have a harder time meeting their compliance burdens compared to those that do.

StarCompliance, specifically, has placed great emphasis on big data as the forefront of its SaaS offering. The software is hosted on the cloud, and to make it easier to use, customers have no technology involvement in terms of support and maintenance. Because of its modular format, built on original proprietary code, the software can be used as a plug-and-play application.

Rowland says StarCompliance’s modular framework and customizability, coupled with the bespoke changes the company makes while working with customers, are key elements behind its popularity. Much like ViClarity, StarCompliance’s offering of fusing regtech with risk tech makes it appealing to beleaguered compliance teams.

StarCompliance’s head of business development Steve Brown shares this belief. Brown started his career in 1995 working in compliance at Wachovia, and says the 2007–2008 financial crisis spurred banks to automate their reporting and regulatory systems to reduce regulatory fines at a time when these institutions were hemorrhaging staff. He notes that companies like Bank of America, JP Morgan and Wells Fargo have “thrown a lot of resources and money” at improving their regtech capabilities. At face value, that’s good. But there is a danger that lurks in the shadows.

Brown says the problem has become unnecessary redundancy—too many people and systems doing the same thing. Essentially, the pendulum has swung too far in the other direction since the financial crisis, and is now creating inefficiencies.

Despite the recent collapses of SVB, Signature Bank and Credit Suisse, Brown doesn’t think it was a case of those institutions being underfunded. Rather, he says, they were examples of poor risk management.

“Credit Suisse were sort of like the Swiss Wells Fargo, in that they just have problem after problem,” Brown says. “SVB was an instance where they didn’t have a chief risk officer for eight months.” While there may be too many cooks in the kitchen, these companies also don’t have the right risk infrastructure. And therein is Brown’s key point: Regtech needs to be delivered in conjunction with risk tech.

Change for change

The proliferation of regtech companies since the financial crisis 15 years ago, coupled with the ready adoption of their software by financial services, is indicative of a changing trend in compliance monitoring.

In a report looking at know-your-customer (KYC) attitudes around the world, Moody’s Analytics found that companies’ approaches to compliance measures often fell into one of two camps—more traditional firms that see compliance as a cost they need to bear, and those that are part of “a new set of forward-thinking organizations that are treating compliance in a much more positive way,” and recognize that compliance is a firm’s first touchpoint with any new customer, says Keith Berry, general manager in charge of KYC solutions at Moody’s Analytics.

If you’re using all this great new tech with things like cloud and APIs and things like that, you still need people that know how to deal with that internally. And a lot of those people aren’t available. They’re expensive

Audrey Blater, senior analyst at Coalition Greenwich

After seeing how specialized and modular regtechs are, it would be easy to assume that all financial services firms should begin investing in tools and services as soon as possible. This assumption is largely in line with the data available: A report released this week by research firm Coalition Greenwich shows that investments in regtech have increased steadily by 20% each year since 2020, and that 72% of study respondents believe technology spending will continue to increase in 2023.

However, firms that want to invest in regtech do still face barriers to entry. The report, entitled The Future of Trade Surveillance, notes that 60% of buy- and sell-side firms surveyed feel that the setup costs of using a regtech are prohibitively expensive.

Audrey Blater, senior analyst at Coalition Greenwich, points to shifts in staffing trends that have driven up costs for financial services firms keen to employ regtech capabilities. She notes that the ongoing Great Resignation hurt these firms a great deal, as the people in lower- to middle-management roles “started disappearing left and right,” forcing firms to use technology to automate the lost jobs.

“The technology staffing is a problem too,” Blater says. “If you’re using all this great new tech with things like cloud and APIs and things like that, you still need people that know how to deal with that internally. And a lot of those people aren’t available. They’re expensive.”

While regtechs are aiding some financial services firms with their compliance measures, firms that can’t afford the costs face inefficiencies, as well as reputational and other types of risk, Blater says.

This leaves firms with limited budgets between a rock and a hard place: They can either face the potential of steep compliance fines, or invest in costly regtech. The latter maybe be the less expensive option in the long run, as a compliance mistake could end up costing the same as enough gas to drive to the moon.