Whether facing a pause or a reset, RegTech could come out of the pandemic changed.
By Evan Thorpe
RegTech could be the biggest small category in FinTech.
Those examining the many market maps drawn-up for the vertical may notice that these visuals are quite segmented. This stands to reason since the companies in this space address extremely specific use cases and RegTech startups and scaleups generally tend to occupy very narrow vertically-defined domains. The advent of COVID-19, however, could act as a catalyst for financial and government institutional behavior which could in turn lead to a sub-category reorganization. We ask: amid shifting priorities of the institutions that RegTech startups seek to serve, how might the pandemic influence the way these players choose to position themselves in the market?
In line with our analysis in previous posts to examine the categories we invest in amid the COVID-19 pandemic, we developed a common framework of five force factors to compare the trends in these categories and narrow-in on a number of plotlines, chart their potential direction, and pose meaningful questions as we form views as an investment team.
Startups and scale-ups situated at the intersection where technology meets the regulation & supervision of financial services are numerous and they vary widely. The vertically oriented nature of the subcategories within RegTech (i.e., markets surveillance, conduct, KYC/AML, filings, document management, etc.) is complex enough but is further compounded by:
1) the proliferation of regime-specific or country-specific legal or regulatory mandates related to financial services regulation, corporate governance, the legal industry, etc. In recent years, the founders and teams building these companies and the solutions that they sell have trended towards smaller and smaller sub-branches.
2) the fact that these sub-categories are quite niche to begin with even before one gets into the matrix of technologies (NLP, ML/AI, cloud computing, data security, etc) that these startups leverage in various ratios when addressing the problems they are attempting to solve in their respective sub-domains.
As a result, the permutations of these companies combine along the variables listed above evoking such examples as: “blockchain-based customer onboarding solutions for Western Europe,” for instance, or “AI-enabled supervisory solutions for SEC-regulated entities.”
The sprawling taxonomy of RegTech today paints a highly segmented market map. In some cases, some of these companies may even be narrowed down to a sub-category-of-one. But the vertical could be flipped and RegTech could become more horizontal than ever before.
Hit from Both Sides
The hordes of RegTech startups taking a crack at solving logistical headaches felt by institutions are united by a couple of things:
First: their histories are products of the co-mingled narratives of institutional change and regulatory iteration over the past decade and prior. Second: these players (RegTech startups and financial institutions, alike) are all impacted by the same ramifications of the COVID-19 pandemic to governments, regulators, and supervisory bodies, as well as those which reach the individual supervised persons and companies regulated by those bodies.
This ‘double-whammy’ of forces coming from both the internal financial institution side and from the external regulatory & supervisory side opens the door to the possibility of a re-orientation of the RegTech space.
The upshot: individual players may select to reposition themselves in the months ahead and the category may find itself re-invented as these players find ways to evolve. Below, we will explore how the COVID-19 pandemic shapes to this.
Ramifications from 5 post-COVID forces: Dispersal, Inertia, Digital Volume, Segmentation, Survival
Dispersal: Challenge for Institutions; Opportunity for their Suppliers and Regulators
Post-COVID, financial institutions will stretch both human and information capital further into the off-premises world. Although there is currently still some debate within and among financial institutions as to how a return to in-person work can take place, from the viewpoint of many of an institution’s employees there is an increasing comfort with operating at a distance. But will regulators’ comfort in working at a distance with these supervised persons and regulated entities have changed, as well?
For the institution’s tech stack, this means another large step towards diversification of institutional functions addressable to the cloud. Some of this progression will be by design and some out of accelerated necessity.
On the supplier side: large technology companies offering cloud computing capabilities will have an opportunity to guide the way in helping institutions to navigate this dispersal of distributed resources and assets. How those go-to-market overtures are received by the would-be buyers will depend on the infrastructural, economical, and the internal political climate within those firms. And we all know that these vary greatly (but more on that, later).
On the regulator side: the ratio of onsite vs offsite supervision imposed by regulators on their supervised entities will likely change shape. This may mean an opportunity to improve offsite supervision (and the tech to support it) has opened up in ways never seen before in recent time.
Whether regulators capitalize on this on their own or if they do so with the help of RegTech companies could be a compelling plotline to watch, especially if technology is utilized as the principal enabler of “off-prem” supervision.
Inertia: Creativity and Necessity for Progress through POCs & Partnerships
Proofs-of-Concept and partnerships forged between institutions and start-ups are starting to move forward again but they risk starting from a standstill. Perhaps even more consequential than the cold starts that individual projects face is the inertia experienced by digital transformation as a subject, overall, as the digital revolution matures beyond its initial hype.
Digital transformation is forced to ‘grow-up’ and institutions and start-ups alike that are confronted with the sobering prospects of an economic downturn will have an exceptionally low tolerance for tech-for-tech’s sake at institutions.
With that digital transformation agenda being re-framed for a post-COVID world, momentum will slow and many signed POCs that were temporarily halted amid lockdowns will pick back up again with players struggling to remember why they got into them in the first place. On the other hand, companies and institutions may not have time, however, to wait and will need to generate what momentum they can. Luckily, they may not have to attempt this on their own.
One work-around for institutions and their start-up counterparts to consider could be to use a partner (existing tech channel partners already under contract, or consultants) as a wedge.
Another tactic: lean into a different use cases, provided the tech is fit for purpose across multiple pockets of the business. Issue owners on the institution side may then reach above multiple vertical siloes will be looking for efficiencies to bolster a potential sale by building a broader consensus.
Even amid a budget freeze, it may turn out that some use-cases are ultimately more frozen than others and POCs possessing the requisite extensibility may have an opportunity to implement in the subset of use-cases that thaw quicker.
Digital Volume: Could Risk-Native Offerings be Features rather than Products?
As incumbents and new entrants into financial services know very well, scrutiny for customer protection increases every time digital footprint expands. There is a sizeable opportunity here for cloud-enabled experimentation and the regulatory and security infrastructure to support it, especially now that cloud is increasingly less of an experiment in and of itself.
With cloud infrastructure providers looking to bake regulatory features into their offerings[1], we see the possibility of regulatory surety positioned as a feature of a broader offering, rather than as a product, there by contributing to the horizontal-ization of RegTech.
A key manifestation of this is visible in offshoring. Offshoring will continue to increase, on aggregate, but offshoring across divergent regulatory regimes risks tech-induced malfeasance. Can institutions share data across these lengthened supply chains in a compliant manner? How will they view and authenticate it and how will they be able to authenticate it in an offshore location if those bodies or individuals are not statutorily permitted/certified to?
This is the domain of baked-in features to infrastructure offerings rather than stand-alone products. Companies that can help institutions verify information and confirm information verity, provenance, and governance across these physical and regulatory distances will find opportunity though they will need to embed themselves into larger stacks rather than bolt themselves on and they will carefully consider their insertion points into the institutional stack.
Segmentation: Hastening the Shift from Vertically to Horizontally Oriented RegTech:
RegTech solutions have long pitched on a vertical domain-specific basis: KYC solutions for KYC teams; market surveillance solutions for market surveillance and conduct functions, etc. The playbook stands to reason: solve a narrow problem that you –as a team- understand very well and package it into a lightweight offering that does not involve a large-scale rip-and-replace. The segmentation of institutional value chains, however, may give start-ups and institutions, alike, pause to re-consider this gameplan.
It goes without saying that institutions have legal, regulatory and compliance staff in various structures and sizes. It cannot be underscored enough that the size and shape of these teams and formats do not move in-step with one another: some have over-hired, whereas others have found that they are already at the point of having over-fired. As alluded to earlier, these organizations have not moved as a block in their policies towards returning to work, either.
In the absence of a complete re-normalization of sizes and structures across financial services firms, observers can likely count on a very heterogenous mix of people and technology from firm to firm. What does not vary, however, is a burden shared by all institutions stemming from COVID-19: dispersal of resources amid increasing digital volume.
Processes will be more decentralized, and tech may be counted upon to bridge that gap. Stack segmentation and data segmentation may be the first ramifications from this: data segmentation or segregation posing a risk to efficiency but perhaps an understandable risk, nonetheless.
RegTech and FinTech companies will pitch, as they have in years previous, for improved efficiency and security through automation and process re-engineering in compliance. Institutions will be applying heavy filters to sift through the volume of noise in what has become a crowded space.
It may be attractive for technology providers facing these institutions to position themselves as horizontal offerings. This does not mean they abandon their domain-expertise or try to be all things to all people, but perhaps instead double-down on architecting extensibility.
Startup teams can do this by demonstrating that the capabilities of their platform are applicable to multiple functions and verticals across a more segmented chain: an extremely specific value-add that is also extensible to multiple other functions, even where they are owned by others in the org chart.
Horizontally-oriented offerings aimed at security, surveillance, training, etc. could very well become the new core competencies of leading RegTech companies. Will it be too much of a stretch, however, for companies to extend their stack during a time when startup runway is at a premium and engineering teams are already over-extended? This may be a sobering rejoinder to an attractive opportunity.
Survival: Widespread crises can be opportunities for start-ups and incumbents, alike to reinvent themselves. Amid the many temptations to exercise this “free-pass” to pivot, firms will pause to weigh the short-term prospects against medium-term opportunities.
A popular tactic in RegTech business development is to rise above a more distributed compliance agenda: doubling-down on enabling issue owners at a high level.
This is the thread of extensibility of offering at a level above siloes. Fewer POCs, but more use-cases could become the trend.
Some firms will do a better job than others building-out extensible horizontal capabilities. It is one thing to paint a picture of cross-silo relevance, it is another to be able to support it. Voices in the RegTech community are indeed increasingly encouraging start-ups to think beyond their “tunnel of focus.”[2]
Providers that can deliver speed will apply themselves to the use-cases that demand performant speed. Providers that are content agnostic will have to think carefully about content partners for market data, training content, etc. In that short term, we expect an increasing volume of these capabilities to extend horizontally.
Opportunity vs Vulnerability in a Post-Pandemic Context
The graph below compares at a high level how we observe a selection of RegTech sub-categories experiencing both opportunity (x-axis) and as well as vulnerability (y-axis) amid the COVID-19 pandemic; the size of each sub-category’s circle indicates the greater (or lesser) potential capacity that players (including startups) in this space possess in capitalizing on or the opportunities presented. In short: which sub-categories could be primed for big shifts?
Startups May be Better Positioned if they Consider the Following Options:
Be the best of both worlds? From an infrastructure standpoint, if startups are focused and lightweight (already table-stakes) while also proving that they are extensible to different pockets for the business, they will be in a good position to capitalize on the inertia institutions are feeling once they move beyond the COVID-19 pandemic. Increasing segmentation will mean that niche providers will have the opportunity to double-down on the horizontally-oriented core competencies referenced earlier.
…But do not be afraid to make trade-offs: the disconnect between issue owner and working-level teams means that, unfortunately, segmentation of the value chain leads to several ‘good enough’ propositions will get attention simply because they cater to very narrow use-cases. This is not the same as domain expertise.
One way for founders to look at it: don’t take the bait to be all things to all people: have the capability for extensibility, and be nimble, but select your first use case wisely to start off on the right foot. (Though if in survival mode, don’t be choosy and just go with it).
RegTech Sub-Category Impact: Fraud and SupTech at Important Junctures; Who Will Step Up?
The re-orientation of RegTech start-ups and scaleups could take the form of their being more horizontal and less vertical. It is more about what they do and enable (horizontally applicability, tech-based extensibility) vs. who they serve (verticals are more heterogenous and segmented from institution to institution).
The tech stacks these startups and scaleups have developed are grounded in technical competencies each of which, to a greater or lesser degree, can be extended from one use case to another: authentication, analysis (data science, AI/ML and AutoML), data structuring/ modeling, automation (OCR, RPA), etc.
Opportunity opens for more horizontally-applicable technologies that overlay multiple verticals within a financial institution: cybersecurity risk infrastructure, digital training solutions, and process automation technology, chief among them.
This re-positioning may not require a change in technology but would influence thinking around how they fit in the value chain in the following ways:
· Products or utilities that permit regulatory decision introspection (think: audit that can be understood by personnel and machines) could become a necessity for all RegTech propositions. Those that can support that visibility and clarity would stand to benefit. The question for supervisory bodies: to what degree will they prescribe what constitutes visibility as defined specifically by the nature of their own SupTech stacks?
· Financial institutions may find it favorable to build-in regulatory or policy-driven parameters into their various systems in a way that can support different logics and schemas as they are iterated. The question for start-ups and incumbents, together: can their schemas be re-iterated nimbly?
· Build-vs-buy for regulator stacks is still a challenging equation. In either case, supervisory bodies and the SupTech stacks they roll-out may play a larger role in setting a standard for expectations for the parameters for and possibility even the level of quality for banking/insurance institution-facing propositions.
· Anti-fraud continues as a theme (both from the market-driven perspective and statutory-driven side) which requires niche capabilities. Start-ups and incumbents, alike, are asking the question: should we build solutions to manage operational risk with our own anti-fraud capabilities or is there a trusted third party with which we should consider integrating in order to manage this alongside us, as a partner?
· Visualization or decision introspection capability are currently components of automation technology. But could visualization develop as a as yet another horizontal capability and, as such, will specialist third parties provide these capabilities externally?
It will be exciting times ahead as lockdowns may begin to ease and parties –regulators, institutions, startups, scaleups, etc.- re-engage, perhaps with a different orientation from where they started, pre-COVID.
Other articles in this series:
Series Header: Impact of COVID-19 on the Areas in which we Invest
[1] McKinnon, Iolaire. From Tollgates to Guardrails: Delivering a Comprehensive, Continuous Compliance Regime on the Cloud. 2020
[2] Parades, Diana. SFF Green Shoots Series: Has COVID-19 led to an increase in RegTech demand? 2020
Photo by Pawel Czerwinski on Unsplash