Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Has Regtech failed fintech?

Regtech is being touted as the next big thing after Fintech, and the basis for this is clear. Fintech is the paradigm that is supercharging financial services, so it follows there needs to be a corresponding increase in the ability to control, regulate and monitor such new systems and organisations. Regtech is simply a technology enabler for Fintech in the compliance and monitoring space. Without the technology advances of Regtech, the growth of Fintech will be severely limited, so it is natural that it will be the next area to get some focus from industry.

There is a key difference though between Fintech and Regtech. Where Fintech has seen a large number of start-ups and SMEs joining the sector, regulation and compliance systems have often been the preserve of larger enterprises. This is because most suppliers assume compliance to be an enterprise activity, but with the number of start-ups and SMEs, this has to be recognised as a growing and important market. In the UK alone, since 2005, over 60% of entrants to the financial services industry were new players and these are taking increasing levels of revenue from traditional banks [1]. Many of these entrants will be small. Overall, SMEs now account for over 50% of private sector turnover [2] so there is significant market size.

Let’s look at where Regtech needs to develop to support the SME Fintech market and in which areas SMEs should look for their own biggest Regtech gains.

Gavin Scruby
Gavin Scruby

The current situation – where the market is focused on enterprises – is not unusual. Most complex IT systems are made for the enterprise market first. SmartDebit is a Fintech payments SME that competes with enterprise suppliers, so we need functional equivalence on core IT such as resilience, monitoring, identity and privilege management. To achieve this, we have to operate as an enterprise – with the exception of our size. However, we have found it difficult to find enterprise-equivalent systems that are priced and aimed at the SME market, and we see the same with Regtech. Often such systems have minimum user number pricing which is far above SME requirements, but it’s not about price alone. SME products need to be operable without specialist skills or significant ongoing work. Even cash-rich SMEs have a limited pool of talent and are always time poor: they can’t afford to hire too many specialists who do not add to the bottom line. As such, systems that abstract complexity or reduce effort are essential to be practical.

Part of the reason for this gap in the market is that such systems were only of interest to enterprises in the past; SMEs just didn’t bother with them. This is changing. There are two drivers now that increase the enterprise-like requirements of SMEs. The first is that regulation and compliance are becoming increasingly required for smaller organisations. Due to the demands of GDPR and need for visible and demonstrable information security policies, security accreditations and quality standards, many companies are finding much more detailed regulatory work is needed than in the past. Secondly, SMEs are increasingly targeting enterprises as customers, and once they have scalable systems (which the public cloud can provide almost out-of-the-box), the only impediment is sufficient compliance and regulation to satisfy customer compliance teams. This is causing a significant demand in compliance and Regtech from ambitious SMEs since it allows them to compete on an even footing with larger players.

So, what areas of Regtech should be of interest to SMEs? Essentially, they need systems that provide core parity with enterprises and don’t require too much expertise or resource to implement and run. At a minimum this will require automation of policies and controls for standards such as ISO27001/ISO27002 for Information Security, ISO9001 for Quality Management and, specifically for Fintech in the UK, anything that simplifies FCA compliance. SMEs need systems that can automatically map processes to policies in order to measure coverage and integrate control test results, and in a format that provides evidence to external auditors. This all needs to be done with minimal effort or specialist expertise from internal staff. Turn-key and automated solutions are not an initial priority for Regtech suppliers as enterprise buyers have resources and expertise that make such development investment less urgent, but this is what is needed to make SME implementation practical.

Suitable systems have been so hard to find that we have been investigating how to use off-the-shelf AI to better automate our own compliance when trying to map processes to policies. We have also co-opted traditional ITSM ticketing systems to cover checks and controls, but we are not a Regtech or AI specialist and would much rather use an SME-targeted commercial system. We hope this is the direction the market takes.

Regtech suppliers need to move out of the enterprise mindset and look at what SMEs need in a more focused way. The market is significant and growing and so is the requirement for regulation at all levels. With a worldwide focus on security, regulation and compliance, there is no reason to think the regulation trend will change but whether Regtech suppliers will change their approach to support the SME market, where IT system suppliers have failed in the past, remains to be seen.

By Gavin Scruby, CIO SmartDebit