Amias Gerety is a Partner with QED Investors
Regtech has been more promise than reality so far, but success is possible for startups that appreciate complexity of banks and financial services—and the interplay of rules to which they are subject.
Every large financial institution, and most small ones too, are committed to a digital transformation. These digital transformations will span from cloud deployments, to enterprise data lakes, to competitive digital offerings, and the transformation of compliance. In total, many will end up having nine-figure costs, and most, I’d wager, will end up failing.
I recently brainstormed with the CEO of a smallish regional bank who estimated that with one year of focused attention and investment in automation and other advanced tools, he could add an additional 3-4% to his bottom line. But he freely admitted that he didn’t know where to start.
This is the tantalizing prospect of regtech – and never before has there been such a clear start date for a tech trend in banking. In 2015, when the term “regtech” was first coined by the UK’s Financial Conduct Authority, it was clear that the waves of innovation that had crashed over consumer finance were coming to the shores of regulatory compliance.
For many financial institutions, the coming of regtech was a cause for celebration. Post-crisis rules had expanded, creating difficult compliance obligations for even the largest of banks, especially for those with paper systems dependent on individual human processing and transaction-by-transaction analysis. But a decade of advances in technology brought the frontiers of academic experimentation not just into the realm of the possible, but into the realm of the obvious, even the easy.
Furthermore, US politics signaled a turn towards deregulation, and bank executives in the EU largely resolved to implement new regulations with greater focus on sustainable tech solutions. The confluence led bankers to see new prospects for regaining control of their post-crisis compliance procedures – with the promise of higher effectiveness and lower costs.
By spring of 2017, CB Insights predicted $5B of investment would be made in the following 5 years. And investments would run the gamut: IBM’s Promontory/Watson released their first commercial application for anti-money laundering; followed by over 600 different regtech software products. Over 100 banks have now joined R3’s blockchain consortium.
So today, we face a situation where the banks have understood the promise and the startups have emerged; but there is more skepticism than ever about the possibility of success. Fewer than 10 companies on Crunchbase with a “regtech” tag have raised more than $5M in total.
Regtech companies that have passed through a Series A fundraising are hunkering down with their initial partners, scoping out the breadth of their use cases and looking for the next big bank client. But only a few, like Arachnys, an AML-automation platform where I serve on the board; and Droit, an automated decision making engine for capital markets trading, have signed multiple, multi-million dollar contracts with large banks.
Bank compliance leaders have found that even the best regtech startups are narrow point solutions. While each solution can be attractive on its own terms, the mid-level bank executives responsible for investigating these offering are wary of their ability to knit together multiple new software products into coherent value for their operations. And they are ‘once bitten, twice shy’ about putting their faith in startups’ claims of interoperability.
As a result, an unsatisfying equilibrium has developed where bank innovation teams have clear mandates to experiment and flexible budgets to build proofs of concept; but these innovation teams mostly don’t have the credibility to turn these projects into actual changes in bank operations. Among startups and their investors, this situation is known as the the bank “innovation wash-cycle,” where experimentation leads to more experimentation.
As someone who listens to pitches from startups as a living, I’m finding that many young startups present a proof of concept with a large bank as a near final step in enterprise sales. I on the other hand, am looking for their ability to convert a proof of concept into an enterprise level deployment, something that is much harder. Other startups escape this conundrum by getting traction with other startups – who, though easy to work with, have near zero budgets for compliance technology.
Despite the potential for pessimism in these two stories – the banks’ struggles to modernize legacy systems; and the regtech’s struggle emerge as transformational software companies –deep partnerships have the potential to unlock real change in financial services. To do so, both regtech startups and their bank partners need to focus on three key challenges.
Regtech Onboarding: Banks have not solved their own sales-cycles
Every software startup that undertakes large enterprise sales is walking a tightrope towards a nirvana of being an industry standard solution with large, stable clients and the glory of SaaS valuations– where companies typically can have valuations based on 10X revenue, even when they’re unprofitable. On the way, however, the startup can fail by becoming a consulting company – over-fitting their software development to an initial clients’ needs and so failing to create a scalable solution. And of course, if they fail to satisfy and delight the first client, then the second and third clients may never materialize.
On the buyer’s side, financial institutions are largely unable, even if they are willing, to change their procurement processes. Although procurement did not grab headlines in the crisis, the combination of a change in supervisory culture and new third party risk management guidelines, and the rise of cyber risk as the #1 risk concern for bank boards created a sea change in banks’ approach to procurement. These procurement processes also serve as a kind of defense in depth for the executives who might be regtech buyers, even when they’re counter-productive to the goals of innovation. Large banks face internal pressure to make use of their large internal IT teams; small banks can have difficulty understanding evaluating the landscape of potential regtech products. In both cases, not doing anything can seem like the best choice. Whether or not the C-suite wants to admit it, most mid-level bank executives win by surviving, not by taking risks.
Paradoxically, financial institutions can best solve this impasse by expanding their horizons and finding collaboration opportunities with their peers at other firms — compliance is not a competitive activity. For example, teams at ING and Commonweath Bank of Australia in London have been quietly partnering on regtech to enable faster adoption, conduct more tests, and lower the downside-risk for each bank.
Startups need to solve business problems, not just apply innovative technology
I sometimes tell people that my job is to invest in companies that apply everybody’s favorite technology buzzwords (machine learning, cloud, blockchain, etc.) to the guts of banking. While that suffices for small talk on the playground, the mere combination of a technology buzzword and a bank legacy system doesn’t create value.
For example, there are dozens of startups that are trying to use the decentralization of blockchain to power more flexible and secure digital identities; none of them have yet managed to amass the network of users large enough to matter in the financial services landscape. While the promise of a self-sovereign identity may be the killer app for crypto-enthusiasts; there’s better evidence that the the killer app for identity in financial services is actually cybersecurity: in the last decade, Okta has built an identity management platform for enterprise with a $6.5B market cap.
Similarly, the possibilities for natural language processing have generated dozens of startups who are machine-reading the world’s regulations and guidance — parsing regulatory risk, obligations and trends. Without dismissing the “whiz-bang” nature of this achievement, regulatory interpretation is not actually a hard problem for most banks. The hard problem is process change associated with those regulatory interpretations. So the best regtechs are now focused on the challenge of layering their regulatory intelligence with applications that reach deeper reach into the business procedures, control processes, and audit functions of their clients. Their goal is to maintain flexibility and scalability while expanding beyond the initial point solution – but these skills require different technical chops than those they built in their initial products.
One of our portfolio companies, Ocrolus, has come to a regtech solution by starting from an operational challenge – automating the extraction of data from the documents that lenders use in underwriting. Because Ocrolus creates a clean, complete data file with an embedded audit trail, their operational process enables better risk management, compliance and audit.
RegTech needs to embrace operational complexity in financial services
CEOs constantly cite regulation as a top challenge, but the nature of these complaints needs further refinement to understand where regtech can fulfill its promise.
From the perspective of bank management, the economics of regulatory requirements have different cost curves based on whether the effect of the requirement is to change the operations of a bank or whether the effect of the regulation is to change the economics of a bank. The two diagrams below demonstrate schematic cost curves for these two kids of regulatory requirements as they are implemented:
With any regulatory or compliance change, the implementation costs typically begin with acute but relatively short-lived legal costs. These are followed by systems change efforts – new application mapping and development, new policies and procedures, staff training, etc. But some forms of regulation that require changes in bank operations then reduce to a smaller permanent cost in the form of new operational costs and new monitoring costs. Some examples of these requirements are KYC/AML, new mortgage disclosures, consumer protections.
Other regulatory requirements affect the fundamental economics of financial institution – requirements like capital, margin, liquidity change the algebra of a bank’s earning assets and the distribution of returns between equity holders, bond holders and ultimately seek to internalize costs that could be borne by society more generally. Banks response to these requirements will primarily be a strategy of optimization – recalibrating lines of business to maximize returns under the new rules.
Some types of requirements can straddle both types of impact. For example, the Volcker rule both requires a number of changes in operations and forbids a previously profitable activity. Other reforms, like those for swap markets, include provisions from each group. For example, swap reporting and transparency requirements require a change in operations, while swap margin requirements change the economics of swap businesses.
With this framework, we can see that the big opportunity for regtech is to become an integral part of the new operating and monitoring apparatus of financial institutions as they implement regulatory requirements. One company, RiskGenius, uses an algorithm to automate the analysis of complex commercial property & casualty insurance policies. While their clients are largely interested in the ability of the software to help them understand and price risk correctly, the ability to understand risk at the level of individual clauses across a portfolio has now gotten regulators themselves interested in the opportunity.
Financial services leaders view the goal of any regulatory or compliance change as an effort to protect the value-creating processes of a financial institution from the volatile cost of fines and associated headache of restarting a regulatory change process. The value is in compliant operations, not in technology for regulatory compliance. RegTech startups, therefore, need to steer even deeper into the complexity and the long sales cycles of their clients and become part of their client’s digital transformation.
And if they’re smart enough not to take too much credit for their client’s success, they have a chance to define bank operations for the next generation.
(Fintech Policy readers: What does RegTech mean to you? Take a moment to check out QED’s RegTech Enable survey!)