Our Insights

The promise of regtech – Part II: The changing role of regulation in global financial services

Regtech moving to the forefront of fintech

Regtech is a niche within the financial services industry that is focused on how regulatory requirements can be met effectively and efficiently within an increasingly digitized financial environment. Models and approaches to regtech can vary, but all share a common characteristic in that they are designed to reduce friction in existing regulatory processes and interactions. While technology has been a staple of the regulatory process for some time, emerging regtech capabilities can be leveraged to produce additional advantages.

Key insights

  • A regtech rule and process change approach can help global regulators reconcile the demands of an increasingly digitized financial environment with evergreen requirements for safety, security, and privacy
  • Regulatory and industry sandboxes allow market participants to explore solutions in a low-stakes, incremental environment that fosters innovation and cooperation
  • Going forward, the nature of regulation may be shifting from a reactive to proactive function, with new technologies clearing the way to pre-emptively uncover systemic regulatory risks and weaknesses

In 2017 the Transatlantic Policy Working Group (TPWG), a joint UK–US effort dedicated to global fintech policy discussion, published a report identifying and discussing the models regulators are adopting in implementing fintech solutions for regulatory compliance.1 In the first article in our series on regtech models, we explored the ecosystem approach and the digital financial infrastructure (DFI) approach. In this article, we focus on the rule and process change approach, and the use of regulatory and industry 'sandboxes', which allow regulators and industry to collaborate in support of the supervised growth of the regtech sector.

The rule and process change approach: reimagining the role of the regulator in a digitized financial market 

Innovation and technological change are dramatically reshaping the world of financial services. In response, changes to the rules and processes by which those services are regulated may need to follow. 

For example, current data privacy and retention rules may be inconsistent with the use of technologies such as blockchain. As a decentralized, distributed technology, blockchain retains a permanent, unalterable record of transactions while local regulations may require that information be discarded after a specified period of time (e.g., the European Union's General Data Protection Regulation, which includes the right of a data subject to erasure of data, often referred to as the 'right to be forgotten').

Other elements of newly-digitized financial service offerings and platforms, such as the use of algorithms, may also pose challenges for regulatory oversight as regulators work to ensure algorithms are compliant with existing regulations.

Transforming regulators globally

Around the world, regulators are addressing the rule and process changes required to meet the challenges that arise in a digitized financial system. In the UK, the Financial Conduct Authority has noted that adoption of regtech would be hastened by defining new regulations in machine-readable format so they can be "read" and processed by computers in order to enhance consistency with international regulations.2

Also in the UK, the Competition and Markets Authority has moved to require account providers in the UK to make customer data available to authorized third parties through an open Application Programming Interface (API) framework.3 An open or public API allows access to a proprietary software application or web service. APIs define the requirements that set out how applications can communicate and interact with one another. 

Regulators are addressing the rule and process changes required to meet the challenges that arise in a digitized financial system

This effort has been mirrored in the US, where the proposed Financial Transparency Act, if enacted, would modernize US financial regulatory reporting into fully searchable, standardized, and machine-readable data.4 The draft legislation would require US financial regulators to adopt consistent data fields and formats for the information they are already collecting under existing laws. This would transform financial institutions from document-based filing to open, structured data formats that can be used and implemented by any user.

The sandbox approach: iterative innovation for a digitized future 

Regulatory sandboxes provide a path for regulators and other market participants to identify where rules might benefit from change or where new rules may be needed. The sandbox approach combines elements of the ecosystem and DFI approaches and the rule change framework. 

A regulatory sandbox is typically implemented as a unit within a jurisdiction's conduct regulator that allows sandbox participants to carry out controlled market experiments under relaxed regulatory requirements.5 The sandbox approach has been used successfully in other highly-regulated environments, such as the pharmaceutical industry, which uses this approach in the regulation and testing of new drugs. Sandboxes allow regulators to engage with problems, issues, and market participants quickly and at less cost.

Regulatory sandboxes provide a path for regulators and other market participants to identify where rules might benefit from change or where new rules may be needed

Around the world, the TPWG report identified 19 regulatory sandboxes at various stages of development, with those in the UK and Singapore considered the most advanced.6 The Fintech Bridge agreement between the UK and Australia also moves the development of regulatory sandboxes forward by supporting businesses that would like to participate in sandboxes in both countries—for example, by making it easier for start-ups to get licensed in both jurisdictions7.

Summing up: sea changes in regtech

The rule and process change and sandbox models show that, as with the ecosystem and DFI models explored in our previous article, regulatory agencies and financial institutions are reshaping how they carry out their mandates. 

Looking forward, however, it may be that the nature of regulation itself shifts. While the first wave of regtech focussed on process automation, the in-process second wave focuses on systems evolution and a deeper rethinking of regulatory processes globally. In light of this shift, the TPWG report suggests that ultimately, regulation may transition from an after-the-fact activity, to a before-the-fact process acting largely as a "hygiene factor" underlying markets.8

In this new environment, intelligence gleaned through artificial intelligence and machine learning could pre-emptively uncover systemic regulatory risk and weaknesses so that regulators can proactively respond. The regtech models regulators have at hand can help deliver the open and agile regulatory environment that is an increasing necessity in global financial markets.




You may also like



  1. Transatlantic Policy Working Group (June 23, 2017) The Future of RegTech for Regulators: Adopting a Holistic Approach to a Technology-led Regulator
  2. Ibid., page 16
  3. Ibid.
  4. Ibid., page 17
  5. Ibid., page 18
  6. Ibid.
  7. Nathan Lynch, Thomson Reuters (March 23, 2018) Regulatory Intelligence: UK and Australia building regulatory bridges to foster "fintech" innovation
  8. Ibid., page 20