Why RegTech will be central to GDPR success

The financial crisis of 2008 changed the world of finance forever; sowing the seed for massive regulatory overhaul and increased compliance costs.  Pressures increased dramatically, as regulators and governments sought ways of preventing the mistakes of the past.  New rules were introduced, old rules were abolished and as a result, compliance teams became more important than ever before.

Regulators have since taken no prisoners.  In the years following the financial crash we have seen record fines for those firms failing to achieve the required standards.  The industry has reacted accordingly – the cost of non-compliance now outweighs anything that might be gained from cutting corners.  This means there has been an increasing demand for technology solutions that support compliance, and with it the creation of a whole new specialist sector.

The rise of RegTech

Heralded by Deloitte as “the new FinTech”, Regulatory Technology – or RegTech as it’s more commonly known – is a sector specifically focussing on the compliance, security and regulatory aspects of FinTech.  RegTech platforms facilitate the delivery of regulatory requirements more efficiently and effectively than traditional, manual solutions.  Essentially, RegTech is about developing technology solutions that can help firms better comply with regulations in an agile, comprehensive and cost-effective way.

Since 2008, regulators have imposed more than $300 billion in fines and penalties to firms that have failed to achieve compliance standards.  With so much at stake, companies are investing heavily in RegTech.  According to research by FinTech Global, investment in RegTech has more than tripled over the last five years.  With regulators demanding a much higher level of transparency, technology solutions that enable this are becoming increasingly important.

Compliance: costly and complex

We’ve seen how RegTech is supporting companies with compliance for complex directives such as the Markets in Financial Instruments Directive II (MiFID II), which have put pressure on compliance teams to respond to regulatory changes in new ways.  Traditional tools can no longer keep pace with monitoring, recording, accessibility and auditing of protected information.  With companies across all industries now managing huge amounts of data, many firms quite simply do not have the technology or infrastructure in place to comply.

Alongside having advanced data encryption and security procedures in place to guarantee who has access to data, organisations will need impressive storage resources in place to cope.  Modern compliance challenges require modern tools, and these need to be as globally dynamic as the organisations they support.  RegTech systems harness global data sets in a way that offers new and timely insight into regulatory processes, automating compliance and risk management tasks by pooling and aggregating data from a range of sources.  Often this data is too complex, too varied, too expensive, or just plain impossible to review manually.

GDPR: it’s time

In 2018, RegTech will play an even more important role, stretching into virtually every industry.  The EU General Data Protection Regulation (GDPR) will come into force in just over a month, and this represents a huge overhaul of data protection rules.  Organisations will need to make stark changes to the way they treat compliance, and take heed of the huge financial penalties at stake should they fail to comply.

Under GDPR, companies can be fined up to 4% of their global turnover for a breach.  With such a significant overhaul of the data protection landscape, regulators will likely want to make examples of companies failing to achieve the new standards.  Many industries will be taking inspiration from financial services firms, rolling out specialist technology solutions to support the transition to a new era of oversight.

For most companies, the primary issue of the near future will be the scope of new regulations.  Compliance will not be straightforward and some regulations will contradict each other.  For example, if one regulation insists that all records of a transaction are kept for five years whilst another provides rights to remove this data, which one prevails?  The RegTech sector will be poised to answer these questions with practical, technology-driven solutions, interpreting the new regulations for multiple sectors.

The contact centre and beyond

A great example of where RegTech is already helping address compliance challenges is in the voice space.  Just imagine how much personal data is held within call recordings.  These are ubiquitous across many industries – a range of sectors store call data.  With GDPR offering customers new rights to access, view and delete this data, how can companies ensure they can offer this capability?  How will they even know what data they hold?  A technology approach to the problem is the only way many organisations will be able to address these challenges effectively.

Huge fines and reputational risks mean that for the majority of businesses, non-compliance is not an option.  RegTech is poised for huge growth, as regulators promise a greater level of control and oversight than ever before.  Frost & Sullivan suggests the global RegTech market could reach $6.45 billion by 2020.  The future of RegTech looks bright, but, organisations must be ready to navigate the increasingly complex compliance landscape.


By Tom Harwood, Chief Product Officer & Co-Founder, Aeriandi

European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.