RegTech – It’s like FinTech but Spelled Differently

April 24. 2017. 5 mins read
Table of contents

Our past article on the 9 hottest cybersecurity startups and our most recent article on 6 artificial intelligence powered cybersecurity startups have both proved quite popular with our readers which is hardly surprising considering how every other day some large corporation gets hacked. Cybersecurity is on the top of every CTO’s mind, but that’s not the only threat that keeps them up at night. Alongside external threats are internal threats sometimes referred to as “operational risk”. The most common definition you will find of operational risk is “the loss resulting from inadequate or failed internal processes, people and systems”. While it can also include external events, operational risk largely focuses on internal points of failure.

If you work in the finance industry, you’re probably familiar with “the compliance department”. If that sounds like a boring and soulless occupation, that’s because it is. The reason behind having a compliance department is to make sure that you do not commit any regulatory sins like insider trading, bribing people, or selling financial products that are not what they say on the tin. One of the reasons you have to watch all those stupid training videos is because most firms are scared ishtless that they’re going to be the next company being condemned by the internet and social media for breaking some regulation (reputation risk), not to mention the fines that come alongside that. One way that companies try to control this is through lots of processes.

Let’s say some disgruntled analyst goes off one day and decides to email your entire client base using the company’s mass emailing software to let them know that the product is isht. What prevents that from happening? First of all, not everyone has access to that mailing software. That’s a “process” that is in place to prevent such an event from happening. Part of that process also involves multiple human reviews or points of approval that take place before any external email leaves the firm which happens behind the scenes. That’s one small example of process used to manage operational risk.

The problem is that sometimes the processes don’t work and people can easily subvert them in clever ways. This is why companies have been investing in regulatory and compliance solutions for decades. What’s different now is that companies are starting to utilize the powers of artificial intelligence to create new compliance and regulatory solutions. Of course we can’t just call this FinTech because all the financial institutions who we’re trying to sell these solutions to view FinTech as a threat. We need to ascribe a different name for this type of startup so queue the thought leadership paper from Deloitte aptly titled “Regtech is the new Fintech” from some time back in 2015 and then the term started taking off:

That sort of thought leadership is why Deloitte makes the big bucks and now we have a whole slew of Regtech startups across a broad number of application areas. While FinTech is trying to eat financial institution’s lunches, RegTech is helping financial institutions make a healthier lunch. There are actually quite a few companies playing in this space, and there’s an excellent article over on Medium titled “RegTech is real and 120+ startups to prove it” in which the author, Jan-Maarten Mulder, lists 127 different RegTech startups like these:

RegTech Companies

There’s a lot to digest there so we wanted to just share with you a few examples of what Regtech startups can do using emerging technologies like artificial intelligence and big data.


Click for company websiteFounded in 2014, London startup Behavox has taken in $3 million in funding so far to link communications activity like phone conversations, email, chat, etc. with trading data to see and to quantify relationship between people, transactions, organizations, and content using it for workflow compliance. An article by CNBC last month highlighted how the Behavox technology was actually able to figure out that some of the guys in the firm were using their poker night to collude on certain trades. In another case, traders were using menu items from Nando’s in order to conduct insider trading activities. (Nando’s is a popular chain in the U.K that serves delicious Portugese grilled chicken). The system is not only 10X better at catching compliance issues than your old legacy systems, but it reduces false positives by 99%:

Don’t think you can resort to whispering that insider information to your mates. Behavox has used deep learning to detect whispering at an accuracy rate of 91.8% with significant background noise. That same article by CNBC mentioned that Behavox has already been getting offers for north of $100 million so it’s pretty apparent that they’ve created some value here. Remember our past article on how artificial intelligence is taking over investment banking? Large chunks of your compliance department will be getting outsourced to AI soon if not already.


Click for company websiteRemember the earlier example we gave about malicious emails being sent to our client base by a frustrated analyst? This next startup, CheckRecipient was founded by a group of mathematicians, engineers and data scientists who spent their early careers working in the investment banking industry and decided to develop a solution for incorrectly addressed emails. Is this really that big of a problem you might ask? Isn’t email going away in favor of tools like Slack? Here we can actually see a trend that shows increased email usage over time:

Your average corporate slave spends about 28% of their time reading or answering emails and the U.K. government’s ICO (read about them here) reported that misaddressed emails are the number one type of data security incident that takes place in organizations. London based startup CheckRecipient has taken in $3.68 million in funding to develop a solution that uses machine learning to prevent problems like this from happening:

Notice how these aren’t just restricted to the finance industry (though finance is probably the biggest offender). What CheckRecipient does is to evaluate historical email data with machine learning algorithms so that they can establish a baseline and detect errors going forward. In this way, their system can be as unobtrusive as possible and doesn’t take a whole lot of effort from IT to implement. Within just 50 milliseconds, the system can detect an anomaly and prompt the user with the reason that an exception has been detected along with an “are you sure you want to send this” button. Of course, certain exceptions may just be unannounced and such emails may be placed in a special place for humans to review. It’s that ability to detect the anomalies so quickly and effectively that makes CheckRecipient such a valuable tool to have.

Somewhere in the range of $8 billion in fines have been paid out by banks in the past 8 years alone and mitigating those risks is why finance firms can spend as much as 20% of their revenues on compliance and still fail. While RegTech isn’t entirely new, the application of artificial intelligence to effectively manage operational risk is.

Compliance has always been a cumbersome and inefficient bureaucracy run by recipe-driven risk averse individuals whose priority is not making your life easy but avoiding litigation. If you work in finance and use dollar cost averaging like we do, each monthly trade has to be entered into a compliance portal that then gets approved or rejected by some human’s interpretation of whether or not we might be insider trading. To those people who make our investing lives a living hell today, AI is knocking on your door.


Leave a Reply

Your email address will not be published.