As compliance pressure mounts, businesses turn to regulatory technology

More than seven years after the financial crisis began, economies worldwide are growing. Much of the recovery has been led by government spending, including massive sums on infrastructure projects. Those projects typically involve a lot of interaction between governments and local partners, especially in emerging markets — where the need for those joint ventures is greatest.

While that has helped those economies grow, it has also driven worldwide growth in compliance. In fact, security company Kroll calls the combination of government contracts, emerging market exposure and third-party agents a “high-stakes trifecta” from a fraud-risk perspective, introducing a lot of potentially bad actors, like a shady procurement or contract manager.

Along with increasing fraud and security risks to governments, the risks to businesses worldwide are rising too. Fraud and corruption are up, especially in emerging markets. In Nigeria, the incidence of fraud is 30 percent; in Egypt, it’s 44 percent.

Even in the developed world it’s a significant issue. The incidence of fraud in the U.S. is 16 percent; in Germany, it’s 26 percent. At the heart of the problem is the enormous amount of commerce now taking place in the digital world, where it has become increasingly difficult to parse the bad actors from the good ones. According to Ernst & Young’s 2014 Global Fraud Survey, at least one in 10 executives reported their company had experienced a significant fraud in the past two years.

Cybercrimes are on the rise, too, posing ever-more menacing risks to businesses and governments. According to research from the Economist Intelligence Unit, close to one-third of businesses worldwide have seen an increase in the number of cyber attacks over the past year. In May, FBI agents and police in 17 countries arrested more than 90 users of a malicious software known as Blackshades, which is used to commit everything from extortion to bank fraud.

New digital initiatives at financial institutions and other businesses means more opportunities for fraud and cybercrime.

All this means businesses are under mounting regulatory pressures, and that is driving substantial growth in compliance, which will ultimately lead to more aggressive enforcement on the horizon.

Last January, for example, the U.S. Justice Department warned banks it would begin aggressive enforcement to improve compliance with anti-money laundering prohibitions. Ernst & Young also reports a shift worldwide toward more aggressive enforcement and penalties for fraud, corruption and economic crimes. Canada, for example, has amended its anti-corruption laws, Hong Kong has set up a task force to detect corporate fraud and France created a new Central Office Against Corruption, Financial and Fiscal Offenses as part of broader financial crime reform.

With the expansion of the number and complexity of compliance laws comes a corresponding increase in the need for technology. A whole new industry buzzword has come about, regtech, which revolves around creating solutions that ease the burden of compliance. The same drivers that create the need for new regulations also enable technologies to comply with those regulations: the internet, big data, open APIs and advanced analytics.

If companies fail to embrace the new regtech opportunities, they’ll face increasing costs for compliance, while simultaneously decreasing their productivity, capacity and efficiencies. It’s sink or swim for regulated institutions; either they adapt and introduce new technologies that allow them to be more nimble, flexible and productive, or, they continue to use labor-intensive processes that will become increasingly cumbersome and untenable. Can compliance departments continue to hire, some hiring 500 percent in just a few years, as noted in a Booz Allen Hamilton 2014 investigation?

It has to be difficult for regulated institutions. Institutions, by nature, are conservative. They have developed processes over years that limit their risks, hired and trained staffs that are given oversight because of their knowledge and expertise and have known procedures for dealing with regulators.

Now they are supposed to change that based on some newfangled technology from some young, emerging upstart? Where do they even begin?

While that might be the perspective from some institutions, the reality is that regtech, while a new term, is not really new. Technology has been in their back offices just as long as anywhere else. The difference now is that the technologies are evolving at an extreme rate.

And, it’s not like all the players are new. Many are the same big-name consultancies that are always around when big money is at play. With their large staffs, established customer base and technology acumen, they can migrate into the space without major hurdles.

As for startups, any worth their salt will be working closely with major clients and have rock-solid technology. The key for startups to succeed in regtech is to master one, highly focused niche. By offering best-of-breed solutions, they can deliver value where larger players or in-house staff don’t bother to show up. If they can leverage that value into a solid track record and a stable ongoing concern, they’ll gather even more clients as the operational risk decreases.

For example, one niche where technology can immediately assist institutions in their regulation compliance is identity. No number of new government committees and task forces will be able to protect businesses and organizations if they don’t know, on the most basic level, with whom they are doing business. And the bigger an organization’s footprint, the greater its compliance risk and requirements.

“One of the most fundamental ways to prevent fraud is to make sure fraudsters don’t enter in the first place,” says Stephen Ufford, CEO of Trulioo, a global identity verification company that I work with to help with anti-money laundering (AML) and know your customer (KYC) rules. “Many companies fail to detect fraud simply because they don’t run appropriate checks and especially for those doing business in emerging economies, that can be a real challenge,” says Ufford. Automated detection systems and identity verification tools, however, which lean on the availability of big data, go a long way toward helping organizations meet compliance requirements and protect themselves.

Businesses are under mounting regulatory pressures, and that is driving substantial growth in compliance.

Australia’s government, for example, instituted new National Identity Proofing Guidelines in order to strengthen its identity proofing processes and increase trust. It now considers verifying a person’s identity a critical starting point for everything that follows, whether it’s private sector transactions or the delivery of government services. Australia’s guidelines recommend confirming identity in non-traditional ways, not just by looking at a person’s birth certificate or driver’s license but also by their activity in the community — where they live, work, shop, interact — and that includes the online community, too.

A more recent example that illustrates the ever-changing regulatory landscape happened a few months ago when the government of Canada revised rules regarding acceptable methods to determine client identity. These rules create flexible methods for verifying identities, acknowledging the use of new technologies and access to reliable, independent data sources, including all levels of government, crown corporations, financial institutions and utilities.

New technologies are helping make that kind identity verification possible, taking a variety of innovative approaches to fight fraud. For example, there are verification services that do “social verification” — a non-traditional approach to verifying identity. This helps deliver a “Verified/Not Verified” binary response for identity intelligence retrieved from a montage of data sources, including traditional ID data, such as government records and credit files, as well as alternative data from mobile applications, ad networks and social networks, to verify a person’s identity.

Verifying users can help businesses avoid a host of problems, from financial fraud to cyberbullying. Businesses have the ability to configure the tool any way they like, to meet the compliance needs of their market.

Organizations worldwide are investing in innovative tech tools, especially financial institutions. In fact, worries about fraud (especially international fraud) are reshaping spending at banks, whose 2015 budgets include more spending on IT, with a big chunk of that going to compliance.

Research firm Ovum expects U.S. banks to spend 4.3 percent more on IT in 2015 than they did in 2014, and there have been huge increases in spending on security and fraud technology initiatives at U.S. banks, according to an article from American Banker.

New digital initiatives at financial institutions and other businesses means more opportunities for fraud and cybercrime, but along with that, more opportunities for technology to meet and mitigate those threats.