RegTech is an opportunity. It creates new kind of relationships based on trust between the companies and their clients.
On October 17 th , 2019, more than 120 legal, finance, IT and tech experts met at the Etablissement Namur, in Luxembourg-Hamm, to attend the third edition of the RegTech Summit. This year, the event was entitled "The Age of Privacy Champions: When Compliance meets Performance", with more than ten local and international experts sharing their knowledge, best practices, while discussing the latest trends of the ever-growing RegTech industry.
Master of Ceremony Frank Roessig (Head Digital Solutions for Finance, Proximus) first welcomed the participants explaining that privacy is a big game changer inducing a lot of efforts from companies to meet their clients’ expectations and requirements now that they are allowed to assert their rights.
Paving the way for more transparency & the culture of change through data management
He then welcomed Mike Wonham (Senior Director Analyst, Gartner) who took the stage with a presentation entitled "Privacy: User Experience is the Next Big Thing'. According to the Gartner analyst, the privacy environment is evolving and going global while regulators are flexing their muscles and individuals asking more and more questions. To give some examples, he stated that today, Russia fines Twitter and Facebook 3k RBL each, France fines Google EUR 50M and Uber EUR 400K. Belgium reports 239% increase in data breaches and another very interesting case to report is Germany fining Delevery Hero – an online platform for food ordering – EUR 195K because people were complaining, asked questions about the collect and use of their data. To mention but a few: 18 Million people around the world use Microsoft’s dashboard to interact with their data in the first year of GDPR (2019 Gartner’s survey). Regarding data, the legislation promises information (access and portability), correction (rectification and erasure) and restriction (objection to sale). To duly comply with the requirements imposed, companies need to know – what is sensitive, where it is stored, how it is used, who it is shared with and for what purpose, for how long – and be able to act, have tools in place to do the request, perform it. The next stage of privacy should allow companies to reduce privacy risks while gaining insight and control.
Then, Marie-Claire Pettinger (Data Protection Officer and Compliance Officer, Foyer Group), Julien Sassella (DPO & Legal officer, e-Health Agency) and Stéphane Bianchin (CISO, Banque Raiffeisen) took part in a round-table discussion around the topic of "privacy champions". The session was moderated by Kenza Bouzouraa (Deputy Director, ELGON/AINOS). They highlighted how Regtechs have been seen as an opportunity rather than a constraint over the past two years. Since the introduction of GDPR, companies lead the quest to data protection, transparency and information security. Marie-Claire Pettinger and Stephane Bianchin agreed that a lot of efforts have been made internally even before the implementation of GDPR to better control data and check how they are collected and for how long. At Foyer, they settled a double opt-in and updated their website to anticipate their clients’ requests and preferences. They explained internally that for a company covering private and life insurances, data protection was at the heart of the concerns. Likewise, Stephane Bianchin insisted on the importance to raise awareness among employees regarding the role they must play and their contribution to make processes change. Physical, organizational but also ICT measures must be implemented. Also, it is important to know that if companies have to comply with a large number of regulations, so are its sub-contractors and service providers. The need for people to know how and why their data are collected, why they are stored and for how long, has drastically increased. According to Julien Sassella, clients’ requirements have always been very high but with the GDPR introduction, they can now legally request for more information and legitimately send more requests than before. We need to think user experience first and protect the patients. The DPO/CISO duo is important as it make strategic decisions become operational and in line with the need of the clients/patients. More and more brainstorming groups have been created to share best practices and raise the skills’ level.
RegTech is an opportunity. It creates new kind of relationships based on trust between the companies and their clients.
Outlook of the European RegTech Market and new needs
The organizers also welcomed Nadia Manzari (Partner at SCHILTZ & SCHILTZ), Susanne Schartz (COO, SEQVOIA) and Odile Renner (Partner, Arendt) who discussed the role of women in the RegTech industry and the surge of regulations asking for transparency and data to be collected, analyzed. AIFMD, EMIR, MIFID, PSD2 to name but a few require data collection and to comply with it, professionals need to be up to date with current trends of their markets. KYC is a huge process and RegTechs can certainly come as an answer in this frame. According to the RegTech Universe map (Deloitte, September 2019), 44 RegTechs provide Regulatory Reporting solutions, 49 are active in Risk Management, 78 in Identity Management & Control, 135 in Compliance and 27 in Transaction Monitoring. Different listings exist and in the RegTech 100 (Regtech Analyst), 48 of which also appear in the Deloitte study, 3 Luxembourg firms: Algoreg, UME and governance.io. According to Nadia Manzari, the hottest topic now is PSD2 and RegTech tools are essentials given the amount of complexity induce by new regulations and the need from financial institutions and organizations to deal with digital requests. Technology is vital to answer rapidly and be agile. Susanne Schartz agreed as, for her, “nobody can take up those challenges without tech and no one wants to”. There is an increasing pressure from regulations in general and the requirements imposed to the finance industry cannot be met without tech. It takes more time to go through change processes and tech will help face the challenge of procedures’ change. With regard to women in the regtech industry, they agreed to say that they should not be afraid and technology can clearly contribute to women empowerment as it is used the same way by men and women, it is indeed a question of talent acquisition, curiosity and a decision to enter the sector.
Before the break, Frank Roessig put into perspective the topic of data protection and transparency with new concerns created from the use of AI and the black box problem: black box AI systems for automated decision making. This is based on machine learning over big data. It considers several key parameters and enable to make crucial decisions without exposing the reasons why.
Turn compliance into opportunities
"The fastest way to compliance: 5 success stories of institutions leveraging RegTech" was the name of the presentation given by Jonathan Prince, Co-Founder, Finologee. “Regtech is concrete, it is not a buzzword nor a fairytale. It optimizes the existing (processes), makes it cost efficient and creates new business lines.” Banks and financial institutions need to optimize the existing with external providers. Finologee sources them, identify what is accurate, the solutions that can bring values and it bridges the gap to answer the need. Jonathan gave several examples of collaborations created to enhance internal processes such as the partnership realized with Foyer, a leading insurance company in Luxembourg. They help the company face the identification challenge by implementing an electronic signature and the possibility to fill in documents digitally. Since that, they observed a 92% conversion rate of people using the digital way compared to 30% by paper. In his opinion, “Regtech doesn’t steal, it creates business. There is no need to change the core infrastructure. Organizations need to use APIs, find the right strategy with the right providers”.
Béatrix Barafort (Group Leader, LIST) and Philippe Valoggia (Senior Research and Technology Associate, LIST) then shared the stage. They focused on the best ways to combine compliance and performance management through accountability enhancing technique. For the Luxembourg Institute of Science and Technology, “accountability is not about quality control but quality insurance”. Accountability principle requires organizations to identify the technical and organizational measures to implement and to be able to demonstrate their effectiveness. To do so, Beatrix Barafort presented a specific framework used by LIST with different components to value processes, study how it works and how effective they are. The rules are as follows: (1) a general framework to assess process capability, (2) a detailed method with phases, tasks and roles, (3) a clear description of the processes to be assessed, (4) precise rating and consolidation rules, (5) a certification scheme and (6) a supporting toolbox.
Anne-Sophie Morvan (Business Development Manager, LUXHUB) shared practical examples and food for thought on how to pave the way between Fin/RegTechs and Financial institutions. One of the main challenges for banks and financial institutions is technology. They need to change their processes as they rely on legacy systems compared to their competitors which are more agile. “Collaboration is necessary if not mandatory” and there is a lot of choice on the way to collaborate: acquire, invest, do a joint venture (what happened with LUXHUB by 4 large banks), have its own incubators, open banking (to open to new actors), join a FinTech program, act as a supplier, through platforms. In this frame, APIs represent a great opportunity for the financial ecosystem stakeholders to collaborate. As examples LUXHUB XS2A API Marketplace, LUXHUB One (account aggregation services through One API), Starling Bank banking-as-a-platform model or BNP Paribas Securities Services APIs for asset managers can me mentioned. Regarding LUXHUB expansion, they recently launched an API marketplace in order to let both financial institution, regulated entity, FinTechs etc, show their APIs on the same place.
"How to convert a compliance department from a cost to a profit center " was the name of the presentation given by Karl Gribnitz, Co-founder, Regpx. The company suggests to answer the challenges of compliance by designing the right solution, implement it with a specific guidance to ensure no errors in the integration of the compliance system, measure and report on the performance of the tool. “Profitability is achieved by improving compliance at every level throughout the entire organization.”
Maciej Waloszyk (Managing Partner, Cascade) then took the stage and presented a case study for KYC API integrations. Cascade is an administrative & governance software for corporates, law firms, investment funds and auditors and has worked with Neterium’s Jet Scan – a next-generation screening engine- to provide an end-to-end KYC onboarding and monitoring service. It facilitates day-to-day activities (Register function, Transfer Agency, Compliance & AML/KYC, Sales, Risk, Project Management, Set Up among others).
Opportunities for other sectors than the financial one - how and why?
The final discussion of the day brought together Arianna Rossi (Postdoctoral Researcher at SnT, Interdisciplinary Centre for Security, Reliability and Trust), Alan Blanchard (Business Development, Apiax), Sébastien Pineau (Lead Partnership Officer, LIST) and Bert Boerman (CEO and Co-founder, Governance.com).
To apply regtech principles to other sectors, there is a need to get to an harmonization, to create and comply with new (high) standards. This requires a good communication between different groups, “it seems as simple as that but find a compromise and involve people is not that easy” stated Ariana Rossi. When you start to go across other sectors, you need to have a clear methodology, to have thought about it. This is what APIAX did and they are now able to offer to other sectors their solutions. In that sense, technology really helps duplicate business models. They are now working with the agricultural sector (Alan Blanchard). Sebastien Pineau highlighted the importance for company to negotiate. “The place for negotiation in other industries is bigger than for the financial sector”. The idea is to find a good collaboration, but this requires a certain level of maturity. They tried to find how to transform regulation into best practices and initiated workshops to advance industry knowledge and also involved the regulator to find out the right solutions for the market.
The event ended with the traditional networking cocktail, allowing experts to further discuss the topic and the current trends of the RegTech industry. Tech professionals will meet at the beginning of December for a new edition of the IT One Gala and a new event dedicated to women in IT will be organized on December 17th. More information: www.itladiesnight.lu. All our experts will gather again during brand new FinWinter Summit in March 2020. Watch this space, more is to come.
Photos: Dominique Gaul
Publié le 21 octobre 2019