Faculty of law blogs / UNIVERSITY OF OXFORD

Regulatory Technology: Introducing Evidence-Based and Data-Driven Classifications of RegTech Firms

Regulation, however necessary, is a cost to industry. RegTech, which encompasses uses of technology to automate or improve compliance and supervision, has emerged as a potential catalyst in recent years for a more sustainable, effective, inclusive and considered financial and regulatory innovation, mainly because of rising costs and increasing pace of technological developments, combined with a strong focus on transparency and accountability.

In our new industry report titled ‘Global RegTech Industry Benchmarking Study’, a team of researchers at the Cambridge Centre for Alternative Finance, University of Cambridge have conducted the first in depth analyses of the RegTech sector. The study was conducted with three key objectives: to build an evidence-based and data-driven classification of RegTech firms, to establish industry benchmarks on the size, growth and activities of RegTech firms using this market segmentation; and to better understand the key stakeholders and components of the global RegTech ecosystem as it develops.

The study adopts a working definition of RegTech as ‘including any use of technology to match structured and unstructured data to information taxonomies or decision rules that are meaningful to both regulators and the firms they regulate, in order to automate compliance or oversight processes’. Properly defined, this is not a new sector; some of its constituent parts including the Governance, Risk and Compliance (GRC) industry and the regulatory intelligence sector have been around for two or three decades. Rather, it is the method of delivery (on the cloud, via APIs), as well as the expectation of an end-to-end process, that sets today’s RegTech industry apart from its predecessors.

Based on a survey of 111 RegTech Firms worldwide, the report observes that RegTech is now a highly internationalized industry—fewer than one-third of RegTech vendors are active in just one market, and just over a third are present in five or more jurisdictions. In essence, the global RegTech industry is estimated to have generated $5bn in 2018, primarily due to a surge of new entrants, both large and small, driven by a combination of rapid regulatory change, technological advancements and regulator interest.

The RegTech sector primarily employs machine learning and predictive data analysis to describe patterns and predict behaviours; with about two thirds of the sector delivering its offerings through the cloud, and over a third uses natural language processing (NLP) to parse regulatory content. Together these form the core technologies of the RegTech sector. Looking forward, the report estimates that the use of machine learning and data analytics is set to grow further. In proportional terms, however, it is voice recognition, Distributed Ledger Technology (DLT) and Geographic Information System (GIS) mapping that are likely to make the biggest gains from today’s levels. It remains to be seen whether growing interest in, location mapping and graph analysis will translate into adoption.

The study summarises a number of pre-existing segmentations of the sector, which drew on the expertise of market participants. It validates and complements these with an evidence-based taxonomy—built from the bottom up and focused on the functional characteristics of vendors’ solutions, as opposed to the specific regulatory requirements addressed. We identify five clusters of firms and their activities (see below), of which the largest by fundraising are client profiling and dynamic compliance firms, together accounting for 70% of the funds raised to date (but just over 40% of the revenue):

  • Profiling and due diligence (collect or integrate data from multiple sources to build a profile of a person, entity or counterparty, confirm their identity, or categorise them according to regulatory requirements or business rules).
  • Reporting and Dashboards (collect information from multiple sources within a firm in order to build standardised reports for management or compliance purposes).
  • Risk Analytics (Use big data to assess the risk of fraud, market abuse or other misconduct at the transaction level).
  • Dynamic compliance (facilitate and monitor regulatory change, ensuring that policies and controls adapt flexibly to changing requirements).
  • Market Monitoring: (match market-level adverse outcomes to regulatory or business rules, including poor product performance, adverse market conditions or market manipulation, by sourcing data from diverse external sources).

We argue that the RegTech vendors have, to date, operated in a relatively benign environment, facing a reasonable amount of challenge from both competitors and regulators. The adoption has been strongest where it has been supported by high-stakes legislative initiatives favouring high data volumes and setting out prescriptive data taxonomies, in areas such as anti-money laundering and transaction reporting. 

For the time being, industry sources indicate that the sector continues to see double-digit revenue growth year on year, and primary data collection for the report suggests this is not overly optimistic. Our analysis of firm perceptions suggests, in particular, that there is a market premium for technologies offering real-time insights or decisioning, and a strong interest from regulators in supporting such technologies. But the promise of machine-readable and machine-executable regulation as well as an end-to-end compliance offering remains elusive despite regulatory support. 
In terms of challenges facing RegTech firms more generally, the report singles out the cost of acquiring clients, which are typically large and complex firms. This is often a long-winded and costly process, with both the procurement process and the IT planning cycle making the onboarding of new vendors challenging. Some vendors also raised concerns about the dynamics of the sector, worried that some segments are becoming saturated, with too many undifferentiated firms fighting for the same limited pool of business. 

Nevertheless, regulators and, in less mature markets, private sector development partners stand ready to work with or invest in the RegTech sector. The regulators’ primary focus is on funding public goods, including shared utilities and data lakes, for instance, in the areas of identification and customer due diligence, shared ontologies, industry-standard data formats, and shared norms (eg in the use of big data and artificial intelligence). In relation to private goods, regulators expect regulated firms to meet them halfway: an approach driven purely by fear of regulatory penalties is likely to produce less value.

The report findings point to a rapidly growing and technology enabled global industry serving an increasingly diversified customer base, yet still working to test use cases, build value propositions, and establish trust and credibility as it matures. 

The full study can be accessed for download here.

Emmanuel Schizas is the Lead in RegTech & Regulation at the Cambridge Centre for Alternative Finance, University of Cambridge (CCAF).

Hatim Hussain is a Research Assistant at the Cambridge Centre for Alternative Finance, University of Cambridge and is pursuing his graduation in law from Gujarat National Law University, India.


With the support of