Faculty of law blogs / UNIVERSITY OF OXFORD

RegTech: What it is and why it matters


Time to read

3 Minutes


Ben Charoenwong
Assistant Professor of Finance at the National University of Singapore
Zachary Kowaleski
Assistant Professor of Accounting at the University of Notre Dame
Alan P. Kwan
Assistant Professor of Finance at the University of Hong Kong
Andrew Sutherland
Associate Professor of Accounting at the Massachusetts Institute of Technology

Over the last two decades, financial institutions have been subject to an array of new regulatory requirements, requiring firms to measure financial risk more precisely, monitor misconduct by employees, vet clients more closely, and file data-intensive disclosures. In their compliance efforts, financial institutions are increasingly investing in information technology and hiring technological experts, a development industry participants refer to as ‘RegTech’.

RegTech encompasses the technological solutions firms use to achieve regulatory compliance. For example, firms may digitize customer information, increase data security, automate internal and external reporting, or apply machine learning and AI to obtain more accurate incident alerts (FINRA 2018). Common RegTech applications include fraud prevention, consumer protection, asset-liability management, anti-money laundering, capital measurement, and tax/financial reporting.

In 2019, public US financial institutions spent nearly $10 billion on RegTech compared to just $2.2 billion on auditing, and RegTech expenditures are forecast to grow at 35% per year (Juniper 2021). In addition, RegTech is one of the fastest-growing segments based on global venture capital, private equity, and merger volume (KPMG 2021). As Deloitte explains, ‘RegTech promises to disrupt the regulatory landscape by providing technologically advanced solutions to the ever-increasing demands of compliance within the financial industry’ (Deloitte 2021).

Our paper

In our new working paper, we examine how U.S. Broker-Dealers respond to the 2014 amendments to Rule 17a-5 of the 1934 Securities Exchange Act, which followed the discovery of large Ponzi schemes in the late 2000s. The amendments required certain Broker-Dealers to state that they established and maintained internal controls that provide reasonable assurance that noncompliance with Financial Responsibility Rules will be prevented or detected on a timely basis.

As Deloitte explains, prior to the amendments, many Broker-Dealers used ‘systems and technology that have been built in-house many years ago’, creating challenges for auditors and regulators (Deloitte 2015). Accordingly, the amendments increased internal control requirements to manage the risk of customer losses from unexpected Broker-Dealer failures. Specifically, Broker-Dealers must maintain controls for and documentation demonstrating moment-to-moment compliance with requirements to hold adequate net capital and to segregate customer assets. The amendments spurred significant technological investment: Broker-Dealers began to ‘invest in shoring up technology or data architecture to alleviate data-related concerns, including rationalizing data sources and centralizing data into a single data source… [thus establishing] increased accuracy and completeness of source data’ (EY 2019).

RegTech effect

We document three important effects of technology-driven compliance:

1. Direct effects on technology adoption

Firms subject to the amendment undertake significant technological and labor expenditures. Specifically, affected firms increase their IT budgets, add data management and enterprise resource planning software tools that directly aid compliance with the amendment, and add servers and computers. Their job postings mentioning compliance and ERP skills also increase. Thus, automating compliance efforts does not necessarily reduce demand for labor—a finding that has also emerged from other studies of technology adoption (Acemoglu and Restrepo 2019).

2. Indirect effects on technology adoption

Interestingly, regulation has a second, less direct effect on technology adoption at affected firms. The basic idea is that data and information systems are what economists call ‘non-rivalrous’ goods: unlike, for example, a forklift or a manager, data can be used by multiple functions of the firm at the same time without exhaustion.

To illustrate, when the firm improves its data and information systems for compliance purposes, non-compliance functions can also benefit from being able to use them. As a specific example, our study finds significant increases in the adoption of customer relationship management tools. We also find affected firms adopt more website technologies, especially premium technologies that enable transaction security, fraud detection, and marketing engagement. Both types of technology adoption – software and website technology – leverage high-quality data of the type that compliance efforts commonly produce.

More broadly, surveys of the world’s largest financial institutions report that firms use RegTech investments not only for compliance purposes, but also as an important part of their operations management and strategy (Thomson Reuters 2021).

3. Improved monitoring

To understand how these technological investments affect operations, we study customer complaints. Common complaints relate to unsuitable investment recommendations, excessive trading, and commissions – grievances unrelated to the amendment itself but conceivably prevented by monitoring via the Broker-Dealer’s internal information processes. Moreover, complaints are relevant to trust and participation in the financial system (Guiso, Sapienza and Zingales 2008; Kowaleski, Sutherland and Vetter 2020).

At affected firms, we find that the complaint likelihood declines by 2.3%, the number of complaints falls by 3.5%, and the customer-alleged damages per employee drop by 29%. The complaint declines are concentrated in incidents most easily detected through technology-based monitoring, and in firms making larger RegTech investments.

Looking forward

Our results point to two implications for the financial sector. First, technology will play a growing role in compliance efforts and will compel further investments in data quality, information systems, and related hiring. Technology is advancing, creating new opportunities for digitization, monitoring, and reporting. At the same time, financial institutions face an array of regulations related to capital, risk management, consumer protection, and transparency that are unlikely to be repealed any time soon.

Second, the effects of RegTech investments will not be confined to compliance functions. Instead, because data can be shared within an organization, compliance-driven improvements in data quality and availability will influence the adoption of complementary tools (such as the customer relationship management programs we study), which in turn have important effects on financial service quality.

Overall, RegTech has the potential to alter the quality and nature of financial services, not only in the Broker-Dealer market we study, but also banking, insurance, and asset management.

Ben Charoenwong is Assistant Professor of Finance at the National University of Singapore

Zachary Kowaleski is Assistant Professor of Accounting at the University of Notre Dame

Alan P. Kwan is Assistant Professor of Finance at the University of Hong Kong

Andrew Sutherland is Associate Professor of Accounting at the Massachusetts Institute of Technology


With the support of