During the global pandemic of COVID-19 you’d be forgiven for forgetting any previous debates that have gone before us. GDPR, or compliance, should take a backbench while companies struggle to find their feet in the new normal? Well, not exactly.
After a brief lull in fines, regulatory risk radars are once again lit up like Christmas trees following strong messages about insufficient compliance. With a 500% increase in UK Financial Conduct Authority (FCA) fines alone, totalling £392m so far in 2019, regtech and the race to compliance digitisation is as important a consideration now than it ever has been.
We spoke to several leaders from the Nordic RegTech industry on the COVID-19 effect, how compliance has been accelerated and how RegTech technologies can contribute to the fight against infectious disease.
RegTech: The Next FinTech?
Fredrik Millde has well over 20 years experience in the Financial Sector. From 2009 he’s been a consultant in different roles while being involved in major regulatory work in large banks.
Most notably, Fredrik was headhunted to develop the concept for what would go on to be the Nordic KYC Utility, which has subsequently evolved into the company Invidem. Fredrik has now left his assignment as Interim CEO of Invidem.
We spoke to Fredrik about the RegTech industry, the challenge, the opportunity and how COVID-19 is affecting the industry as a whole.
"There are big challenges in RegTech, but even bigger opportunities"
In the Nordics alone there are over 1700 RegTech companies all vying for a piece of the pie. As organisations like FCA crackdown on improper use of data, large institutions start to look for solutions that can provide compliance at scale. With the outbreak of COVID-19, this has only hastened an already rapidly moving industry.
“There are a lot of things happening in the KYC space. With COVID-19 some things will be accelerated . Specifically, digitalization will be forced to happen sooner. We need to do everything digitally and not all obliged entities are ready for that.”
On average, 31% of an organisation's technology is made up of legacy systems. Maintaining those systems can be a costly burden, with an average of 60-80% of IT budgets allocated to keeping them running. It's estimated 90% of businesses are held back in terms of growth and enhanced efficiency due to old technology.
Legacy systems are costly, titanic entities that large organisations struggle to turn around. For that reason, Fredrik believes that the onus on digitisation is shared between the institutions and the companies delivering the RegTech solutions.
“It will demand a lot of all parties involved, the suppliers will need to provide flexible solutions that can support compliant processing of KYC that obliged entities need to live up to. The obligated entities, on the other hand, need to be able to pivot their processes to handle the solutions provided. ”
Unifying a Fragmented Industry
General data protection is an EU directive, within the EU you have countries each with their own law, and then, even more granular, you have financial institutions interpreting those laws.
The market is fragmented and this fragmented situation presents opportunity for those who want to use the financial system, Fredrik says. With no clear-cut rules on what is compliant and what isn’t, large institutions are forced to make interpretations that leave them exposed.
The solution to the fragmented market is providing a unified front for all obliged entities. One interpretation, for everyone. Until then it will always be individual banks doing their own thing, differently. That opens up the cracks. Into this space, Invidem was born.
Invidem was founded in 2019 by six of the major banks in the Nordic countries as a joint initiative to address challenges in KYC regulations for the Nordic market: Danske Bank, DNB, Handelsbanken, Nordea, SEB and Swedbank.
Through Invidem, the founding banks have developed a common standard for KYC-information, which is made available through KYC services and platform. Invidem is fully independent and accessible for everyone requiring effective and compliant KYC-information.
“Over the last few years we at Infidence Consulting have built up expertise on interpretation of the affected regulatory frameworks, efficient KYC processing as well as on the ecosystems of solutions - what is out there right now? We’ve done in depth analysis of many of the market actors to understand what value they add to the ecosystem. ”
COVID-19: Pushing Regulation Forward
For many, the word ‘digitalisation’ has become a bit of a buzzword. It’s talked about so widely, that many see it as a concept not a change. Right now, however, many businesses’ are having their hand forced by the on-going COVID-19 crisis.
With teams forced to isolate, digitalisation of many companies (some with massive legacy systems) has come almost overnight.
Between working in a new location and having to manage the kids around work, this change of working has presented challenges. But for the large corporations who rely on legacy systems this is nothing short of a disaster. This is especially the case when it comes to financial sector companies who still need to safely and compliantly get their customers and employees operating from remote locations.
Amongst these sweeping business changes, RegTech is finding its feet.
“The effect of Covid 19 is massive. We’re not able to meet face to face like we are used to but financial institutions and other obliged entities still need to get customers onboarded. They need to be able to ensure secure identification of their customers and comply with regulation, so there will be a huge need for different types of KYC services, one good example is what Invidem is building.
I believe that the faster-pace digitalisation will require large investments to accommodate this. The current handling of KYC is to a large extent dependent on manual processing and to align this to a more digital approach will take time.
But the fear, for Fredrik, is that this massive need for digitalisation will have legislators and regulatory bodies reviewing the laws and relaxing a few of them. Indeed, for the short term, you may well get a lower barrier to entry for compliance during COVID-19 but, as Fredrik agrees, that would be a step in the wrong direction for everyone.
For now, more and more RegTech solutions are appearing to provide their services to these large institutions who are trying to turn around their legacy systems.
“There is definitely room for more, we see a lot of initiatives but only a few of them have a real footprint and many solutions still need to prove themselves.”
We connected with a few RegTech companies with the footprint Fredrik is talking about to gather their thoughts on the RegTech industry and regulation during COVID-19.
Astyanax Kanakakis - CEO - Norbloc
Co-founded in Stockholm in 2016 by Astyanax Kanakakis, Norbloc now has a worldwide presence with roots in Dubai and Athens. Here Astyanax has led Nordbloc to be the premier blockchain regulatory platform provider in Europe, focusing on financial services and government initiatives.
“We’re focusing on regulating data networks, in particular for financial institutions. In a nutshell, we build ecosystems where customers of those institutions, for example, can create a KYC profile, share it with multiple parties and mutualize the effort to validate that data between the participating entities. We’re safeguarding regulated data, allowing a single version of the truth across the entire ecosystem.”
Norbloc’s story is one that, like many successful start-ups, is rooted firmly in the life and experiences of its founder. Astyanax’s pedigree in this sector is a result of his extensive background in the financial services, with him even spending time on the frontlines of banking for a short time.
“14 years prior to Norbloc I was focusing on financial services in my consulting career.”
It was there that Astyanax could see clearly the customer data aspect of a business and how it is so often prone to operational hurdles and regulatory mistakes that could cost millions.
“The advent of distributed ledger technology finally allowed the breakdown of data silos between institutions without the need for a central entity. We could finally solve some of the most persistent problems around validating and matining regulated data in financial services in the most elegant manner.”
Life at Norbloc, while COVID-19 drives teams apart, is very much in maintaining delivery and strengthening relationships with growth goals towards the end of the year.
“We have to be prepared for the new world of working and ensure we stay close to our clients that are already in production but also maintain momentum in developing ecosystems.”
The challenges for Norbloc will be familiar to most in the tech space: implementations formally a priority are now impacted dramatically. This is especially the case when development and delivery teams are distributed.
“Working from home is a new reality for people in IT departments of most banks. Implementation times were getting longer. Nethertheless, in terms of customer interest and commercial traction, we haven’t seen slow down. We have seen an increase as the current pandemic moves us faster to a low-touch economy that digital platforms, such as ours, support.”
Despite the limitations imposed by the remote working situation, Astyanax is hopeful that he will continue to keep employees engaged during this period. The focus is on as frequent communication and not just work-related sessions, but also communication that draws on the rich diversity that Norbloc has in its teams.
“We live in very different situations around the world. We exchange experiences!”
Focusing on the well-being of those around him, Astyanax places significant stock on planning for the future for fighting isolation blues.
“We start thinking about things to come. Team activities that we can look forward to. We have an annual outing with the company. I’m trying to put something in motion and get the team involved to give them something to work towards.”
And the future, it would seem, is very bright for Norbloc and the Reg-tech industry as a whole with the current pandemic highlighting the importance of proper data regulation and compliance while most businesses now start to operate away from their usual infrastructures.
Whereas some would presume that the pandemic can only mean negative things for the use of data, and with the UK and German regulatory bodies continuing to hand out significant fines, Astyanax sees a more positive side to the story.
“The current pandemic has its positive side-effects; pushing organizations to accelerate digital transformations.”
In fact, the Financial Action Task Force (FATF) recently issued a statement underlining the importance of remote onboarding and digital ID putting renewed pressure on those responsible for data compliance.
“Now is the time for banks to support their SME and Corporate segments by offering truly digital onboarding and data maintenance solutions that make the customers' and regulators' lives easier and lower costs for FIs.”
Karl-Oskar Brannstrom - CEO - Aigine
Karl-Oskar Brannstrom is the CEO and Founder of Aigine.
An educated business lawyer, Karl-Oskar has 20 years worth of experience in the technology sector, with a very strong focus on automation and digitisation in the field of compliance. Aigine and Karl-Oskar are focusing on the challenges of data protection and other legislation coming up and have developed a fitting solution.
“Together with IBM and Elinar, we have created an AI solution to identify personal data within Big Data and also using AI to make the relevant legal decision on that data. Can we still use this personal data? How long can we keep it?”
During the global pandemic that now grips everyone, Aigine still operates at peak activity on an operational side. On a customer project side, however, they’re taking stock.
“What we’re doing is taking one step back and putting lots more time into our value-added resellers so we’re working with enablement and education service packaging. We’re using this time together to do something creative and that’s building capabilities for when the market starts moving again.
We’ve taken the focus from end-customers processing and pipeline growth to instead focus on value-added reseller enablement so we are ready when it’s time.”
This approach, that sees Aigine taking stock, depends heavily on solid communication between the various departments of Aigine and the external partners and re-sellers. But at a time like this, communication is put under even more pressure than normal.
“Now we have more online meetings. It’s a challenge when it comes to managing teams but it isn’t essential. We’re missing out on body language and things.”
Communication is incredibly important, but in some cases, the single-minded purpose and transparency of the company's goals is enough to keep the team unified. For Karl-Oskar, this is key to developing a unified front where every member of the team knows what they’re because their goals are the same.
“When it comes to team management, if you’re going to be successful, you shouldn’t have the whip. You should have incentives and we have succeeded in having these in place so we have a common interest. We all know what everyone is working on and towards. I would think that if you don’t have this in place during a lockdown, it would be very hard to keep track of everything.”
The subjectivity of all of this shouldn’t be understated. Sometimes we look to objective truths when there are none. It’s important to understand that it doesn’t matter if you do or don’t have a reason for lack of motivation, rather the important part is that you simply lack motivation and that has to be targeted.
Practically we have 2 daily meetings. Not only are we talking work, we’re talking everything. The social aspects, everything. It’s not a burden, it’s connected to the subjective well-being of a workplace community.
“We are having way more meetings than we have ever had, but since we don’t get the social meetings anywhere else we need to have them. It may be reducing our productivity short term, but it’s essential for any sustainable productivity, whatsoever, for us to get that social interaction.”
This takes on a new importance when you consider Aigine’s incredibly lean operation. In addition to keeping on top of converting legal demands into specs, Aigine has to work closely with both implementation and technology partners. And, if you’re only somewhat familiar with AI you’ll know that it requires a lot of training data to get even basic cognitive abilities.
“We’re not in the age of Skynet yet, today's AI is a rudimentary technology built on the logic that if you want to get anything done with AI you have to have large amounts of high-quality training data.”
To solve this, Karl-Oskar and Aigine created what they call ’Collaborative Cognitive Learning’. An AI that will go through the data, make the legal decisions, send the decisions to advisors who look at the purpose of the decisions and data use. They review the decisions and spot errors. These exchanges go back to the deep learning platform so the AI can learn from mistakes and human decision making.
All in an effort to help companies to navigate the murky waters of compliance. Failure to do so will result in catastrophic problems.
“In Germany, we are already seeing big fines around the improper handling of this unstructured data. We are in the phase now of educating customers around this.”
It’s clear that the warning signs are there. Non-compliant use of unstructured data isn’t something to be taken lightly. For both Astyanax and Karl-Oskar the problem isn’t finding companies with these challenges because they are unanimous.
“Our problem is finding customers with the maturity to understand they must act as soon as possible. Waiting will only increase risk, it wont make the problem go away.”
But, in a similar vain to Astyanax, Karl-Oskar is seeing an increased awareness of personal integrity during the global pandemic.
“Even during this COVID crisis, we are starting to see the awareness of personal integrity is rising in the populace. People are more and more aware of their personal integrity.”
A flurry of ‘Contact Tracing’ apps have been developed with the idea of using people’s personal data, their movements and health information, to build a picture of the contact they’re having with others and, and by extension, track the spread of disease.
Governments have bought into this idea as a major part of post-lockdown strategies, but little evidence has been shown for the long-term protection of people’s data.
“If you look at contact tracing, some governments are using your mobile phone to understand who you have been in contact with. From a COVID/Contact Tracing standpoint, it makes sense, but from a political control perspective such tracing has terrifying implications.”
For that reason, the recent COVID-19 pandemic has only strengthened the standing of data compliance, and the subsequent need for Reg-Tech services the likes that Astyanax and Karl-Oskar are developing. The good news? That if these services can find their way into the hands of Big Data giants, everyone will benefit.
“We’ve actually been in a global hackathon around a global tracing app that doesn’t violate your privacy. Instead, it empowers you to donate your personal data to help fight COVID-19. It enables data altruism.”
Our solution, the Data4life initiative, makes it possible for citizens to volunteer their own health information and localisation data— but do so in a way that doesn’t compromise privacy. Many states, notably South Korea, have ramped up state surveillance to help track and fight the disease.
European countries may be a long way away from surveillance like that but they certainly aren’t powerless when it comes to using their data for good.
“GDPR is in fact changing the 300-year-old principle of what’s mine and what’s yours when it comes to intellectual property rights. What people don’t think about is that data usage goes both ways. You, as a data subject, can actually both get and use data gathered and owned by Google, Facebook, and global telecom companies, to help society. To fight the pandemic.”