Register For Our Mailing List

Register to receive our free weekly newsletter including editorials.

Home / 162

Regtech evolution as compliance drives us crazy

Counting the volume of in force regulation hardly sounds exciting, but it was the necessary starting point for the Federal Government’s deregulation agenda. The results were startling to say the least.

It turns out that two years ago, the Federal regulatory footprint consisted of about 1,800 acts and over 83,200 subordinate instruments and quasi-regulations. And that doesn’t include state and territory regulation or global regulation that impacts on Australian businesses.

Deloitte Access Economics puts the cost of compliance with Federal and State regulation at $95 billion p.a. and - even more disturbing –the cost of complying with self-imposed red tape at an additional $160 billion. That’s $28,000 per household. According to Deloitte, compliance workers are now an alarming one in every 11 workers in Australia!

While the Federal Government reports some progress in reducing the cost of compliance through its deregulatory agenda, it appears to be taking three steps forward and 2.9 steps back as new regulation continues to proliferate.

The problem isn’t limited to Australia. Thomson Reuters’ 2015 Cost of Compliance survey reported that regulatory fatigue was expected to increase globally due to snowballing regulation. Firms were facing difficulties finding and retaining suitably skilled compliance staff due to increased stress and potential personal liability. And regulatory matters are reportedly consuming disproportionate amounts of board time, from correcting non-compliance and preventing further sanctions, to implementing structural changes to meet new rules.

Financial services bears its fair share, probably a disproportionate share, of this burden. Indeed, managing regulation and compliance is one of the biggest challenges for financial services businesses today. It’s all very well to aspire to offer world-best customer service, but in many areas, attempts to do so are stymied by compliance and reporting obligations.

So its little wonder that businesses are increasingly turning to technology to help solve the problem. We’ve seen two distinct waves of regulatory technology development – and we are on the cusp of a third and even more exciting wave.

Wave 1 – Governance, risk and compliance programmes

Governance, risk and compliance (GRC) programmes are a ‘linear’ response to the proliferation of regulatory requirements (that I fondly think of as ‘list and tick’). They offer an online database of regulatory obligations. More advanced applications offer users the ability to customise the obligations to their unique business requirements, add internal business rules, allocate responsibilities and capture reports on the progress and success (or otherwise) of compliance efforts. Worthy Australian providers include CompliSpace, SAI Global and LexisNexis.

Modelled on enterprise risk management tools, these systems have become essential to businesses operating in complex environments to help catalogue and manage the ever increasing regulatory burden.

One thing they don’t do is reduce that burden.

All those tasks still need to be allocated to someone. And policies, procedures and tools still need to be developed. Employees need to be trained, supervised and monitored. Regular internal and external audits need to be undertaken to check that the policies and procedures are working. And periodically, the entire system needs to be reviewed for effectiveness. It’s exhausting just to think about!

The other thing they don’t do is detection.

List and tick programmes are only as good as the data that users contribute. If a person falsely self-certifies, if an overworked compliance manager ‘fudges’ a monitoring report (just this once!), if a regulatory obligation gets missed or misinterpreted - the assurance reports on which boards rely so heavily could be compromised.

Are they useful? Absolutely. Are they effective to prevent or deter regulatory breaches? Only in the same way that an inventory is useful to tell a business how much stock it has on hand.

Wave 2 – Surveillance

The excesses that led to the GFC, the financial planning and insurance scandals and even the alleged bank bill swap rate rigging are testimony to the fact that the comfort that boards and compliance teams have taken in Phase 1 GRC programs is somewhat misplaced.

After the GFC, in response to the need to prevent such catastrophic market failures going forward, a new wave of surveillance tools emerged.

For example, NASDAQ’s SMARTS surveillance technology, which ASIC began using in 2010, enabled regulators and trading marketplaces to analyse trends in market data and identify suspicious trading activity such as insider, high-frequency and algorithmic trading. Today, ASIC has the capacity to continuously monitor suspicious trading patterns that can indicate market misconduct in real time. Because ASIC will investigate and, as we have seen, prosecute such conduct, trading houses can ill afford not to invest in similar technologies.

The downside of these technologies is that the sheer volume of data produced by these systems can create unmanageable overload. It’s all very well to know about a problem but if you have so many that you can’t effectively deal with them, the information is of limited use.

There is a clear scope for further development of trading surveillance using artificial intelligence which mimics the way the human brain works. Together, data mining, pattern recognition and natural language processing have the ability to distinguish conduct which poses serious risk of non-compliance. This advanced intelligence will help regulators and compliance workers to make better informed and faster choices about prioritising, mitigating and managing regulatory risk. Everyday compliance tasks like fraud detection, currency monitoring and reporting to regulators are increasingly being automated.

Wave 3 – Prevention, rather than cure

Wave 3, which is in its early stages, is being driven by the fact that Wave 2 technologies can only focus on real time or after-the-event detection and reporting. This inevitably requires considerable compliance resources to monitor, manage and rectify problems once detected. The challenge has been exacerbated by social media which has exponentially expanded what needs to be monitored.

When 9% of our workforce is engaged in compliance work, we have surely reached an inflection point. Diverting ever more productive resources into regulatory activity doesn’t make economic sense. And the deregulation agenda is hardly likely to solve the problem in any timely fashion. So there appears to be a golden opportunity for more innovative technology solutions.

What might they look like? Well, an ‘ounce of prevention’ has been worth a ‘pound of cure’ since the expression was coined by English jurist, Henry de Bracton in 1240. It’s time for technology to turn its attention to prevention. Real time. Before the event. And as operational processes are increasingly being automated, compliance requirements can and are increasingly being built into the technology.

The exciting advance offered by Wave 3 technologies is the ability to deploy artificial intelligence and other machine-learning techniques within process gateways so that breaches can be detected when, or even before, they occur and rectified before completion of the activity.

Wave 3 technologies, or regtech as they’re now known, will enable firms to detect and manage regulatory and other risks before they even occur. Although Anti Money Laundering – Counter Terrorism Financing identification and verification currently appear to be the most well developed applications, a number of novel applications are evolving out of stealth mode as artificial intelligence capabilities are advancing.

Regulators worldwide are watching these developments with interest. In the UK, the Financial Conduct Authority has called for input on how regtech can deliver outcomes that improve efficiency, transparency and collaboration. The Bank of England has announced an accelerator to work with fintech firms on its unique challenges. And a global regtech capital markets conference is taking place in London in July to debate the need for a 'regtech commons'. Closer to home, ASIC is about to establish a dedicated regtech team and AUSTRAC is actively reaching out to fintech startups.

In a world where poor conduct can be detected and prevented at source, we might even see an acceleration of the deregulatory agenda!

 

Claire Wivell Plater of The Fold Legal is a leading financial services and credit lawyer. She actively advises both digital and ‘analogue’ businesses on commercial and regulatory issues and is a member of the Federal Treasurer’s Digital Advisory Group.

 


 

Leave a Comment:

RELATED ARTICLES

CBA, AUSTRAC and our Orwellian privacy laws

banner

Most viewed in recent weeks

Australian house prices close in on world record

Sydney is set to become the world’s most expensive city for housing over the next 12 months, a new report shows. Our other major cities aren’t far behind unless there are major changes to improve housing affordability.

The case for the $3 million super tax

The Government's proposed tax has copped a lot of flack though I think it's a reasonable approach to improve the long-term sustainability of superannuation and the retirement income system. Here’s why.

Tariffs are a smokescreen to Trump's real endgame

Behind market volatility and tariff threats lies a deeper strategy. Trump’s real goal isn’t trade reform but managing America's massive debts, preserving bond market confidence, and preparing for potential QE.

The super tax and the defined benefits scandal

Australia's superannuation inequities date back to poor decisions made by Parliament two decades ago. If super for the wealthy needs resetting, so too does the defined benefits schemes for our public servants.

Meg on SMSFs: Withdrawing assets ahead of the $3m super tax

The super tax has caused an almighty scuffle, but for SMSFs impacted by the proposed tax, a big question remains: what should they do now? Here are ideas for those wanting to withdraw money from their SMSF.

Getting rich vs staying rich

Strategies to get rich versus stay rich are markedly different. Here is a look at the five main ways to get rich, including through work, business, investing and luck, as well as those that preserve wealth.

Latest Updates

SMSF strategies

Meg on SMSFs: Withdrawing assets ahead of the $3m super tax

The super tax has caused an almighty scuffle, but for SMSFs impacted by the proposed tax, a big question remains: what should they do now? Here are ideas for those wanting to withdraw money from their SMSF.

Superannuation

The huge cost of super tax concessions

The current net annual cost of superannuation tax subsidies is around $40 billion, growing to more than $110 billion by 2060. These subsidies have always been bad policy, representing a waste of taxpayers' money.

Planning

How to avoid inheritance fights

Inspired by the papal conclave, this explores how families can avoid post-death drama through honest conversations, better planning, and trial runs - so there are no surprises when it really matters.

Superannuation

Super contribution splitting

Super contribution splitting allows couples to divide before-tax contributions to super between spouses, maximizing savings. It’s not for everyone, but in the right circumstances, it can be a smart strategy worth exploring.

Economy

Trump vs Powell: Who will blink first?

The US economy faces an unprecedented clash in leadership styles, but the President and Fed Chair could both take a lesson from the other. Not least because the fiscal and monetary authorities need to work together.

Gold

Credit cuts, rising risks, and the case for gold

Shares trade at steep valuations despite higher risks of a recession. Amid doubts that a 60/40 portfolio can still provide enough protection through times of market stress, gold's record shines bright.

Investment strategies

Buffett acolyte warns passive investors of mediocre future returns

While Chris Bloomstan doesn't have the track record of his hero, it's impressive nonetheless. And he's recently warned that today has uncanny resemblances to the 1990s tech bubble and US returns are likely to be disappointing.

Sponsors

Alliances

© 2025 Morningstar, Inc. All rights reserved.

Disclaimer
The data, research and opinions provided here are for information purposes; are not an offer to buy or sell a security; and are not warranted to be correct, complete or accurate. Morningstar, its affiliates, and third-party content providers are not responsible for any investment decisions, damages or losses resulting from, or related to, the data and analyses or their use. To the extent any content is general advice, it has been prepared for clients of Morningstar Australasia Pty Ltd (ABN: 95 090 665 544, AFSL: 240892), without reference to your financial objectives, situation or needs. For more information refer to our Financial Services Guide. You should consider the advice in light of these matters and if applicable, the relevant Product Disclosure Statement before making any decision to invest. Past performance does not necessarily indicate a financial product’s future performance. To obtain advice tailored to your situation, contact a professional financial adviser. Articles are current as at date of publication.
This website contains information and opinions provided by third parties. Inclusion of this information does not necessarily represent Morningstar’s positions, strategies or opinions and should not be considered an endorsement by Morningstar.