RegTech Associates’ Sian Lewin: “The key to KYC efficiency is about changing the whole mindset and approach to KYC”

Sian Lewin, the co-founder of Regtech Associates, is a recognized expert and influencer in Regtech and financial regulation. We have asked Sian’s opinion on the Regtech industry trends, KYC efficiency, how the world pandemic has affected fraud rates, and many more.

I saw on your LinkedIn that you had started your career in finance (for example, you worked as a Manager in the Financial Services practice in Deloitte). Can you tell us when and why there was a turning point to Regtech in your career?

It was when I was working at Deloitte and an internal team had been formed to work on the introduction of the new Basel 2 regulations. A group of partners had realized that this would have a very significant impact on the banking industry globally and we worked really hard on developing tools and material to help our clients understand these impacts and what changes they needed to make to become compliant. This was my first real introduction to financial regulation and I was hooked by a combination of the intellectual challenge in understanding the details and the practical challenge of regulatory implementation. Even back in 2003, the answers to many of these challenges lay in technology.

How was the Regtech Associates founded? When did you have the first idea about it?

When I completed my Ph.D. in 2017, I have discovered the label ‘RegTech’ and as I was doing more research, I came across Jason Boud, my Co-Founder. He had the vision and desire to research and really understand the RegTech industry and to bring the buyers and sellers in the market closer together. At that point in time, there was a lack of clarity in the market, and Jason and I spotted the need to (a) ensure those selling RegTech products really understood and articulated the problems their products were solving and (b) that those buying the products knew what solutions there were that could help them overcome some of the challenges they faced in meeting their regulatory obligations.

What does RegTech Associates do? Are there any particular challenges that you’re facing? Do you wish there was a technology that could help you solve those issues?

RegTech Associates is primarily a research company. We conduct deep research into the RegTech and adjacent markets (such as legal and risk) and capture an enormous amount of data about the innovative technology products that are out there to help regulated firms meet their regulatory obligations. We have developed our own proprietary taxonomy of the RegTech market and hold data on over 1200 products from across the globe.
We use our research in a number of ways to help serve our clients – from research and strategy work such as market opportunity analysis through to product advice and then go-to-market strategy and activities.
One of our key challenges is that we collect a huge amount of knowledge and insights about the Regtech industry which is hard to keep track of manually so we have embraced technology and have built a digital platform, called Radar, which showcases our product information, our market knowledge, and insights and also news about the RegTech market. We’re going to be focusing on enhancing and developing this further over the next year or so.

What are the hottest trends in the Regtech industry right now? Where do you see the Regtech space as a whole 5-10 years from now?

There are a couple of areas where we are seeing a lot of activity.

The first is in the identity and verification space. Some big fundraising deals have been completed in the first few months of this year, with Socure securing a huge $100m Series D round, for example. We are also seeing some interesting acquisitions in this space, with Mastercard buying Ekata and Okta acquiring Auth0. It is clear that identity is a hot part of the market, largely driven by the acceleration in the adoption of digital channels as a result of lockdown during the pandemic.

Secondly, the market for Environment, Social, and Governance-related RegTech products is growing, with some real innovation happening here. Regulations are solidifying and reporting standards are being rationalized. There is also a wide range of regulatory obligations – from proving the ESG credentials of ESG funds through to including climate risk into the credit assessment of a borrower. What all these obligations have in common is the amount of data that is needed – and new types of data that financial institutions haven’t had to pay attention to or had access to before.

In 5-10 years I think the RegTech market will look very different – it is currently one that is scaling and I expect to see a lot of shakeout and consolidation between players. Incumbent providers are going to be increasingly threatened unless they can keep innovating at the same speed as the newer companies. Given the speed of technology innovation, it is my hope that we will see some even cleverer solutions to some intractable regulatory problems, perhaps being solved through increased collaboration.

Do you agree with the point of view that coronavirus has increased the number of identity fraud cases?

I think this is undisputed. If you look a the evidence coming out of fraud organizations like CIFAS, there are warnings of new types of COVID fraud every week. Criminals and scammers are exploiting a human tragedy for their own gains. I think there is also evidence that identifies fraud specifically has also increased as a result of the pandemic, with fraudsters going to extreme lengths to bypass ID verification technology, such as wearing masks to bypass video and selfie verification.

How can regulated financial organizations enhance KYC efficiency?

For me, the key to KYC efficiency is about changing the whole mindset and approach to KYC. It is often thought about in terms of an event. Onboarding KYC checks – done. Periodic review – done. The reality is that this does not give you an accurate and up-to-date picture of your customer risk, especially when dealing with sophisticated fraud typologies such as money muling. Instead, firms should be thinking about KYC in terms of a data-driven process. To do this, they need to understand what customer data they have and where it is located, and then find ways of keeping it updated continuously so alerts can be triggered when something significant changes. The technology is there to support this – but breaking out of silos and re-engineering processes can be painful. My suggestion would therefore be for firms to start with a small part of the business to test it and then roll perpetual KYC out gradually.

What is important to know about AML-regulations in 2021?

As far as I know, we are not expecting the 7th Anti-Money Laundering Directive from the EU this year! However, the EU is seeking to harmonize rules around money laundering and strengthen enforcement and oversight.

With the UK leaving the EU, firms based in the UK now need to comply with the UK’s own national AML, CTF, and sanctions framework and targets lists. The UK can apply its own sanctions, perhaps diverging from the EU, and can also go its own way when it comes to money laundering regulations.

Big changes are also afoot in the US, with the passing of the US’s National Defense Authorization Act for Fiscal Year 2021 which was effectively the biggest overhaul of the US anti-money laundering regulations since the Patriot Act in 2001. As well as formalizing the risk-based approach to AML and CTF, this act also strengthens the requirements for identifying Ultimate Beneficial Ownership, bringing the US more in line with EU regulations.

Can you give advice to the companies on how to choose a KYC-service provider?

We have nearly 300 products that can help companies with their KYC obligations within our research database so it is a real challenge for regulated firms to select the best product for their needs. However, this is also an opportunity to do some of that re-imagining that I mentioned above so I would encourage firms to take stock of all the technology and processes that are being used to fight financial crime and be realistic about the maturity of their capabilities.

It may not be the right moment to rip out major pieces of technology such as name screening or transaction monitoring – but there are solutions that can layer on top to help reduce the number of false-positive and make the process more streamlined. Or, it may be the right time to think about putting in additional data providers and workflow to enhance KYC – so understanding which vendors can perhaps aggregate multiple providers into one platform for you might be helpful. Finally, your firm may have done a lot of work on data integration and data quality and be ready to implement more advanced technologies such as AI and machine learning.

I would always suggest doing your research and be really clear about where you are and where your organization is trying to get to. I have seen some firms trying to implement advanced technologies when they still have a huge amount of work to do on some of the fundamentals like data quality and that can be frustrating for everyone involved.

What’s next for Regtech Associates?

We are really excited about the future of the RegTech industry and want to share our research on the market with a wider audience so we will be launching our digital research platform, called Radar, later in the year. This will provide users with curated, cataloged, and tagged data about 1,300 RegTech products along with our own insights and news about the RegTech market.

Earlier this year, we launched a comprehensive research report in partnership with the City of London Corporation into the future of the UK RegTech industry and we are looking forward to working with the industry to help take some of the recommendations made in the report forward.

Finally, we are going to continue to build on our research and in-depth knowledge of the market by growing our research capabilities and engaging with as many RegTech vendors as we can because this is where our passion lies – we truly want to help to realise the value of RegTech.