Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Black Hat Asia
March 26-29, 2019
Singapore
Black Hat USA
August 3-8, 2019
Las Vegas, NV, USA
Black Hat Europe
December 3-6, 2019
London UK
10/25/2016
02:00 PM
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys
Event Updates
50%
50%

Black Hat Europe 2016:
Introducing RegTech: Cloud-based Tools For Regulatory Compliance

As regulatory requirements grow in volume and complexity in Europe and globally, cloud computing is emerging as a key tool to help companies manage compliance processes.

For many years, the security of the cloud was viewed with distrust and apprehension. Today acceptance of cloud computing among enterprises has been growing steadily; as executives have grown more comfortable with its risks they have also learned to value its considerable benefits.

Probably the best known benefit of cloud computing has historically been cost savings. Now we have one more: organizations are turning to the cloud to help them with the ever-growing demands of regulatory compliance.

How Cloud Can Automate Compliance

Regulations increasingly demand that organizations collect, store and analyze enormous amounts of data related to their business.  In 2015 alone, more than 20,000 new regulatory requirements were created, while there will be an expected 300+ million pages of regulations by 2020, according to IBM.

And let’s not forget the less frequent but seismic shifts like Brexit, which, when they happen, send tremors throughout the regulatory landscape, increasing uncertainty, complexity, and confusion. Keeping up with regulatory compliance requires an ever bigger chunk of enterprises’ operational budgets, as well as significant staff resources.

From an IT perspective, this means continuous upgrades of software, hardware computing power and storage capacity. Naturally, organizations who have opted to host their regulatory compliance systems in house are struggling with the rising IT complexity and cost. As a result, many are turning towards SaaS, IaaS and PaaS providers that can offer computing environments with these levels of scalability, flexibility, sophistication and availability. This is especially true of companies in highly-regulated industries like finance and healthcare, whose compliance burdens are particularly heavy.

What are these companies finding in cloud computing providers catering to regulatory compliance automation that they can’t replicate in house?

  • Robust big data analysis engines
  • State-of-the-art security for stored and in-transit data
  • Massive storage capacity
  • Specialized and continually updated compliance software that uses the latest machine learning and artificial intelligence algorithmic advances. 

Say Hello to ‘RegTech’

Cloud computing is the anchor for a set of technologies and products collectively known as ‘RegTech' because they’re used to automate regulatory compliance processes.  According to a recent Deloitte report, a “defining feature” of RegTech is that most products are cloud-based, with benefits including:

  • Remote storage
  • Management and backup of data
  • Pay per usage
  • Strong end-to-end encryption
  • Flexibility to add or remove software features

RegTech products are designed to automate regulatory compliance processes, and in recent months, they’ve started going from niche to mainstream. In late September, IBM acquired Promontory Financial Group, a regulatory compliance consulting firm, to transfer its expertise to the Watson cognitive system and give it RegTech capabilities. Financial technology newswire Finextra called this deal “the biggest example yet of the coming age of RegTech, in which technology is applied to the unravelling of regulatory red tape.” 

Meanwhile, American Banker declared that “RegTech is Real” in a September article, and wrote: “IBM's deal to buy Promontory Financial Group portends a dramatic change in the roles computers and humans play in regulatory compliance.” According to the Institute of International Finance (IIF), compliance process areas RegTech can significantly impact include risk data aggregation, modeling and real-time transactions monitoring, and it can free up capital that banks could use in other parts of their operations. 

Long term, RegTech “will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks,” Sean Smith, a Deloitte partner, is quoted as saying in the report, titled “RegTech Is The New FinTech.” Meanwhile, a Business Insider report published in August states that RegTech products will help in many areas of compliance beyond automating legacy processes, such as interpreting legislation, designing new compliance processes, and managing and processing data.

Europe is seeing its share of emerging RegTech vendors including Vizor in Ireland and FundApps in London. In October, U.K. RegTech firm ComplyAdvantage closed a funding round in which it raised $8.2 million.

Regulation Trends

The trend towards increasing the volume and complexity of regulations is intensifying in Europe and elsewhere. For example, the EU’s wide ranging and severe General Data Protection Regulation (GDPR), adopted this year, will take effect in 2018. If your organization is attempting to deal with this manually, and with on premises systems, it will place a big financial, technological and operational burden on its shoulders, and risk failure.

All major cloud computing platform providers -- Google, Amazon and Microsoft -- have boosted their efforts in Europe in the past year, expanding their data center footprints in the continent and tailoring their offerings for the region and for key individual markets and industries. With cloud computing and related technologies like machine learning and RegTech software, organizations can shrink this gargantuan effort to at least a manageable scope.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
TeamViewer Admits Breach from 2016
Dark Reading Staff 5/20/2019
How a Manufacturing Firm Recovered from a Devastating Ransomware Attack
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/20/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5798
PUBLISHED: 2019-05-23
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5799
PUBLISHED: 2019-05-23
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5800
PUBLISHED: 2019-05-23
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5801
PUBLISHED: 2019-05-23
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5802
PUBLISHED: 2019-05-23
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.