Black Hat Europe 2016: Introducing ‘RegTech:’ Cloud-based Tools For Regulatory Compliance

As regulatory requirements grow in volume and complexity in Europe and globally, cloud computing is emerging as a key tool to help companies manage compliance processes.

Darron Gibbard CISM, CISSP, Chief Technical Security Officer , EMEA, Qualys, Chief Technical Security Officer

October 24, 2016

4 Min Read

For many years, the security of the cloud was viewed with distrust and apprehension. Today acceptance of cloud computing among enterprises has been growing steadily; as executives have grown more comfortable with its risks they have also learned to value its considerable benefits.

Probably the best known benefit of cloud computing has historically been cost savings. Now we have one more: organizations are turning to the cloud to help them with the ever-growing demands of regulatory compliance.

How Cloud Can Automate Compliance

Regulations increasingly demand that organizations collect, store and analyze enormous amounts of data related to their business.  In 2015 alone, more than 20,000 new regulatory requirements were created, while there will be an expected 300+ million pages of regulations by 2020, according to IBM.

And let’s not forget the less frequent but seismic shifts like Brexit, which, when they happen, send tremors throughout the regulatory landscape, increasing uncertainty, complexity, and confusion. Keeping up with regulatory compliance requires an ever bigger chunk of enterprises’ operational budgets, as well as significant staff resources.

From an IT perspective, this means continuous upgrades of software, hardware computing power and storage capacity. Naturally, organizations who have opted to host their regulatory compliance systems in house are struggling with the rising IT complexity and cost. As a result, many are turning towards SaaS, IaaS and PaaS providers that can offer computing environments with these levels of scalability, flexibility, sophistication and availability. This is especially true of companies in highly-regulated industries like finance and healthcare, whose compliance burdens are particularly heavy.

What are these companies finding in cloud computing providers catering to regulatory compliance automation that they can’t replicate in house?

  • Robust big data analysis engines

  • State-of-the-art security for stored and in-transit data

  • Massive storage capacity

  • Specialized and continually updated compliance software that uses the latest machine learning and artificial intelligence algorithmic advances. 

Say Hello to ‘RegTech’

Cloud computing is the anchor for a set of technologies and products collectively known as ‘RegTech' because they’re used to automate regulatory compliance processes.  According to a recent Deloitte report, a “defining feature” of RegTech is that most products are cloud-based, with benefits including:

  • Remote storage

  • Management and backup of data

  • Pay per usage

  • Strong end-to-end encryption

  • Flexibility to add or remove software features

RegTech products are designed to automate regulatory compliance processes, and in recent months, they’ve started going from niche to mainstream. In late September, IBM acquired Promontory Financial Group, a regulatory compliance consulting firm, to transfer its expertise to the Watson cognitive system and give it RegTech capabilities. Financial technology newswire Finextra called this deal “the biggest example yet of the coming age of RegTech, in which technology is applied to the unravelling of regulatory red tape.” 

Meanwhile, American Banker declared that “RegTech is Real” in a September article, and wrote: “IBM's deal to buy Promontory Financial Group portends a dramatic change in the roles computers and humans play in regulatory compliance.” According to the Institute of International Finance (IIF), compliance process areas RegTech can significantly impact include risk data aggregation, modeling and real-time transactions monitoring, and it can free up capital that banks could use in other parts of their operations. 

Long term, RegTech “will empower compliance functions to make informed risk choices based on data provided insight about the compliance risks it faces and how it mitigates and manages those risks,” Sean Smith, a Deloitte partner, is quoted as saying in the report, titled “RegTech Is The New FinTech.” Meanwhile, a Business Insider report published in August states that RegTech products will help in many areas of compliance beyond automating legacy processes, such as interpreting legislation, designing new compliance processes, and managing and processing data.

Europe is seeing its share of emerging RegTech vendors including Vizor in Ireland and FundApps in London. In October, U.K. RegTech firm ComplyAdvantage closed a funding round in which it raised $8.2 million.

Regulation Trends

The trend towards increasing the volume and complexity of regulations is intensifying in Europe and elsewhere. For example, the EU’s wide ranging and severe General Data Protection Regulation (GDPR), adopted this year, will take effect in 2018. If your organization is attempting to deal with this manually, and with on premises systems, it will place a big financial, technological and operational burden on its shoulders, and risk failure.

All major cloud computing platform providers -- Google, Amazon and Microsoft -- have boosted their efforts in Europe in the past year, expanding their data center footprints in the continent and tailoring their offerings for the region and for key individual markets and industries. With cloud computing and related technologies like machine learning and RegTech software, organizations can shrink this gargantuan effort to at least a manageable scope.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights