4 questions to ask regtech vendors
The evolving regulatory technology marketplace presents both opportunities and challenges for credit unions.
Today’s “regtech” providers are focused on the application of advanced, innovative technology, such as machine learning and artificial intelligence, to the practice of regulatory compliance. In general, these providers and their products offer fairly cost-effective solutions. New products, creative business models and smart integration strategies have the potential to create economies of scale within the regulatory compliance function. Today, this is largely achieved through the process of compliance automation.
By automating otherwise time-consuming processes, credit unions can focus their people resources in other areas. Another benefit of automation, specifically when dealing with the compliance function, is a much deeper and valuable application of data. There are regtech solutions that propose to automate everything from modeling risk to updating compliance manuals.
Yet for every benefit of regtech integration, there is a potential downside. Many contemporary regtech providers operate in a cloud environment, which calls for increased diligence. Credit unions considering a partnership with any cloud-based vendor must ensure the potential partner has robust security protocols, as well as tested business continuity processes, in place. This is new technology, so the likelihood of bugs is fairly high. Is your credit union prepared to act as the guinea pig that will sniff out and help eradicate those bugs?
The other component to consider is how examiners will react to a regtech partnership. Regulators tend to err on the side of caution. They are conservative, and the idea of so much information being stored in the cloud, outside of the credit union’s immediate control, could make an examiner nervous. Nervous examiners can equal increased scrutiny.
Regulators also tend to be concerned with vendors that are new to any line of business. That said, when it comes to regtech, every vendor is new. It’s still an emerging field, after all. So credit unions should be prepared – perhaps even overly prepared – to explain how any regtech solutions in play at the cooperative adds value to the member while also protecting their personal data.
Before integrating a regtech solution at your cooperative, there are a few questions you might consider asking of the provider:
May we talk with your clients? You want to be aware of the vendor’s current customer base so you can understand how your credit union fits into their existing client profile. Tap their referrals for stories. How has the provider and its early adopters weathered first-mover storms? How have they worked with other credit unions to iron out the kinks? What were those kinks, and have they been fully resolved?
What are the qualifications of your principal employees? Don’t be afraid to ask for resumes. You want to understand the backgrounds of those leading the company to ensure they can apply a 40,000-foot view to their products. What skills or experience do they bring to the table? Do they have the expertise to enhance the compliance function while also keeping sensitive information secure?
Which security protocols are in place and which are planned for the future? Fraud trends change. Malware, ransomware and phishing attacks evolve. How is the cloud-based regtech vendor prepared to not only thwart intrusion attempts today, but also into the future?
How does the product actually work? Having a good understanding of how regtech automation integrates with your systems is essential. Without this information, your credit union cannot prepare its own policies and procedures to play with the vendor’s solutions in the most efficient, most secure, way.
While there are some tasks that will never be replaced by good old-fashioned boots on the ground, embracing technology is smart. Innovation is the only way we can, as an industry, remain relevant to a rapidly changing consumer expectation of the financial institutions they choose to do business with. The compliance function is no different. As new and more demands on compliance officers and their teams emerge, we will have to evolve to manage both the day-to-day and the strategic needs of sound regulatory compliance. Regtech represents an outstanding opportunity to do our jobs better; we just need to do what we do best, which is to proceed with caution and diligence.
