Reshape Tomorrow

6 Reasons why businesses need RegTech more than ever

Share this post:

A large global bank was fined USD 1.1 billion for non-compliance with regulatory guidelines and inadequate financial crime controls.

In another example, poor controls and deviation from appropriate operating standards laid out by      regulatory authorities led to one of the largest misappropriation of funds at a regional bank      in Asia, leading to more stringent controls and restrictions, thereby curbing their ability to compete and grow.

Closer home, RBI is coming down heavily on financial institutions for non-compliance:

  • In early June, RBI penalized seven banks to the tune of 11.95 Cr. for non-compliance.
  • In the first 6 months of calendar year 2020, RBI has put 44 cooperative banks on hold[1] due to their deteriorating financial conditions and non-compliance.

Financial organizations need a more powerful RegTech framework that can help risk and compliance teams manage the deluge of ever-increasing regulatory compliance and progressively sophisticated breaches successfully.

So why do financial institutions need to take RegTech to the next level?

Financial institutions have been using some form of RegTech since the 1990s to manage risk and compliance. But cost of compliance has escalated, igniting debate on how much RegTech do they need.

1. Ever-increasing number of regulations and mounting cost of compliance

Post global economic crisis of 2008-09, governments across the world have been rolling out more and more regulations for financial institutions, and India is no different. RBI is set to roll out its next level of regulatory reporting and lending information infrastructure in the form of Central Information and Management Systems (CIMS) and Public Credit Registry (PCR). For institutions with advanced RegTech framework in place, pushing data to the regulator would be as simple as hooking up to RBI’s system.

Spiraling regulation burden skyrockets compliance costs through the roof, especially for global financial institutions. They have to be compliant not only in their country of operation but also where customers reside. Globally, banks have spent almost USD 345 billion in fines since 2009. In US alone 220 regulatory revisions were rolled out in 2019.

IBM offers businesses the market’s only cognitive-driven integrated governance, risk and compliance (GRC) portfolio. It advocates GRC adoption as business as usual into all three lines of defense – governance, risk and compliance. In line with RBI’s June 2020 discussion paper[2] on Governance in Commercial Banks in India, GRC model can help build a compliance library of regulations, identify assets at risk, evaluate vulnerabilities and deploy processes to manage the risks. IBM has been a leader[3] in Integrated Risk Management (IRM) as it continues to redefine GRC over the years through innovation and investment in new technologies — from Cloud, AI and analytics to User Experience Design (UXD) and regulatory content.

2. Number and volume of bank frauds increasing

As per RBI’s December 2019 report[4] “Trends and Progress of Banking 2018-19,” 74% more fraud to the tune of Rs.71,543 Cr were detected in 2018-19, as compared to the previous year. The increase might have been partly because of the framework for timely detection of fraud issued by the government in February 2018, but back to back loan defaults by industrialists finding place in 100 wealthiest Indians and Fortune 500 companies demanded immediate action. The report also said there was just 15% surge in absolute number of cases, implying the volume of fraud for each case is growing. This has led the government to put more pressure on banks for compliance, appropriate loan/debt classification and correct NPA reporting.

The shifting face of methods employed for frauds demands a change in approach. IBM’s next gen cognitive approach has been able to bridge the gap between expert driven rules and traditional predictive modelling. It relies on pattern matching, behavioral biometrics and AI-enabled predictive analysis to thwart fraudulent activities in real time (IBM Trusteer). Continuous identity authentication enables FIs to reduce false positives, launch counterattacks and adjust to the shifting threat landscape.

IBM’s cognitive fraud prevention solution has been built to help anti-fraud teams identify and adapt quickly to emerging payment fraud threats. It comprises the analytics and simulation tools needed to continuously monitor its business performance, and to adapt the decision model to emerging and modified fraud patterns. In 2019, IBM was adjudged Financial Crime Product of the Year, validating its cognitive approach to real-time frauds prevention.

IBM has won dual awards for Best AI Solution for Regulatory Compliance and Best Regulatory Alert Management Solution at RegTech Awards 2018[5].

3. As digitization increases, financial crimes intensify

There has been a rise in digital transactions in India over the past couple of years. According to an RBI report, volume of digital transactions is expected to grow four times between December 2018 and December 2021. This should be a major concern for payments leaders as any online security system is as strong as the weakest digital device used by a customer. As hacking gets more sophisticated, the fraudsters find it easy to circumvent the typical security mechanism like passwords, OTPs and biometric data verification. Banks need to be one step ahead and rely on cognitive measures to catch these frauds.

Businesses can harness the power of AI for improved fraud detection, prediction and prevention to stay ahead of the fraudsters all in a governed and secure environment. Real time predictive analytics alerts the system to potential fraud, triggering the process for averting the attempt.

4. Covid-19 has brought in a new normal

Social distancing norms are here to stay in the near future. In this new normal, new procedures for even basic protocols like physical verification need to be established. Recently RBI allowed banks to use video KYC to validate loans and credit card applications. SBI relaunched its Insta saving Bank Account campaign last month. Such new initiatives need infusion of emerging technologies to ensure compliance and hedge risk.

The greatest risk here is de-anonymizing of personally identifiable information (PII) data by devices that are potentially insecure, i.e. the devices through which users log into the banks’ network. IBM helps banks and other financial organizations in ensuring secure integration with diverse, complex and mobile environment through unified endpoint management solutions (UEM). A combination of AI and data encryption helps keep data secure even when it travels outside the banks’ firewalls, like to public clouds for data modeling and training.

5. Cybersecurity is a Business Essential

In 2018, personal records of 1.1 billion Indian citizens was compromised[6] due to multiple breaches in the UIDAI database. Two years later, as COVID-19 affects global markets, a combination of increased digital footprint, access to cheapest data, lax regulations and security ignorant populace has made India a new favorite destination for cybercriminals. Besides financial crimes and frauds, financial institutions need to adopt credentials management as most of the financial crimes are also now identity-based rather than transaction-based.

Securing data on a bank’s servers, on-site devices and network is essential because any security breach can be grossly damaging both to the firm’s reputation and bottom line. Average cost of data breach in India is Rs. 14 Cr in 2020, a growth of 9.38% y-o-y. RegTech can ensure seamless integration of frauds and financial crimes prevention with cybersecurity, resulting in unified risk prevention, detection and mitigation.

6. Time to use latest technology to optimize operations

Finance has been traditionally a highly regulated domain because people’s money is at stake. Technology has invaded all domains but here it was always cautious and slow, regulated by multiple authorities. Fintech disrupted this behavior by successfully using technology to integrate regulatory compliance with their innovative offerings. The same technologies — Blockchain, Artificial Intelligence, machine learning and cloud computing —      are now being      used by financial institutions to ensure protocol compliance for AML, KYC, NPA classifications, etc.

Regulatory compliance must be judicious mix of technology and human expertise

No compliance framework can be complete without human intervention but technology can automate the most repetitive, tedious and time-consuming tasks. With greater digitization and cheaper but more secure cloud, robotics and cognitive computing, the number of use cases where technology can help is rising. RegTech is moving beyond mitigating risk and strengthening regulatory compliance to optimizing compliance costs. It can transform businesses by providing business insights, improving customer experience, driving new products and services, and assisting in overall digital transformation. IBM’s award-winning solutions enable both regulated and regulators to manage the dynamic environment of risk and compliance.

In short, with the right infusion of technology, compliance can turn into a relatively painless process, coexisting in sync with the varied line of business activities. Too good to be true? Well, the direction is incontestable if vision, right technology and dogged execution are put in place.


1) Money Control – 44 cooperative banks on hold

2) RBI – 2020 Discussion paper

3) IBM blog – leader in Integrated Risk Management (IRM)

4) Economic Times – RBI’s December 2019 report

5) IBM blog – RegTech Awards 2018

6) weforum – Global risks report 2019

More Reshape Tomorrow stories

Just launched – IBM Security Command Center in India

IBM Security Command Center launch in Bengaluru, India

Continue reading

Insurance Company Brings Predictability into Sales Processes with AI

Generally speaking, sales drives everything else in the business – so, it's a no-brainer that the ability to accurately predict sales is very important for any business. It helps companies better predict and plan for demand throughout the year and enables executives to make wiser business decisions.

Continue reading

Never miss an incident with an application-centric AIOps platform

Applications are bound to face occasional outages and performance issues, making the job of IT Ops all the more critical. Here is where AIOps simplifies the resolution of issues, even proactively, before it leads to a loss in revenue or customers.

Continue reading