Regulatory technology (RegTech) solutions are increasingly visible in South-East Asia as regulators demand more granular data reporting and transparency, and strengthen oversight. Increasingly complex compliance requirements have created a reporting gap that businesses must close.
Financial institutions in the region face numerous data challenges that limit their ability to meet diverse compliance requirements. Many still rely on legacy IT systems and struggle with reporting lags, data scarcity and manual processes that create inconsistencies across internal systems, says Anton Ruddenklau, partner and head of financial services at KPMG in Singapore.
‘Most of the large financial institutions in the region still have the legacy of acquisition, and the IT and operating models are not consistent internally,’ he adds. ‘Indeed, there’s a lot of manual stuff in there.’
There is a growing sense of urgency to modernise data capabilities
Better data
There is a growing sense of urgency among these institutions to modernise their data capabilities. A Wolters Kluwer/IDC report noted increasing demand for more granular data reporting. And in 2020, Singapore’s central bank mandated the reporting of some 300,000 data points under the MAS 610 standard.
In one example, the Bank of Thailand introduced application programming interface submissions requiring more than 600 data points to be tracked. In another, the Australian Prudential Regulation Authority set out a five-year data collection roadmap in 2022 for financial institutions to reduce the need for ad hoc data requests, data resubmissions and additional documentation.
The fragmentation of differing regulations across jurisdictions adds further pressure. Caught between complicated requirements and legacy infrastructure, financial institutions may need to replace home-built systems with specialised, standardised platforms.
‘Financial institutions in Asia Pacific have to navigate a complex regulatory landscape with varying compliance requirements in each country,’ says Penny Chai, vice president of business development for Asia Pacific at Sumsub, a full-cycle verification platform.
‘RegTech automates the manual and digitises the analogue’
Compliance automation
RegTech solutions help automate many compliance processes that were previously manual. Functions such as know your customer (KYC) documentation, anti-money laundering (AML) detection, fraud prevention and data management can now be digitised.
‘RegTech automates the manual and digitises the analogue,’ says Chionh Chye Kit, CEO at Cynopsis, a KYC/AML solutions provider.
Take identity verification. Technology can validate whether an identity document is genuine by carrying out anti-spoofing liveness checks and facial comparisons.
‘In the past, you probably have teams of people sitting there to review a customer’s identity manually against lists of sanctioned individuals that regulators publish,’ Chionh says. ‘Now we can use technology to identify and put customers in a risk bucket and screen them.’
Building a full compliance infrastructure can be a lengthy process
Four stages of adoption
According to an Alliance for Financial Inclusion paper, organisations progress through four stages of RegTech adoption. Initially relying solely on manual work, they incorporate basic automation, adopt big data architecture, and finally achieve advanced AI-driven capabilities.
But building this full compliance infrastructure can be a lengthy process. Financial institutions have to grapple with a lack of agility, accrued technical debt, issues in aggregating and ensuring high-quality data, and a shortage of in-house skills. The Wolters Kluwer/IDC report shows these hurdles in action. It took 2.5 years for institutions to fully implement the European Central Bank’s AnaCredit data requirements, for example.
Financial institutions must also determine the optimal approach, weighing the building of proprietary RegTech solutions versus partnering with external RegTech providers. While in-house options offer greater control and customisation, they take significant investment.
‘Developing in-house solutions requires significant investment in both technology and talent, which may not be feasible for all institutions,’ says Thangaraja Nada Raja, risk, regulatory and compliance partner for PwC Singapore.
Financial institutions must ensure RegTech solutions fit their needs while managing third-party risks, says Wong Nai Seng, regulatory strategy leader for financial services at Deloitte in South-East Asia. ‘They should critically assess third-party solutions to ensure they are fit for their specific use cases and contexts,’ he adds.
Countries increasingly view data as a sovereign asset
Data sovereignty
Data sovereignty is also a key concern, Ruddenklau points out. Rather than harmonising data rules globally, countries are increasingly viewing data as a sovereign asset controlling economic power. He says: ‘There are very few organisations and markets out there that are saying, right, we’re going to change our sovereignty rules on data. That’s a big trend, and we spend a lot of time with our clients working out how they’re going to be compliant with data sovereignty rules.’
RegTech solutions can track regulatory developments across multiple markets to assess if internal processes or control enhancements are needed for compliance.
‘There are tools to monitor regulatory obligations in different geographies, ensuring that associated compliance tasks are completed on time,’ Wong says. ‘These tools enable compliance heads and their managers to stay on top of the myriad of regulatory requirements across the Asia-Pacific region and ensure that their organisations consistently meet regulatory expectations.’
Asia-Pacific countries have varying regulatory frameworks and compliance obligations, which complicate crossborder transactions, Chai says. ‘There is also a lack of harmonisation and standardisation in regulatory practices across the region, making it difficult for financial institutions to implement a uniform strategy for crossborder payments.’
Sumsub helps firms comply with these rules by monitoring transactions in real time, Chai explains. The company has 2,500 clients across the fintech, cryptocurrency, transportation, trading, e-commerce and gaming industries. ‘Ongoing monitoring is crucial for detecting and preventing fraudulent or illegal activities as well as regulatory compliance,’ she adds.
‘What’s fundamental is to understand the good-to-haves vs the must-haves’
Domain understanding
Many third-party RegTech businesses approach product development as technology companies first, seeking problems their solutions can solve, Chionh says. Yet these companies must understand the domain in which they operate.
‘You’ve got to be solving a problem that people will pay money for – otherwise there’s no commercial reason you exist,’ he adds. ‘What’s fundamentally important is understanding the good-to-haves and the must-haves. If it’s good-to-have, I might like to look at it, but I may not want to pay for it. Those are bells and whistles people can pay a little bit more for if they want to.’
Chionh stresses that RegTech solutions also require foresight. ‘With regulation, you need to understand where the path of travel is and the vision of the regulator in any country,’ he says, adding that products should align with these visions. ‘If you’re solving yesterday’s problem, that’s not exactly going to be very useful.’
More information
Watch our sessions on technology at our annual conference, Accounting for the Future. Register to attend any or all of the sessions live (26–28 November) or watch on demand – and earn up to 21 free CPD units.
