Compliance and Regtech: A Massive Opportunity for UK Entrepreneurs

By Luke Smith, Forward Partners.

We live in an age of scandal. Before Facebook it was Oxfam, and in 2017 outrage from consumers and regulators led to CEO change at Uber, Experian and Samsung Electronics.

The increased publicity of scandals, combined with the increase in regulation, means that compliance has moved from an overlooked niche to something discussed, and worried about, at the board level. it’s no surprise that RegTech, or technology focused on compliance, has emerged as a hot sector for technology and particularly, the application of AI.

 

On May 25th the General Data Protection Regulation (GDPR), an EU regulation on the storage, use and transfer of personal data came into force, impacting almost every business. In addition, compliance costs for financial services firms has ramped significantly since the financial crisis as firms have had to meet the requirements of new regulation such as the EU’s Market’s in Financial Instruments Directive (MiFID II) and the Dodd-Frank Act in the US. The implementation of Dodd-Frank was estimated to have cost $36bn from 2010 to 2016 alone.

 

Financial institutions are estimated to spend $70bn annually on compliance as a whole.  With GDPR, non-financial firms will have to get to grips with a new set of requirements. Almost by definition, ensuring compliance requires repetitive checks, which make the space suited to automation. The combination of massive spend with tasks suitable for automation suggests an attractive space to build an AI company. Excitingly, London’s is well positioned to benefit from the rise of compliance technology; the city combines  strong AI expertise from world class universities, major regulators such as the FCA and potential customers such as large financial institutions.

 

Regtech has received plenty of interest from VCs; Regtech companies received more than $1bn in investment in 2017, with almost $0.5bn of that coming in Q4 2017. According to CBInsights, regtech companies have raised $2.3bn in the five years to 2017 with significant areas of investment including cybersecurity & information security (with companies such as Druva, LogRhythm and HyTrust), Tax compliance (Avalara, Canopy Tax and VATBox) and identification solutions for background checking and Know Your Customer (KYC) compliance (Checkr, Onfido & Socure).

 

Excitingly, this wave of VC funding into regtech and compliance is only the beginning, the problem is far from solved and there are plenty of spaces for entrepreneurs to build massive businesses. Regulation continues to evolve, driving new requirements and opportunities for nimble startups. For example, the implementation of GDPR has created an entire industry of GDPR consultants as companies scramble to make sure they are compliant. While there are plenty of problems in compliance that could be solved by technology there are three areas that I am particularly interested in:

 

  • Data compliance – Historically, data compliance has been viewed through a cybersecurity lense with a focus on avoiding data leaks. However, the requirements of GDPR mean that organisations will be required to know what data they collect and how it is used, which will require solutions to monitor and audit firms’ stored data to identify non-compliant personal data. I’m excited for the potential of automated systems capable of intelligently identifying personal data which will be crucial for maintaining compliance. London based Hazy, which uses AI to anonymise data is a good example of this.

  • Expert systems – The increased complexity of regulation (there are approximately 1.5m paragraphs of MiFiD II regulation according to Thomson Reuters) has spawned an industry of experts helping companies stay compliant. Automated solutions to ingest the complex texts of regulations and help users understand their responsibilities would remove the need for expert interpretation and reduce the cost of compliance. Automated solutions could also monitor regulatory updates to alert users to any changes and ensure compliance is up to date. Bloomsbury.ai has potential in this space while FiscalNote and TrackBill provide legislative tracking.

  • Supply chain/ecosystem compliance – The Target data breach demonstrated that third party suppliers are often a weak point in information security systems, while the Cambridge Analytica scandal showed the damage that can be caused by non-compliant third parties. However, the problem is broader than technology as shown by the impact on Primark of the Rana Plaza factory collapse in Bangladesh or the horse meat scandal which hit British retailers. Large enterprises increasingly operate in a complex ecosystem of third parties and need solutions that can ensure that ecosystem stays compliant. I’m keen to see solutions that can assess and monitor regulatory compliance of 3rd party suppliers or partners enabling enterprises to manage their supply chain/ecosystem risk. The need to work across multiple players in the supply chain adds to the complexity of initial adoption but opens the possibility of real network effects at scale.

 

For all of these use cases there is the potential to build a world leading business from London and here at Forward Partners are very keen to work with ambitious entrepreneurs who are building those businesses.