Regtech (regulatory technology) companies perform exactly the function you’d expect. They provide the technology businesses use to manage and enhance regulatory processes to achieve and prove compliance. The regtech sector is growing at a pace of 19.5 percent annually, and is expected to hit $21.73 billion by 2027, according to Reports and Data.
What Is Regtech?
A variety of factors has fueled this growth, but the main one is “looming regulatory burden.” The majority of regtech companies work with clients in the financial services industry; it’s the most heavily regulated, after all.
That “looming regulatory burden,” however, does not just apply to the financial services sector. Below we’ll look at three other industries becoming increasingly regulated as time passes.
Why Is Regtech Growing?
But first, why are we seeing more regulation than ever?
Covid-19 greatly accelerated a digital approach to work for many industries, as remote infrastructures needed to be conjured with great urgency, and communications habits shifted when face-to-face interactions became impossible. While a settling-in period was permitted from a compliance perspective, JPMorgan Chase’s $200 million fine in December 2021 seemed to signify that this adaptation period was over.
Regulation means a great deal of extra work for any company, but it also demonstrates transparency and accountability, and therefore helps to build trust not just with regulators, but with customers and prospects alike. While certain industries, for instance financial services, lend themselves to greater regulatory attention than others, most are heading in the same direction, albeit at different speeds. Many industries, including the following, will soon need to take more proactive steps towards adherence as their abundance of data is increasingly scrutinized.
One of the difficulties with regulating cybersecurity, and a deterrent up until this point, is that it is an industry founded in rulebreaking. How do you regulate a sector built to protect computer systems when the groups it is offering protection from operate outside of any rulebook, and constantly devise new means of breaching the systems they’re targeting? Any regulatory framework can never be truly current; it’s a question of being as up-to-date as possible, rather than absolutely so.
In March 2022, Securities & Exchange Commission Chairman Gary Gensler proposed rules to “enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.” These disclosures were intended to keep investors better informed, and included reporting around cybersecurity incidents, plus periodic reporting for updates on previously reported incidents, as well as policies and procedures to identify and manage cyber risk.
It’s a lot of additional work to contend with. Considering the intricacies of the new rules and existing state regulations, third-party solutions may appeal to register investment advisors hoping to prepare effectively for the new landscape. One option for those interested in deploying an automated solution for cyber is to look for a provider that already specializes in RIA compliance. This would include the solutions providing compliance services in the financial services sector, for example.
The healthcare industry accumulates massive amounts of sensitive patient data on a daily basis, particularly in a world of increasing virtual consultations. Healthcare organizations are obliged to meet regulatory requirements from the Health Insurance Portability and Accountability Act, and the use of new and varied communications has made compliance increasingly difficult.
The government has “used its discretion” in penalizing HIPAA noncompliance “occurring in good faith” during the pandemic (a public health emergency) and beyond. This meant that the provision of telehealth services was relaxed, “allowing providers to deliver care through a broad range of devices and technology platforms,” according to this article by attorneys at Faegre Drinker Biddle & Reath.
5 Factors Fueling the Growth of Regtech
- Looming regulatory burdens
- Calls for transparency and accountability
- More intense focus on cybersecurity
- Pandemic-generated healthcare scams
- The “Wild West” cryptocurrency market
While such a reprieve was pragmatic and undoubtedly welcome, compliance officers need to be aware that it’s not a permanent resolution. Although some telehealth “flexibilities” have become a permanent part of the landscape, others will expire 151 days after the end of the federal public health emergency, which was recently extended for another 60 days beyond July 15th.
The administration used the pandemic as a time to investigate illicit areas of telehealth, such as scams that leverage aggressive marketing (for instance cold-calling patients) or provide fraudulent telemedicine services. Post PHE, the government will use these findings to prioritize enforcement, with the Department of Justice’s Health Care Fraud Unit explicitly stating it is “dedicated to rooting out schemes that have exploited the pandemic.”
As such, it will be important for healthcare providers to provide records of their historical and ongoing marketing communications, including email campaigns and websites, in order to prove compliance.
Following a tumultuous year in the crypto market, in March 2022 President Biden signed an Executive Order on the Responsible Development of Digital Assets. Many considered this a significant breakthrough for the industry, and that it demonstrated the administration’s acceptance that crypto was indeed worthy of regulation. This is particularly notable after many years of being deemed ungovernable and “a Wild West,” including by Gensler himself.
The government is, however, starting from scratch on crypto, and months down the line, uncertainty still swirls around what this regulatory framework will look like. The document was essentially a callout to a variety of relevant organizations (from the Treasury to the SEC) to spend time doing their due diligence, before sharing suggestions around how each of its objectives can be met most effectively.
This constructive and collaborative approach gives the best possible opportunity for the uniform application of regulations from “one rule-book” as favored by Gensler. This is strengthened by the fact that leading states have begun to follow the federal lead and issue their own executive orders in a similar vein.
In terms of the desired outcomes, consumer protection is again a priority, and so customer-facing communications are once again likely to be heavily scrutinized in order to ascertain compliance, as with the financial services industry.
Who Regulates Regtech?
Many argue that regtech is too young an industry to be regulated itself, as regulation can in fact hamper innovation for businesses at such an early stage of growth.
However, while it may feel a little meta and Inception-esque (regulation within regulation), shouldn’t regtech firms be held to the same standards as the clients they protect? No existing regulatory framework oversees regtech firms, and what better way to instill faith in clients and prospects than by demonstrating that they’re outsourcing to a third-party firm that knows how to present themselves (and by implication, others) in a compliant, trustworthy manner?
It’s a fine line that must be negotiated delicately.
For Your Information
In an increasingly digital and siloed world, regtech services will continue to proliferate. Trust from consumers must be earned in different ways, and is less contingent on smooth-talking executives, but compliance with the appropriate statutes and regulations.
Corporate conduct can now be held to a higher standard due to the abundance of information at regulators’ disposal. Examples like Deutsche Bank’s recent setback show that large corporations are increasingly accountable, and that there are less places to hide in the age of information.
The level of scrutiny is growing across the board, and so, by extension, is the number of heavily regulated industries. Crypto, healthcare and cyber are likely just the beginning.