Insights: How regtech can turbocharge economic transformation

Image: Supplied

Regulations are increasingly complex, dynamic — and for many organisations burdensome. While regulatory compliance is a global issue, it is urgent for GCC countries with their bold economic diversification and technology plans, such as in artificial intelligence, logistics, and financial technology.

If they observe regulations and anticipate issues, GCC economies can flourish and create jobs. One way to ensure regulatory compliance is regulatory technology ( regtech). By combining advanced digital tools, data analytics, and automation, regtech provides knowledge, detection, and compliance. It streamlines processes, alerts against violations, creates reassurance, and can enhance operations.

Indeed, intensifying digital transformation in GCC countries can provide a “greenfield” for regtech development and innovation.

Given their ambitions, GCC organisations need regtech. Domestic and international regulators have intensified scrutiny in multiple areas, including anti-money laundering, data privacy; and environmental, social and governance compliance — which costs. For example, LexisNexis Risk Solutions puts the burden of global financial compliance in 2023 at $206.1bn, with financial crime compliance in 2021 in the Middle East (except the UAE) costing $11.9bn.  Also, regulations can overlap or conflict, confusing, as occurred in the U.K. with data retention requirements.

Already, GCC organisations recognise regtech’s importance. In the Middle East, including the GCC, Technavio forecasts 20 per cent compound annual growth in the regtech market growth from 2023-2027, reaching a value of $1.2bn. That is unsurprising. The predictive analytics, machine learning, and blockchain technology underlying regtech can automate and streamline compliance.  regtech reduces the cost and the risk of human error. We estimate that regtech can cut compliance costs by 30 per cent-50 per cent.

regtech provides a robust mechanism to keep pace with fast-changing regulations, particularly through real-time monitoring and reporting capabilities. These allow for immediate rectification of issues, minimizing the risk of non-compliance and penalties. That is vital in sectors like healthcare, which demands protection of patient data regulations, and logistics, in which adherence to international trade laws is essential if the GCC is to become a global logistics hub. Automated compliance processes also create clear and easily accessible audit trails.

Adopting regtech is not, however, as simple as buying new software or systems. Rather implementing regtech requires collaboration among the entities within its ecosystem such as regulators, regulated entities, and regtech providers. That is because of how regtech develops—new regulations must take into consideration how they could be integrated into regtech solutions, while these solutions should consider how the companies and regulators operate. There are five steps.

Five steps to incorporating regtech

First, organisations should modernise existing IT systems incrementally while integrating regtech in a modular fashion (which means stepwise, one system and one solution at a time). Many organisations have legacy IT systems they are replacing given the need to implement data analytics and modernise IT. These legacy systems can impede proper regulatory compliance. Organisations can take a phased approach to minimise disruption and spread deployment costs over time. Complementing that, providers can make their offerings modular so that they integrate easily with organisations’ IT systems.

Second, providers and organisations must secure their data.  regtech uses highly sensitive information. Organisations need advanced encryption technologies and policies. They should develop strong data governance, including policies and procedures for data protection, access control, and regulatory compliance.

Organisations should conduct regular security audits and vulnerability assessments. In tandem, providers must put data integrity and security at the core of development strategies to eliminate data privacy or security risks.

Third, organisations and providers should collaborate with regulators to streamline regulatory standards. Regtech is not about blindly enforcing regulations, it can improve them. By cooperating,  regtech companies and regulators can reduce complexity and costs. Regulators could also work with providers to test software in “sandboxes” (which allow for experimentation). That would mean a better understanding of regulatory requirements and innovation. Such collaboration can extend to users and develop the standards that issue and coordinate regulations, as these make regtech more effective and scalable.

Fourth, governments and regulators can make regtech affordable. High implementation costs pose a significant barrier for smaller institutions and organisations.  Another issue is the cost of scaling, which can deter regtech adoption by small organisations with insufficient funds or legacy systems. Governments and regulators can offer financial incentives to offset initial regtech implementation costs.

Regulators can incentivise regtech adoption through partnerships that share development and implementation costs. In particular, regulators and providers could incentivise organisations to acquire cloud-based regtech, which reduces the need for on-premises infrastructure and is scalable in a cost-effective manner.

Fifth, providers should design their products so that they grow with organisations and handle larger data volumes, regulatory requirements, and changes. Ensuring that regtech integrates with various systems and platforms while promoting a cohesive and efficient regulatory environment, must be a joint effort among regulators and providers.

Wissam Abdel Samad and Christian Stechel are partners, and Rami Chazbeck is a manager, with Strategy& Middle East, which is part of the PwC network.

Read: How regtech tools can help UAE-based entities enhance compliance and security