The speed of RegTech development has brought it into the mainstream. Diligex CEO Matthew Agius Mamo looks at the main arguments and sees what is just around the corner.
First published in the Malta Stock Exchange Business Review 2023 by the Malta Stock Exchange plc
Regulatory expertise has come together with cutting-edge technology in what is commonly referred to as RegTech. For Matthew Agius Mamo, CEO of Diligex, one does not replace the other. The two are complimentary. “I believe that, in this day and age, RegTech should be the norm,” he added.
As in many innovations that we have seen over the years, Mr Agius Mamo insists that what may have been looked on as something quite novel as late as two or three years ago has now become mainstream. Yet, it is not intended to replace people’s jobs but helping them achieve more value and doing so more efficiently.
“In fact, even from a regulatory perspective, both national regulators, like the FIAU through its Implementing Procedures and the MFSA, and internationally, the FATF, cater for situations where you could be using certain elements of technology in a correct way to facilitate (regulation),” he said.
Even the European Banking Authority in a 2021 study said financial institutions highlight enhanced risk management, better monitoring and sampling capabilities, and reduced human errors as the main benefits of use of RegTech solutions.
Mr Agius Mamo insists that RegTech should not be seen in isolation, but as part of a compliance first mindset. “It’s no longer about buying a software solution; it’s not about humans using technology. It is about an ecosystem between the different business functions in your organisation as well as interactions with third parties, starting off from how to onboard clients, monitoring the relationships, reviewing your risks and internal communication about those risks.”
Apart from sourcing the best technology and innovative IT systems, he believes clients need people who know the subject they are trying to address, and who understand what the problems and challenges are in the process of what they are trying to automate. “You need to also understand that the people who are designing the technology have on board people who know the regulation and know the intricacies of the regulation and the risks.”
Regulatory technology (RegTech) is there to compliment your workforce and maximise their efficiency and output. “You still require quality people working, but would I rather have someone manually filling in a number of spreadsheets or manually screening someone online? Or have my best people, complimented with technology that presents them with all this data and, in the true spirit of what is a risk-based approach, focus on the intricacies and the understanding of the work at hand, not on the work that can be done by automation?”
“(RegTech) is not about replacing people’s jobs but helping them achieve more value and more efficiently”
A second element is stronger objectivity – rules are being set through impartial systems that integrate repeatable processes. Thirdly, these systems need to be agile to keep up with the continuously changing regulation coming from all sources – locally and internationally. It is not just about cost, but about taking timely, informed decisions.
A fourth element is scalability. Mr Agius Mamo pointed out that onboarding a hundred clients or monitoring a hundred transactions a year is doable. But what happens when it becomes 10,000? Is it viable to build and maintain a compliance team of an equal size? A fifth element is continuity – thanks to a system that captures all the documentation, processes and procedures in one place, it is no longer reliant on the human element.
Technology needs to be customisable and configurable so that it works for you rather than the other way around. It also needs to address all the contemporary concerns around security and data privacy. This is where Diligex fits in, he said. What started as an AML/CFT advisory, including the outsourcing of certain services through analysts, led to the design of the KYCMATIC platform that has facilitated the customer risk assessment process through automation.
“It is about an ecosystem between the different business functions in your organisation”
“Thanks to API integration, we can fit in different forms of customer relationships and business processes with different software. You have automated screening, customer profiling and even manage flows of transactions within the platform,” he said.
On top of this, through its own analysts and its network of internationally reputable associates, Diligex is able to provide access to credit risk reports and company background checks, as well as tailor-made reports to know who and what business one is really dealing with.
The next step is now taking these advantages to a holistic GRC (Governance, Risk and Compliance) platform enabling all the actors within the organisation to communicate internally, automating reports and enabling the Board of Directors to maintain visibility of the entire process. “We are elevating the conversation,” Mr Agius Mamo affirmed.
“The Board will have fuller access on the status of compliance because they will be appraised on the state of play at any time, whereas compliance officers would be dedicating their time more on analysing and focusing on the real risks that emanate on such a report rather than on compiling the report and chasing around for the information.”
Similarly, with risk assessments, communication between risk owners, the mitigations, the controls that there are – and all of this, through a platform, the technology, can be facilitated so that the right people are focusing on this.
Diligex are also looking at other areas, including cybersecurity. While this has been a key component for its own systems, Diligex is now also venturing into aiding companies to ensure their online presence is continuously evaluated to take preventive measures rather than face devastating repercussions of cyberthreats.
“Essentially, choosing what RegTech to implement is key to survival. It must combine cutting-edge technology with strong internal (or outsourced) compliance expertise. One cannot live without the other. The real time element of marrying automation and expediency with peace of mind and expertise to me culminates in the concept of regulatory technology,” he said.