The Rise and Rise of RegTech: Does it spell the End of the Annual Audit?

The Australian Banking Royal Commission’s recent final report into the banking and financial services industry makes 24 referrals to the regulators to take action over misconduct. It also made 76 recommendations for how the problems can be fixed and contained scathing criticism of executives. Bankers were not named and shamed, but the Commission lays out the potential for more than 20 prosecutions involving the major banks, at the discretion of the regulators, some of which could be criminal, some civil, and some both.

In my last few CEO messages, examples of businesses behaving badly in their quest to generate higher profits, and being rewarded for this errant behaviour with higher share prices was a recurrent theme. Therefore, the final report of the Australian Banking Royal Commission showing banks behaving very, very badly was no surprise. Shareholders appeared to prefer higher profits to ethical behaviour. Mr. Rod Sims, the chairman of the Australian Competition and Consumer Commission (ACCC), said that as part of its enforcement activity for the month of April 2018, ACCC had ordered penalties on iconic names such as Ford, Telstra, Thermomix, Flight Centre, Woolworths, Nurofen, Meriton, Optus Internet, Pental etc., each having to pay many million dollars in fines. I also questioned why there had been a shuddering silence by the statutory auditors as most of these companies had received an unqualified audit report. The answer is simple, the International Financial Reporting Standards (IFRS) does not ask the auditors to give an opinion on the “ethics” of a business transaction. IFRS only asks for the transaction to be recorded properly as per the relevant IFRS Standard.

As unethical practices could be undertaken without any danger of a statutory audit qualification; it was clear that even though the fines and penalties ran into millions of dollars, they could easily be absorbed by the sheer volume of revenue generated by the unethical actions. In other words, companies assess the profitability of law breaking by weighing the benefit to be gained against the cost of being caught, multiplied by the probability of being caught.

In the wake of the ‘toothless tiger” that the statutory audit has become; I asked management accountants to further distance themselves from the financial accounting and auditing profession and ensure that they are able to inculcate good strategic governance and strategic audit practices in the organisations in which they work.

This is where RegTech and FinTech come in.

The term FinTech is an abbreviation of Financial Technology, which covers all of the new technology and innovation that have developed in the delivery of financial services. Once considered more of a back-end, data centre processing platform, FinTech has in recent years come to be known as the basis for end-to-end processing of transactions over the Internet via cloud services. FinTech now uses disruptive technologies to improve activities in finance to compete directly with the more traditional financial services delivery modes.

The use of smartphones for mobile banking, investing services and cryptocurrency are examples of disruptive technologies aiming to make financial services more accessible to the general public. Whilst financial institutions such as banks and finance companies have been the first to jump on the bandwagon of implementing Fintech solutions and technologies in order to improve and develop their services, manufacturing, retail and service companies (such as hospitals) are also incorporating Fintech solutions to gain improved competitive positioning. Today, non-financial services industries are applying Fintech solutions in areas as: (a) data mining and data analytics; (b) corporate health check controls; (c) early warning systems; (d) supply-chain controls; (e) horizon scanning; (f) strategic cost management controls; (g) customer profitability analyses; (h) strategic business analysis controls; (i) corporate social responsibility (CSR) controls; and (j) strategic scorecards.

This vision of a technology led regime has already been proposed as early as 2014, by Andy Haldane, Chief Economist, Bank of England, during a keynote address at Birmingham University[1]:

“I have a dream. It is futuristic, but realistic. It involves a Star Trek chair and a bank of monitors. It would involve tracking the global flow of funds in close to real time (from a Star Trek chair using a bank of monitors), in much the same way as happens with global weather systems and global internet traffic. Its centerpiece would be a global map of financial flows, charting spill-overs and correlations.”

The disruptive nature of technology on financial services (i.e. FinTech) has brought with it a regulatory compliance nightmare. How do you keep pace with all of the new regulation that governs financial services, and avoid being fined for non-compliance? Since 2008, there have been over US$400 billion being imposed on regulatory fines.

Enter RegTech (Regulation Technology), the marriage of technology and regulation to address the regulatory challenges faced by these very financial services. Technological disruption to financial services has made regulation highly data acquisitive; involving the use of real-time information and the incorporation of algorithms and analytics.

For example, new approaches to streamline Anti-Money Laundering (AML) checks would enable firms to differentiate themselves; and social media and biometrics can be used to transform how customer due diligence is done, how anti-fraud measures work and how banks can filter the good from the bad when deciding whether to make a suspicious activity report. The automation of due diligence, using data that can be tailored to a firm’s risk-based approach, is at the forefront of this RegTech revolution, disrupting ineffective and outdated processes of regulation compliance by using artificial intelligence and machine learning.

RegTech uses the technologies of: (a) cloud computing; (b) blockchain; (c) application program interface (API); (d) machine learning; (e) big data; (f) data mining and analytics; (g) predictive analysis; (h) smart contracts and (i) visualisation solutions.

RegTech works well in companies that have heavy quantitative based obligations, information-based obligations and risk identification and management controls including: (a) legislation / regulation gap analysis controls; (b) identity verification; (c) compliance reporting; (d) management information controls; (e) transaction reporting controls; (f) regulatory reporting controls; (g) case management controls; (h) transaction monitoring; (i) activity monitoring controls; (j) training obligations and (k) risk management data warehouses.

In the short term, RegTech will help firms to automate the more mundane compliance tasks and reduce operational risks associated with meeting compliance and reporting obligations. Research done by Deloitte[2] indicates that the RegTech universe comprises of five-big areas: those that are in: (a) compliance (30%); (b) risk management (18%); (c) identity management and control (26%); (d) Regulatory reporting (13%); and (e) transaction monitoring (13%).

In the longer term, the combination of FinTech and RegTech will enable the continuous auditing and continuous reporting, both of a compliance and strategic nature to be undertaken in companies on a real-time basis. Companies buying into the combined FinTech and RegTech universe focus on the automation of manual processes and the links between steps in analytical/reporting processes, the improvement of data quality, the creation of a holistic view of data, the automated analysis of data with applications that are able to learn during the process, and the generation of meaningful reports that can be sent to regulators and also used internally to improve key business decision making. This is the marriage of conformance and performance on a real-time basis, and this is where the strategic audit comes in.

Many firms invest heavily in their brand reputation to signal that they can be trusted. The greater the likelihood that bad behaviour will be exposed and made public, the more companies will do to guard against behaviours that significantly diminish brand reputation. As such, the management accounting profession should call upon the government to legislate that companies undertake compulsory strategic audits to evaluate business practices beyond simply the financial reporting of the past. Key business practices in marketing, advertising, supply-chain, manufacturing, human resource management, information technology and finance need to be strategically audited to ensure that brand reputation and shareholder value is future-proofed against rampant bad behaviour by corporates, by the silence of their compliant financial auditors who are unable to differentiate between good and bad ethical practices.

The financial accounting profession already recognises that the rise and rise of RegTech could be the start of the end of the annual statutory audit. The International Federation of Accountants (IFAC) on its website has this warning from Liv Watson, Co-Chair, ICAEW Natural Capital Accounting[3] as follows:

“RegTech will probably have a profound effect on the audit profession—and audit will need to adapt. Business now “live and breathe” in real time but audit has yet to adjust to this new norm—audit still operates on an annual basis at the end of the year. RegTech will allow for audit analytics during the entire year, and a more trusted audit. Continuous auditing, continuous reporting—that train has left the station. Are you on board?”

I would go further. We need continuous auditing and continuous reporting not only of past performance (financial statement audit) but also of how decisions today will impact the future performance of the company (strategic audit).

This is not a train, it’s a rocket to another universe.

Management accountants get on board before you all too are left behind.

Professor Janek Ratnatunga, CMA, CGBA

CEO, ICMA Australia

The opinions in this article reflect those of the author and not necessarily that of the organisation or its executive.

[1] Andy Haldane (2014), “Managing Global Finance as a System” Speech at the Maxwell Fry Annual Global Finance Lecture, Birmingham University (Oct. 29, 2014)

[2] Deloitte (2016), RegTech is the new FinTech, How agile regulatory technology is helping firms better understand and manage their risks.

[3] Liv Watson (2018), RegTech Will Help Transform Audit, IFAC Audit & Assurance, March 5, 2018. https://www.ifac.org/global-knowledge-gateway/audit-assurance/discussion/regtech-will-help-transform-audit