Allen Weinberg, a Sr. Partner at McKinsey, brings 27+ years of advising on the cutting edge of tech transformations to talk to us about RegTech & how it’s the future (and present) of any industry that finds itself regulated.
Please Note: The Tresata Talks podcast is designed for audio consumption. If you are able, we strongly encourage you to listen to the audio, which includes tonality and emphasis that’s not on the page. Transcripts are generated using speech recognition software and may contain errors. Please check the corresponding audio before quoting in print.
If you add all the pieces in, then I think you can start to get to a point where you’re seeing RegTech being bigger than FinTech.
This is Tresata Talks and I’m your host Shreya Nandi. Our intention is to bring you perspectives: some our own, some from our group of even smarter friends and confidantes to help inform your opinions on how data, as the nuclei of digital and tech, will reshape the world we live, breathe, and play in.
In this episode, we have Allen Weinberg, a Senior Partner at McKinsey, who has almost 30 years of experience in advising on tech transformations. So it’s no surprise that he’s here to talk about the not-so-new trend, RegTech.
You can find the transcript for this episode on tresata.com. That is T-R-E-S-A-T-A dot C-O-M. And, let’s keep listening.
Allen, welcome to Tresata Talks. How are you today?
I am terrific and excited to be joining you. My first Tresata Talks.
Yes! And to jump right into it, in your last 27 years at McKinsey, seeing those data and digital transformations, our favorite topic, is there any particular type of transformation or time period that you remember making you the most excited?
Yeah, 27 years that sounds like a long time. I do a lot of work in FinTech and digital transformation. And I think where they’re most interesting is where we’re at the intersection of customer experience, and data, and new capabilities. And so in the last two or three years, I’ve done some really interesting work on products like cash management, offering customers new capabilities with analytics. And those are all things where you can digitize an experience, you can bring data in, and you can suddenly offer new features that you couldn’t before, the experience for customers gets dramatically better.
And you can start solving problems that you couldn’t solve before. To give one specific example, we were doing a project for a wealth manager. And while they had great advice for their clients, and they had done very well for them, most of their offerings were pretty product-based. We completely redesigned their onboarding process for clients and built some digital tools that let them go from thinking about mutual funds, or index funds, or whatever they were going to put them in, to a process really based on defining goals and what they were trying to achieve, and built around advice.
And for most of the traditional financial advisors, that was a switch, right? Because they weren’t used to thinking that way. And suddenly, it opened up all kinds of interesting conversations with their clients about what they were trying to get done and how the products fit in. It’s really that intersection of customer experience, data, and new capabilities that gets very exciting. And then it’s the “Aha!” of “Oh, wait, I can do things that I hadn’t thought about before. I can customize in ways for customers that I hadn’t thought about before, which is quite exciting.”
And speaking of inflection points, fairly recently, we’ve started to hear the word RegTech a lot. So as someone whose job is to have his finger on the pulse of tech transformations, how would you define RegTech?
Yeah, so it is interesting, because in some ways, RegTech has been around for a long time. You know, there are probably 2000 companies that do something related to RegTech. But I would define RegTech as applying technology and analytics to anything driven by regulations or controls. And at the heart of it, it ends up being a data problem. And so the classic RegTech issues are ones that you find in banks like AML, KYC, right. But it actually is much broader, right?
If you think about industries like pharma and manufacturing, corporates have things like export controls – all of that I would put in the definition of RegTech. And then if you add on to that the area of law enforcement and national security, then it becomes a massive space. I was actually talking to a company this morning who, one of their initial founders was the CIA, actually has a venture fund. They actually funded this, the CIA funded keyhole, which became Google Earth.
But at the heart of it, It’s basically the question of “How do you get good information, but then how do you put a workflow on top of that, right, and figure out what to go after based on the particular area that you’re looking at?” And so what you don’t want to do is, is apply this technology that creates more headaches because you’ve got bad data or more false positives, that you’ve got to sort of sort through. What’s exciting about it is when you get it right, what we would say is you’re shifting from a procedure-based approach to an analytics-based approach. And that lets you look at far more information. Rather than taking a sample, you’d look at the whole data set. And it lets you do lots of interesting things.
Could you give us a breakdown of what is considered to be in and outside of RegTech.
So if you think about banks overall, right, banks obviously have a lot of regulation that they need to comply with, they have their own internal controls, they have a lot of reporting. About 40% of the RegTech spend and focus is on what you’d call corporate governance and compliance management. Another 40% or so is in what you would classically call risk management. So that’s AML, KYC, that’s managing financial risk, it’s managing third party risk. It’s looking for fraud or financial crimes.
And then there’s about 10% in audit management, and then little pieces in business resiliency. You know, very few industries where there aren’t regulations to comply with, very few industries where you don’t have to worry about health and safety, etc. And if you say, “Well, what’s the work?” It generally is three kinds of things. There’s workflow improvement, right? So there’s people who normally would be working with, sometimes, actually paper, but it’s amazing how often the workflow is driven by email and spreadsheets.
And again, the goal is less false positives and fewer false negatives, right. So what does that means? So a false positive is, “Hey, this activity looks suspicious. I have to track it down. It takes me a long time. And so therefore, it’s expensive, but it turns out to be fine.” So how do I avoid that? And the false negative is the activity that I didn’t detect to begin with, either because I didn’t know what to look for, or the data was hard to get to. So the first is the workflow improvement.
The second is just general transparency and reporting. And there’s lots of opportunities to increase the visibility of processes, build dashboards, etc. And then the third, which is emerging, because the tools are just kind of coming online, are what I would call trend or anomaly detection. And that’s “Hey, there are outliers in groups, right, so I have a bunch of traders. Is there some behavior that I should be detecting, because they’re doing something wrong, and I have some outliers?”
You know, in the world of cyber, right? I’ve got all the traffic on my network, how do I detect what traffic is bad traffic, right, coming from the outside or even inside, someone who’s doing something they shouldn’t be doing? And then there’s just conduct analysis in general, right? Where, and there’s lots of privacy issues here, of course, but companies looking at sentiment and email to detect, “Hey, there’s an employee that might do something bad.” But those, those are the different kinds of things that we see.
And the reason there’s so much focus on this is, we do annual surveys, just to sort of ask risk officers and others, you know, how happy are you with your current solutions? And yeah, 70% say that what they have today doesn’t meet their needs, right? The solutions they have are too siloed. So they can’t look across their business. The technology is outdated, right? So a lot of these, as I mentioned, are run off Excel or email, right, which is very hard to keep track of what’s happening. Or you know, they’re just too narrow.
So, I’m going to say a statement – “RegTech is bigger than FinTech.” Do you agree or disagree?
Yeah. So, the short answer is “It could be,” just depends on the definition. So, if you just look within FinTech, what is the portion of that that’s going to RegTech, right? So that would be funding for RegTech within banking, within insurance, within financial services. And so the total in the first half of this year, the money that went into FinTech was about $61 billion. And going into RegTech was about 9.2. Right? So it’s about 15% or so, within the FinTech space.
What’s interesting, even within that subset, is the deals are getting much bigger, and it’s much faster. So the RegTech space for all of last year was 8 billion and it’s 9.2 billion in funding just for the first six months of this year. If you add all the pieces in, right, as we talked about earlier, other industries – pharma, healthcare, manufacturing – right, and you add law enforcement, then I think you can start to get to a point where you’re seeing RegTech being bigger than FinTech.
And it’s also one that we think is going to really grow in terms of size. There are a number of companies out there that are collecting unique datasets. Plus, you know, the technology is changing in this space as well. And so the ability to use this ,the ability to use API’s, the ability to match and clean the data is going to drive a lot of growth.
Would you say tech is agnostic to subject matter or industry?
I think the technology is agnostic. Writing an API is not necessarily different, you know, one industry or another, the concepts of machine learning apply. But, in fact, you need a tremendous amount of domain knowledge here. So the technology part, on the one hand, it’s exciting because it’s evolving really quickly, right – parallel processing, and in memory compute, and graph databases – a whole bunch of things that we could talk about that are making the technology more effective, cheaper, faster, etc.
But applied in a vacuum, it’s very hard to get value. Particularly if you think about most organizations, particularly large organizations, already have a ton of technology. So just saying, “Hey, here’s this new thing. Good luck plugging it in,” obviously, is not very helpful. You know, and just to give you a very specific example of that, I was working with a bank where the modeling team had developed what they thought was a fantastic fraud modeling.
They had back tested it, and we’re getting terrific results. And so they brought it to the business, of course, and said “Oh, let’s start using this right away.” And as they started implementing it, the IT team said, “Okay, well, what do you want to do with the real time data?” And the team said, “Well, what do you mean real time data?” And it turns out that, you know, they hadn’t really thought about in application, the fact that they were gonna have to process massive amounts of real time data. They had really done more back testing.
What is the largest value add from RegTech? Do predictive capabilities come into play anywhere?
What, to me, is super interesting in this space, is you actually get really good feedback loops. As I digitize processes, I can collect data. And I start to learn things that I didn’t know before. You know, a lot of organizations figured out that, “Hey, if forms are taking a really long time to fill in, that may be an indication that there’s some sort of fraud going on.” But that’s something that, before the forums were digitized, right, before people were doing were inputting the data themselves online, I couldn’t have seen.
So I think the prediction side is quite interesting. But it’s enabled, if you will, by lots of changes going on in the data collection, etc. Even something like using machine learning to clean data and find insights is a big, big change. You know, most people think of machine learning as great, great insights. There’s actually increasingly machine learning applied to cleaning data, there’s machine learning on optimizing algorithms, right, all of which just makes this easier to use. So you know, the prediction is the cherry on top of the cake – you got to do all the work to get the cake made and mix the ingredients. Otherwise, you can’t do much with it.
And now, we want to end with what we love to call the one mic stand. And we’re going to ask you to make a prediction, as we are an AI company after all. So Allen, what is the one thing that you are paying attention to that others haven’t yet?
Yeah, I think related to this area, there are a lot of things I’m paying attention to, but particularly related to this area, I think what’s quite interesting is going to be the collision or mashup, if you will, between folks who are building workflow tools and the no code players – low or no code players – who are kind of getting into this space. As an example, if I’m building a form, no code lets me say, “Okay, well, I’m going to put in a little Lego brick that has all of the addresses in the US. And then I’m going to put a Lego brick in that has a traditional typical form of name, address, zip code, right? Then I want to link that to some other data source in my company, that’s already been created for me.”
So I can quickly assemble things. And what the better players are doing on the back end is actually managing all that for me. And the reason I say that is, you know, the big unlock for lots of organizations – banks, insurance companies, and many others – is turning workflow into code, which has a couple of advantages. One, obviously, you could run the same code again and again, and it’s not going to give you a different outcome, right.
So the predictability is really high. If you’ve got automation, the bots don’t get tired. But also from a compliance point of view, you can really start to get a lot more insight into what’s happening. And if there’s a change in regulation, you can then just quickly cascade that through. And what’s been hard traditionally, in automation in this space in general, is you can build bots, but the bots get stuck because they tie into other systems.
And what I’m seeing is the no code players, at least a few of them, are getting really really good at workflow. The faster you could build workflow tools that pull in data sources, the faster you can build workflow tools that give you transparency, the faster you can build workflow tools that can deal with, you know, more complicated decision trees, etc, then this whole space starts to really take off. And as we look across organizations, we still see many, many things in areas that would benefit from workflow improvement and process automation.
And that’s in risk areas, and many other areas as well. And what that lets you do is, again, collect more data, and then shift the time and effort that people have from doing the manual work to actually doing the analytics, which, you know, is the more interesting stuff anyway. So that is the place that I’m watching, which is the sort of no code impact, low and no code impact, on workflow, which I think is going to actually be pretty significant.
Allen, thank you for being here. We hope you enjoyed it.
It was terrific. I thought the questions were great and really enjoyed being part of the podcast. So thank you very much.
If you’re curious about other data trends, give our episode CTRL + ALT (CREDIT) with TransUnion’s SVP of Consumer Lending, Liz Pagel a listen. And if you’re left wondering about anything else related to Tresata Talks, email us at firstname.lastname@example.org. That’s c-u-r-i-o-u-s at tresata.com. Give us a follow on LinkedIn, Twitter, Instagram and Facebook. And feel free to subscribe anywhere you’re listening to us. And we’ll talk data to you soon.