The State of Financial Crime 2022 - Read our global compliance survey

Regtech Compliance Solutions: Buy or Build In-House?

Sanctions Knowledge & Training

AML/CFT compliance obligations continue to create massive operational headaches for financial institutions. It’s not easy to navigate an increasingly complex regulatory landscape while also providing a seamless user experience for customers. But regtech solutions, which leverage emerging and innovative technologies to combat regulatory constraints, offer financial institutions (FIs) a way to do both.

Nevertheless, the dilemma many FIs face is whether it makes more sense to build an in-house solution or buy a ready-made one from an external vendor. With most major banks needing to allocate an estimated 15-20% of their total “run the bank” spending to governance, risk and compliance, this decision can have a big impact on an FI’s bottom line. So what should FIs do?

The Pros and Cons of Going In-House

The build-it-or-buy-it debate is one that FIs have all along their operational workflow as they look to cut costs. But while it can be tempting to use your top-notch IT department to develop the software you’re paying external vendors for — and we have no doubt they can whip something up — your ROI will vary. This is especially true when you take into account the time needed to maintain, scale and improve it. Assessing what you truly need from each solution, and whether you can add value, is a great start.

Ask yourself: Are you endeavoring to reinvent the wheel? Or do you truly need something unique that no external vendor can offer? We often find that in-house solutions make more sense for infrastructure-related projects that the entire company can use and that require in-depth company knowledge. Tasks that only have internal oversight and impact (like, for instance, fraud detection and prevention tools) are also great candidates for in-house solutions. 

Nevertheless, AML/CFT compliance solutions require specialized expertise and data outside of your main wheelhouse, as well as cooperation with and oversight by external regulators. The world of AML is filled with regulations (and each country, state, province, etc. has its own).  It becomes a time- and resource-intensive black hole, and it’s easy to lose yourself in it and miss important nuances.

Plus, it’s not a one-and-done investment: as your company’s offerings grow, as the industry grows, and as regulations change and evolve, so too will your AML/CFT tools (or, at least they should be growing and scaling with you). It’s costly to continue to devote time and energy to tools that are non-revenue generating. But if you still decide to build in-house, consider the following:

  • What resources will you need? Think about both the initial build and what you’ll need to do to maintain your tool (including training others on how to use it).
  • How can you make sure this tool integrates well with your current workflow and tools? How easy would it be to plug in different tools in the event you decide to change in the future?
  • In the case of any screening tools, if you increase screening volumes, will the tool you’re building be able to accommodate that growth?
  • In the case of onboarding and transaction screening tools, where will you get your AML data?
  • Do you have a good understanding of all regulatory requirements?

Buying Regtech Compliance Solutions

If you’re looking to fulfill universal needs, ones that, at a basic level, don’t vary based on company type, size and so on, a cloud-based regtech solution is your best bet. More and more, these solutions are pay-as-you-go SaaS applications. This means they’ll scale with you: you can add, remove and customize features depending on your needs at the time.

Compliance must-haves, like KYC/IDV measures and customer due-diligence processes, as well as transaction monitoring and sanctions screening, all lend themselves well to regtech solutions. They automate manual tasks and help FIs fulfill their AML/CFT reporting obligations so that companies don’t have to expend any more energy than necessary on tasks that aren’t making you any money.

That said, you’ll want to look for vendors that have a strong API, so that their solutions can easily plug into your existing tech stack seamlessly, and that make continual investments in their product. You’ll also want to make sure your vendors are giving regulators what they need, so look for solutions that have robust reporting features and audit logs. Here are some other questions to consider when shopping around for a solution:

  • Does the vendor have end-to-end ownership of their product — including the AML data they use — or do they partner with third parties to provide parts of their tool?
  • If they partner with third parties, how do their vendors maintain and update their tools and databases?
  • How easy is the alert escalation process?
  • What’s the vendor’s approach to information security?
  • How do they approach ongoing product updates and customer support?

Yet for compliance tools like sanctions screening or adverse media, one of the most important and often overlooked things to look for — and reasons to buy rather than build — is the quality of your vendor’s data. Creating your own database and data scraping tools is the epitome of reinventing the wheel. Why start from scratch when there are vendors that make it their sole purpose to provide you with near real-time data?

Finally, regtech solutions can be rolled out and configured little by little across business units or all at once. Using external vendors can allow you to, with minimal time and investment, pilot the software in one department or region before expanding its use across the company. So you can test out what works at a scale that fits you.

Regtech: Where Compliance and AML Meet

You can’t fight 21st-century-style crime with 20th-century systems — or even systems that are a few years old for that matter. Technology is advancing rapidly, and to accomplish the dual objectives of remaining compliant and fighting today’s (and tomorrow’s) financial crime threats, you need nimble systems.

Legacy systems, with their high false-positive rates and umpteen manual processes, are decidedly not nimble.

This is where regtech compliance solutions come in. They are niche products, designed by IT and compliance experts, that are meant to not only incorporate the newest technologies but to develop with them. Buying (vs. building) a regtech solution ensures that FIs can implement a risk-based approach to their compliance and crime-fighting obligations while mostly focusing on their core businesses.

To learn more about building vs. buying, click here.

Originally published April 30, 2020, updated May 5, 2022

Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.

Copyright © 2022 IVXS UK Limited (trading as ComplyAdvantage).