Getting personal with regtech and digital identity

Go back

Where regtech comes into its own is in the deployment of technologies that handle and process the huge amount of data consumers generate in their day-to-day behaviour, actions and transactions online and the translation of that into enabling procedures for companies dealing with regulatory and rules-based systems.

It is an offshoot of fintech and there are clear user cases in financial services for technology-led solutions that can deal with issues around KYC (know your customer) and AML (anti-money laundering), digital identity generally and for dealing with potential fraud.

This is also the case, of course, with the gambling sector and where a similar list of pertinent issues apply and where digital-identity solutions have been in use for some years. As Jamie Miles, head of KYC at digital identity provider Onfido, says the benefits of utilising technology in these areas and what they bring in terms of efficiency savings and the standardisation of data are clear.

“With technology automating up to 80 percent of the KYC process, internal resources can be reassigned to the 20 percent of difficult cases that need human expertise,” he says. With different data sets from differing territories being very heterogeneous, it menas that technology can be brought to bear that can improve data capture and enable the datasets to be better populated for increased future use.

“Using something like machine learning for analysis means that processes are always improving over time,” he adds. “All of this building towards helping businesses innovate.”

Zac Cohen, general manager at global ID-verification provider Trulioo, says that regtech has enabled companies to map and analyse huge amounts of data, a process that previously was overwhelming. Regtech, he says, “gives compliance leaders critical tools to identify and protect against these risks in ways previously unavailable” and as such the technology can drive “unprecedented value within any compliance strategy by streamlining and automating oversight at big-data scale.”

Privacy and the General Data Protection Regulation (GDPR)
The degree to which an almost unfathomable amount of data has been digitised within the past decade or more has generated its own pressures for the world’s regulators. What is focusing minds in the regtech sector is the imminent arrival of the EU’s General Data Protection Regulation (GDPR) and what that means for the privacy landscape generally.

Guy Cohen, the policy lead at leading regtech and digital identity services provider Privitar, points out that privacy is driving the conversation forward in various areas of the economy. “Privacy has been a high-profile issue in healthcare for some time, and the data being used is highly personal and sensitive,” he points out. “For telco there have been notable privacy issues raised in a number of instances, and in financial services there are clear data-protection risks which banks have been managing for some time.”

With the concerns among operators in a range of sectors being matched by obvious consumer worries over digital privacy, it is easy to see why the launch date for the EU’s adoption of GDPR in May next year has taken on a central importance.

“In the short and medium term, the GDPR will have a massive impact as it will push all organisations to meet a set of minimum standards,” says Cohen from Privitar. “In the longer term, though, it may be seen as part of a general adjustment to bring privacy protection into digital innovation.”

He continues: “I think we are at an inflection point where customers start to see the potential harms which arise from the explosion of recording and processing of their personal data. In the future we expect to see privacy increasing as a competitive differentiator as customers seek out organisations which adopt privacy protecting business models. This will mean that the winning formula for the future is not whether to innovate with personal data or not, but whether to innovate with personal data in a privacy-preserving way or not.”

Taking back control
Further advances in this area are likely to come via potential blockchain applications. One such business which is exploring ideas in this area – and has the official stamp of being a participant in the UK’s Financial Conduct Authority (FVC) regulatory sandbox experiment – is Tradle, which it says is hoping to build a global trust network based on a blockchain KYC process.

Founder and chief executive Gene Vayngrib points out that digital regulation has the potential to create more stability and trust in the system than paper regulation could ever manage. Moreover, he sees the potential for blockchain to enable consumers to regain oversight and ultimately control of their own digital identity and their online privacy.

“We are basically resolving some of the tensions (over data and privacy) that have emerged recently,” he says. “How do we do GDPR and comply with that, while at the same time fulfilling all sorts of regulatory requirements, some of them effectively spying on your customers and reporting them to the regulators without them knowing about that? We can answer something like 80 percent of these concerns.”

Yet in moving to implement blockchain in the digital identity and privacy realm, Vayngrib readily admits that he is calling into question the very notion of big data and its application in the real world.

“On the surface, we kill big data because the data is disaggregated so you can’t analyse it in one place,” he says. “You shouldn’t be utilising my pattern of usage across five banks. No one should be doing that except the individual user. The 360-dgeree view will work for a while, but it’s wrong. It’s wrong to be tapping into sources they shouldn’t be tapping into.”

Vayngrib makes the point that from the point of view of the financial regulators, the idea of ring-fencing and restricting general access to big data has a lot of appeal. Arguably, it should also be on the radar of the gambling industry, particularly given the trend evident in online towards greater personalisation when it comes to marketing and the user expereince.

“Digital identity is the most critical enabler for any kind of service in the digital market, especially the regulated industries,” Vayngrib concludes. “But it has to be a solution which is very acceptable to consumers and small business and without the government dominating the creation of those services. The personalisation nirvana will be constrained by what the customer wants.”

Among the current leaders in the field of digital identity there is an acknowledgement that they are a part of an industry which is still in its formative stages with change being driven as much by the regulators as by the technology.

“The ever-present challenge for online gambling operators and anyone in a regulatory environment is change,” says Triulioo’s Cohen. “The key is not necessarily predicting which direction compliance will go, but rather partnering with technology providers built to adapt who can provide that flexibility and continuously evolving suite of solutions.”