Skip to main content

Regtechs, fintechs and data sharing

Soraya Jansen

Views, thoughts, and opinions expressed in the text belong solely to the author, and do not represent the views of the Support Centre for Data Sharing or the European Commission.

This article is the third and final part of a series on open banking and data sharing. After researching the topic, I believe that regtechs improve the customer experience by making the process of legal compliance easy to use and more efficient. New data protection regulations will show whether regtech can easily adapt and re-use data in an intelligent manner.  


Introduction to regtech

Financial regulatory compliance can be potentially long and costly. Regulatory Technology, or “Regtech”, provides a solution and helps fintech firms to move away from the concept of ‘big data’ towards ‘smart data’. In other words, regtechs process the data that is being requested by regulators in an intelligent way.  Regtech refers to the management of regulatory processes with the use of technology and data. Regtechs can help fintechs to be compliant with the regulations. Thereby, they can also help regulators to be more specific and precise in the requested type of data to develop controls and data gathering. Examples of European regtech start-ups are the Irish Regbot, the German Deltacon, and Risk.Ident.

New developments in “regtech” have made it easier for fintechs to comply with regulations. For instance, many fintechs use regtech to comply with European Union regulations such as eIDAS through remote electronic identification.[1] Many fintech companies use regtech to comply with the know your client/or customer regulations with a three-step verification process.[2] The user needs to provide a password or log-in code, an identification document and a biological trait. Regtech comes into play in scanning the identification document and the biological traits. For example, the German personal finance management application N26 asks potential users to provide three forms of identification before they can open up a new bank account. Users need a log-in code, a verified identity document and have to upload a selfie through the application. Users are asked to make a picture of their identification document (ID, passport, driving license) and need to make a selfie that is checked for resemblance with the photo on their identification document. In short, this process is a remote electronic identification check on the identity of the potential user. This is necessary to comply with the regulations. Thereby, the process can be completed from home and usually takes only a few seconds. The use of regtech can significantly reduce a fintech company’s costs and time and improves user experience for customers as they can open an account quick and easy, often within a few hours or a day.[3]


Regtech versus traditional solutions

The key differences between traditional solutions versus regtech-era solutions are agility, speed, integration and analytics. Traditional solutions can be inflexible and require development or configuration for enhancements or changes. Customers used to have to physically visit a bank to scan their passport or ID manually. With the use of regtech, this identity check can be done remotely and very quickly. Datasets can be organised more efficiently and with speed.[4] Regtech intelligently mines big data to gain analytical insights. Often, the same data is used for different purposes, which makes the process quicker and better integrated. Regtechs use advanced analytics and assessment techniques to adapt to new regulations based on what has been seen previously and how that has been interpreted. In this manner, fraud and customer behaviours are analysed and signalled. [5]

Another important difference between regtech and traditional solutions is that regtech is most often cloud-based. This means that data is remotely maintained, managed, and backed-up.


The future of regtech

New data privacy regulations increase the need for regtech in the present and in the future. Cyber attacks against financial firms have become more common and more severe (a process especially accelerated during the COVID-19 implemented lockdowns). The European Union has updated its Data Protection Directive[6] – originally written in 1995 – to take into account new technological developments in 2017.[7]  The General Data Protection Regulation (GDPR) is especially relevant for financial firms as they hold the most personal data of any industry (except for the government). Not only must the firms themselves protect this data, but the many third parties and vendors they work with must do so as well.[8] Firms might find challenges in justifying a large investment in regtech and realising scalable benefits of regtech as it is now often applied as a spot-solution instead of a broader compliance strategy.

Financial firms need robust data analytics tools to process and mine the massive amount of data they store to comply with new regulations. Also, knowledge and insights are required as this can improve efficiency, lower costs and better prepare firms to comply with future regulatory requirements.  


[1] Regulation EU No 910/2014 of the European Parliament and of the Council on electronic identification and trust services for electronic transactions in the internal market ("eIDAS") -

[6] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to processing of personal data and on the free movement of such data -