Regulatory compliance is undoubtedly one of the most delicate aspects of any business. Every company must always come to terms with the demands made by the government to ensure that they are operating in full compliance with current regulations.
These regulatory requirements change over time and are modified according to the objectives of the government or the needs of a specific moment in time or a particular economic sector.
For this reason, compliance can be a particularly costly challenge for all companies, which are often forced to spend time and resources (both human and monetary) to maintain compliance with regulatory dictates.
In addition, for certain business areas – particularly those related to finance, insurance, and banking – strict compliance with specific regulatory requirements is relevant to the civil and criminal liability of companies.
In many cases, companies may be called upon to respond if it is determined that they are not in compliance with regulatory requirements and, therefore, that the compliance system designed internally is inadequate, with sometimes serious consequences for the company itself and individuals within it.
In light of this and given the need to make verification and internal controls simpler, faster, and more agile, RegTech–the set of “technologies that can facilitate the delivery of regulatory requirements in a more efficient and effective way” – was born.
Many obligations, one digital solution
To understand the strategic value of an effective RegTech system, it is enough to think about how difficult it can be for a company to comply with every regulatory requirement.
First of all, you’ll need to constantly be up to date with all the provisions in force and their possible modifications.
The main ones in Italy are: regulations regarding safety at work (legislative decree n. 81/2008), those regarding the protection of personal data (legislative decree n. 196/03), and those regarding the administrative responsibility of companies and organizational bodies (legislative decree n.231/01).
In addition to these, there are the obligations for contributions and taxes, such as those relating to electronic invoicing, which has imposed further obligations on companies, also at the instigation of the European Union, and to which Italy and Italian businesses have had to adapt little by little. The genesis of the electronic invoice can be traced back, at the European level, to the adoption and implementation of Directive 2014/55/EU, which originally concerned electronic invoicing in public procurement.
Therefore, it’s clear that companies need support in adapting to all of these regulations so that they are always in full compliance with regulatory requirements, which are often not straightforward.
In this sense, electronic invoicing is a perfect example of how complicated it can be to always be compliant with current regulations and the consequent obligations. Electronic invoicing itself has had a rather “tortuous” and gradual approval over time in Italy.
Suffice it to say that, as mentioned, the initial obligation for electronic invoicing arose exclusively for Public Administrations. Since June 6, 2014, PAs have been prohibited from accepting and issuing invoices in paper format, and they are also required to accept and produce only and exclusively invoices in digital format.
At a later stage, this obligation, which was limited to central public administrations, was also extended to all local public administrations, from 31 March 2015 (known as B2G e-invoicing).
Since January 1, 2019 this obligation has also been extended to companies and freelancers (B2B e-invoice) and towards final consumers in all cases of the supply of goods or services (B2C e-invoice), albeit with exceptions and specific differentiations depending on the subjects, recipients, and type of transactions.
From this overview, it seems clear that every single fulfilment requires great attention on the part of companies, since the application of regulations can change over time, and this requires a considerable capacity for verification and adaptation. If it was “only” the case for digital invoicing – which was a positive revolution for every business – imagine when the fulfilments are added up, with the consequent multiplication of obligations and deadlines.
This is why the monitoring solutions made available by RegTech become fundamental, also because the cost of regulatory compliance is not only linked to their control and fulfillment, but also to their non-compliance.
As mentioned above, failure to comply with regulations often results in significant costs in the form of fines and penalties.
To get an idea of what we are talking about, just think that in 2020, in the area of privacy alone, a total of 341 fines were imposed in the EEA (European Economic Area), amounting to a total of €307,923,725.
In second place are sanctions for inadequate security measures (20% of the total), while sanctions relating to the rights of the interested party and to total or partial violation of the obligation to provide information are marginal.
The interesting thing is that the distribution of sanctions has been quite transversal, primarily concerning the telecommunications and the services sector, as well as that for trade and productive activities, and those around banking, finance, insurance, and the Public Administration.
In addition to these sanctions, there are also those specific to each business area. For example, in the second half of 2020 alone, IVASS (Institute for Insurance Supervision) recorded no less than 36 sanctions, for a total of nearly €2 million in penalties, linked to breaches or irregularities.
In addition to national sanctions, international sanctions can also be added, as in the case of the banking sector. The European Central Bank’s Annual Report on Supervisory Activities in 2020 reported that “following requests to initiate proceedings previously made by the ECB and after assessing individual cases in accordance with national legislation, three financial penalties were imposed amounting to €6.8 million.”
This brief and certainly incomplete overview makes it possible to make two considerations. First of all, it makes it clear that simplifying the management of compliance concerns all economic players, regardless of their sector of competence and, secondly, that precisely because of the transversal nature of the theme, all sectors have the same need to implement RegTech solutions that reduce the risk of sanctions and, above all, simplify compliance for companies.
RegTech: between saying and doing
The need to have an effective and efficient RegTech system is clearly shared by the majority of economic players. However, achieving perfect implementation of the same is not a foregone conclusion.
RegTech, like digital transformation as a whole, represents not only an unquestionable opportunity, but also and above all a challenge for every company, since the impact of RegTech on the company organization is considerable.
For this reason, it is a good idea to put certain behaviors in place, both to adopt a RegTech system without the shock that this transformation brings, and to manage all regulatory compliance in an effective and innovative way.
First rule: There is no RegTech without technology
The first “rule” for using RegTech as a regulatory compliance management system is to be open to the new technologies made available by digital transformation.
It’s impossible to imagine RegTech without certain digital solutions, which, although not born for RegTech, represent an essential technical condition. After all, technology is a fundamental part of RegTech, without which most of the efficiency operations could not be realized.
The first type of technology to be adopted is Artificial Intelligence together with Machine Learning in order to manage, analyze, and interpret huge amounts of data and information. The use of these solutions is particularly delicate because it makes it possible to have a view of the company’s operations and quickly identify any criticalities or elements of non-compliance in order to intervene accordingly.
Among other things, Artificial Intelligence and Machine Learning are also very useful for automating the control and assessment of operational risks in the various phases of the business.
Speaking of automation, another technology to adopt is Robotic Process Automation systems right at the controls stage in order to manage workflows, reducing the time and cost of controls in favor of effectiveness.
Another example of technology to use is Blockchain, which is perfect for securely storing miscellaneous documentation and keeping digital records of any type of transaction or negotiation the company gets involved in.
Second rule: RegTech rhymes with dematerialization
Another key rule, which is more like a recommendation, is to embrace dematerialization.
This means that to get the most out of RegTech, it is essential that a large part of the processes and flows are dematerialized, perhaps starting with the entire document component.
Abandoning paper and migrating one’s archives, transactions, and negotiations to digital will undoubtedly facilitate the effectiveness of the controls and supervision that RegTech provides.
Obviously, however, you can’t limit yourself to this. Dematerialization must go beyond documents and involve the entire business, otherwise it’s only half a transformation.
RegTech is ideal for overseeing every phase of this transformation and, at the same time, it allows companies to carry out all regulatory obligations through technology, without neglecting any phase, and by making the entire process safer and more reliable.
Third rule: you can’t do it all yourself
RegTech promises considerable benefits to anyone able to implement its solutions, but processes of this type are anything but easy to implement, given that they involve many aspects of an organization.
For this reason, it is essential not to improvise, but on the contrary to be guided by experts in the field who know how to correctly address the transformation by implementing it gradually, working alongside the company so as to adapt interventions to actual needs, defined case by case.
In this sense, Doxee is undoubtedly an ideal partner to undertake this transformation, also thanks to the services it offers, such as Doxee paperless experience, which covers digital processes of a fiscal and documental nature, thanks to a complete set of tools that are adapted to the RegTech scenario and that accelerate business digitalization.
Fourth rule: RegTech is first and foremost an approach
RegTech is only the tip of the iceberg of a broader transformation. This means that what changes are not just processes, but the entire production approach, the conception that each company has of its own business.
Only in this way will it be possible to truly integrate RegTech solutions with one’s own organization and begin a virtuous circle that transforms the way that regulatory obligations are carried out into a factor of competitive advantage that increases the value of the company’s information and data.
For this to be possible, it is necessary to spread the digital culture among employees as much as possible, accompanying them in this delicate transition.
In this way, the internal resistance and fears that changes of this kind can provoke are clearly reduced and, moreover, employees are placed at the center of a transformation project of which they too will be able to understand and appreciate the advantages.
After all, there can be no digital progress if every stakeholder is not involved at every stage: this, among other things, ensures a much greater likelihood of success.
Fifth rule: anticipate as much as possible
Finally, another “rule” to make the most of RegTech’s systems is to use the analytical power of certain digital technologies (such as Artificial Intelligence or Machine Learning) not only to analyze the state of the art of one’s business, but also to predict future trends and risks, even in light of the regulatory trends of the moment.
In this way, regulatory compliance becomes the “test bed” through which you can experiment with innovative approaches to control and production, putting you at an advantage over the competition.
This kind of mindset also makes it possible to eliminate operational risks before they appear, and to reduce the diseconomies of supervisory systems that are often tied to outdated methods.
In this way, for once, innovation can come from management and control, driving all other aspects of production.