The world of tech regulation is ever-changing as new technologies, guidelines, and reporting requirements arise. If you’re developing software in such a rapidly evolving landscape, you’ll have an increasing number of challenges to overcome. With new regulations set to go live in the near future, you’re likely facing growing pressure to create compliant, secure, and resilient applications.
In this article, we’ll explore the current state of the Regtech industry and examine how regulatory requirements impact software development in 2023.
Skilled talent shortage
One of the biggest hurdles the regulatory industry faces is the need for more skilled talent with experience in the area. According to ISACA’s State of Security in 2022 report, many organizations are struggling to find and retain qualified personnel. In addition, the growing demand for professionals who understand the complex regulatory landscape naturally leads to a competitive job market, thus exacerbating the issue.
The most common skill gaps noted are soft skills(54%), cloud computing (52%), and security control(34%). In 2023, software providers can prioritize training staff in skills the industry needs. Enough qualified talent would allow you to backfill in-demand positions and prevent this shortage from affecting your operation.
In 2016, the European Union adopted the GDPR – General Data Protection Regulation – giving E.U. citizens control over their data and how it’s used. Since then, other countries have followed suit, strengthening people’s control over their personal information.
Ever since the United States has also been putting its own privacy regulations in effect.
The California Consumer Privacy Act(CCPA), passed in 2018, is one of the most significant U.S. privacy bills, giving citizens greater control over how businesses use their data.
Last year saw 29 US states introduce data privacy bills. One of them was the California Privacy Rights Act, which took effect on January 1st, 2023. It expanded the CCPA to give residents even more power, such as the right to restrict personal information use, correct it, inquire about automated decision making and opt out of it. The American Data and Privacy Protection Act (ADPPA) aims further to regulate the gathering and storing of consumer information.
With all of that in mind, a software provider has a growing legal and moral obligation to meet an increased need for user privacy. Your first step in tackling that is to understand the regulations and identify the requirements your product or service needs to meet.
Once you understand the situation, you can incorporate security principles and processes into your work. For example, Privacy by Design(PbD) is an approach to data that emphasizes privacy at every stage of development and can help you ensure you’re complying with the latest regulations.
The increasing complexity of regulatory requirements
The European Market Infrastructure Regulation(EMIR) was introduced in 2012. By introducing reporting requirements, it aimed to simplify and improve the regulation of over-the-counter(OTC) derivatives and central counterparties(CCPs) in the E.U.
On April 29th (April 30th in the UK), 2024, the EMIR refit is going live. A review of the EMIR makes significant and granular amendments to the original legislation. It increases the total number of reportable fields and changes the reporting format significantly.
By introducing these new reporting requirements, the refit significantly increases the complexity of regulatory reporting. Software companies must keep a watchful eye on these changes, invest in compliance technology and consider automating some regulatory processes to remain compliant.
With the increased regulatory complexity we discussed, the industry recognizes that working together to share knowledge and solutions is critical to ensuring compliance. Gone are the early days of regulatory reporting when firms tried to tackle new requirements and challenges alone.
The growing adoption of the unified ISO XML 20022 format is a testament to this. Using a uniform regulatory reporting format means that all market participants, regardless of location, will be reporting similarly. This increased standardization serves to facilitate collaboration and cross-border reporting, as well as reduce inconsistent reports.
Working groups are one prominent example. Industry participants, subject matter experts, and clients work together to understand the industry’s needs, focus their efforts and ensure solutions to upcoming challenges cover all use cases.
For an example of an identified upcoming challenge, look at UTI(Unique Trade Identifier) matching. Since it refers to reconciling a trade’s unique identifier across multiple counterparties, it’s a manually intensive, time-consuming process. Working groups tackling this issue are looking for a way to reduce UTI pairing breaks and allow reporting companies to identify and amend incorrect trade details before TR submission.
As you can see, technological regulation is a rapidly evolving landscape, and it would take a conscious effort on software developers’ part to stay compliant. In 2023, people will get much greater control over their data. In addition, we’ll be facing an increasingly complex reporting environment. And all that coincides with a shortage of skilled talent with regulatory experience.
With that being said, the future is far from bleak. Industry participants are coming together and collaborating on a growing scale. Working groups are spearheading breakthroughs and streamlining reporting and compliance processes. And if you’re having trouble meeting the latest requirements, a good RegTech software partner (dreamix dot eu) could help you.
Ultimately, as they say, knowing is half the battle. You’re much closer to keeping your operation aligned and secure by staying informed of tech regulation developments.
Featured Image Credit: Provided by the Author; Dreamix eu; Thank you!