An Overlooked Target for Modernization

Maintaining compliance requires manual, repetitive and error-prone processes, handled by small armies of well-compensated experts -- but many can be automated. 


While the insurtech movement has taken hold and insurers are rushing to automate core processes, a labor-intensive cost center ripe for modernization is often overlooked: regulatory compliance.

Heavily regulated industries, such as finance and insurance, must grapple with a compliance landscape that is fast-changing and chaotic. Without automation and modernization, compliance change management swallows up resources at an alarming rate. Maintaining compliance in these industries requires many manual, repetitive and error-prone processes that must be handled by small armies of well-compensated experts.

To stay current, compliance officers must keep up with not only regulatory changes from multiple agencies but also the enforcement patterns that illuminate on-the-ground realities in a range of jurisdictions, from local municipalities all the way up to international regulatory bodies. Without automation, finding, reading and interpreting relevant regulatory changes and numerous enforcement actions is a cumbersome, manual, labor-intensive process that shifts the attention of skilled specialists away from higher-value projects. 

Regtech solutions automate many of those core compliance processes, so skilled experts are freed to apply their skills to initiatives that better leverage their expertise to benefit the bottom line. 

How regtech complements insurtech

For organizations already benefiting from insurtech, an obvious next step in their digital transformation journey is to investigate complementary solutions, such as regtech, which rely on similar innovations. 

Insurtech and regtech solutions  have evolved along parallel paths. In fact, some insurtech solutions include basic compliance features and vice versa. 

Regtech leverages many of the same core technologies (SaaS, ML, predictive analytics) as insurtech to deliver operational efficiencies, cost savings and better overall user experiences. As the name implies, regtech also plugs important gaps, such as automating regulatory change management, flagging relevant enforcement actions and delivering actionable insights to various stakeholders throughout the organization in near-real time. 

As with insurtech, regtech solutions are also expanding rapidly. According to ResearchAndMarkets, the global regtech market grew from $6.26 billion in 2020 to $7.9 billion in 2021, a compound annual growth rate (CAGR) of 26%. The market research firm predicts that the sector will continue to expand at a CAGR of 24% for the next few years, reaching $18.89 billion in 2025.

The steep cost of legacy anchors

However, insurtech and regtech are both still early in their adoption cycles. A major reason insurance firms are often slow to adopt new technologies is the need to support legacy software that was designed for a different era, one when cloud computing was not common and software was sold as a product, not a service. Many organizations believe that the change costs are too high to abandon these systems. 

Nothing could be further from the truth.  

Cloud/SaaS-based solutions have given businesses across the economy the opportunity to transform various cost centers in their businesses by optimizing processes, automating tasks that can be handled by new solutions, such as ML and AI, and adopting best-of-breed SaaS solutions that deliver fast ROI, turning capex into opex.

Legacy, pre-cloud systems, in contrast, are usually deployed on on-premises infrastructure that requires high up-front costs, steady maintenance overhead and steep management costs. These systems constantly burden IT teams with a range of labor-intensive, repetitive, error-prone tasks that are better and more affordably handled by technologies such as ML and AI. 

Most regtech solutions, just like insurtech, are built from the ground up as cloud-native, whether public, private or hybrid, and to be consumed as SaaS. With streamlined deployment cycles, intuitive user interfaces, automated workflows and application programming interfaces (APIs) that connect related solutions, regtech software eliminates errors, streamlines the compliance lifecycle and frees compliance officers from time-consuming, error-prone, manual processes.

Why 2022 is the right time to modernize compliance. . . before it’s too late

While regtech can help insurance organizations modernize, optimize and eventually automate many compliance processes and workflows, adopting regtech isn’t a simple bolt-on to insurtech platforms, and insurance companies will need to carefully manage the transition to automation-driven compliance.

A September 2021 study by McKinsey forecast the top 10 technology trends that are poised to disrupt the insurance industry in the near term. Of these, McKinsey zeroed in on five that will have the biggest impact on insurance: AI, distributed infrastructure, future of connectivity, next-level automation and trust architecture. 

All of these next-generation trends are converging with today’s best-of-breed regtech solutions, which are powered by AI and built on distributed cloud infrastructures. Regtech software also connects to related business solutions through open APIs, automates cumbersome tasks like tracking regulatory changes and should easily integrate into zero-trust architectures. 

In contrast, insurance organizations that continue to rely on ad-hoc workflows and outdated compliance software risk lagging behind competitors that are quicker to modernize. Lagging businesses also face higher risks of falling out of compliance and getting penalized for it. 

With regtech adoption on the rise and the regulatory landscape growing increasingly complex, 2022 is the year to get serious about modernizing compliance, so you can transform one of your organization’s cost centers into a competitive advantage. 

How to evaluate regtech providers: seven questions to ask

While insurtech and regtech have much in common, the two emerging technologies also differ in important ways. Here are seven questions to ask providers that will help you evaluate whether their solutions will meet your organization’s goals: 

1. How will your solution integrate with complementary solutions  we have already deployed, such as insurtech? 

Integrating insurtech with regtech will help you mitigate risks. For instance, many insurance companies are eager to leverage insurtech to deliver new products, but what happens if those products run afoul of existing (or pending) regulations? 

Ask regtech providers how data will be shared between the solutions and then throughout the organization, so business decisions do not undermine compliance.

2. Do you have reference customers in our sector of the insurance industry? 

Some regtech providers may offer solutions for your industry that are retrofits of solutions designed for other industries, such as healthcare or financial services. While some features may port easily to insurance, others may not. 

Ask vendors to provide references of customers from your market sector, so you understand any challenges that may be specific to your industry. 

3. What’s a realistic timetable for ROI?

Every SaaS provider promises low total cost of ownership and fast ROI, but don’t mistake this for table stakes. Those claims are often inflated. Ask providers to calculate your ROI. . . and then ask them to show their work. 

4. After the transition, where do our existing compliance experts fit in? 

Many fear that AI and automation could eliminate skilled positions that really shouldn’t disappear. Modernization shouldn’t destroy organizational strengths like institutional knowledge and the kind of nuanced subject matter expertise that AI cannot duplicate. 

Ask regtech vendors for a before-and-after picture. How will adopting regtech affect your existing compliance team, and how will the day-to-day work of compliance experts change?   

5. What happens if we decide to switch to a competing provider in the future? 

One of the biggest drawbacks of the cloud/SaaS era was supposed to be a major strength: data portability. In theory, data should be easy to move from one system to another and from one vendor to another if you decide to change, but proprietary software layers often prevent this. 

Ask providers about data ownership and find out how difficult it is to export your data. 

6. How do you protect data and control access? 

Automated compliance won’t deliver ROI if a data breach hits your organization. Be sure to have your security experts grill providers on their various access control and data protection features. 

7. Does your regtech solution satisfy regulators? 

Regulators will have their own priorities, and regtech solutions should have built-in features to address them. Be sure to ask providers about areas that regulators emphasize, such as transparency and the ability to repeat processes and audit data trails.

Kayvan Alikhani

Profile picture for user KayvanAlikhani

Kayvan Alikhani

Kayvan Alikhani is co-founder and CEO of, where he leads operations, strategy, sales and marketing.

He is a leader in industry strategy and serves as a representative on various industry alliances and boards, including FIDO ( Fast "IDentity" Online) Alliance. Alikhani is also CEO and co-founder of PassBan (acquired by RSA), a company focused on mobile identity assurance.

He has a strong background in leading strategy and creating security identity for mobile solutions in VOIP-based (voice over internet protocol) networks. In addition to PassBan, Alikhani has several other ventures in his portfolio, including co-founding then serving as CTO at BeNotified, a cloud mobile communication service provider. He also serves as co-founder of AVIRNEX, a cloud-based, enhanced-fixed and mobile communication service provider.

Read More