什么是RegTech？

McKinsey ExplainersWhat is RegTech? RegTech, or “regulatory technology,” refers to technologies that improveprocesses at financial-services organizations, particularly those related torisk and compliance. The effects of the 2008 financial crisisare still being felt today—in many sectors and in manyways, both obvious and subtle. The crisis’s immediate effects on financial institutions are well known. After the collapse or near-collapse of major banks, and in response to the newly exposed weaknesses in risk management,regulation, and overexposure to certain products (for example, mortgage-backed securities),many governments put in place more—and more complex—regulatory requirements. The UnitedStates, for example, passed the Dodd–Frank Act, which increased oversight of banks andfinancial institutions. Meanwhile, many other countries implemented regulations according to theBasel III rules, which were developed by the Basel Committee on Banking Supervision. Banks have struggled to meet these requirements ever since. In 2024 alone, banks paid$19.3 billion in penalties—a higher figure than ever before. To help manage their regulatoryobligations, banks can look to regulatory technology, or RegTech. RegTech solutions are softwareprograms that automate and improve how businesses manage compliance, monitor risk, and reportto regulators, with each software update reflecting the most current regulatory requirements. What led to the formation of the RegTech industry? Around the same time as the 2008 financial crisis, a wave of new technologies (includingartificialintelligence,machine learning,cloud computing, and biometrics) became widely available atlower costs than ever before. This made it possible for RegTech providers to develop cutting-edge solutions for financial institutions that needed to comply with postcrisis regulations andincrease the efficiency of their processes, which had largely been manual up to then. By 2016, the term had become commonly used at industry conferences, and the RegTechAssociation was founded in 2017. Today, what was once considered experimental in the risk andcompliance domains is now essentially mandatory technology for leading financial institutions. Learn more about McKinsey’sRisk & Resilience Practice. What are the core categories of the RegTech marketand how have they evolved over time? RegTech solutions fall into four main categories: financial risk and capital management;governance, risk, and compliance; cyber and IT security; and financial crime. Each categorycomprises various segments that can be mapped to a specific set of regulations and is served bya discrete set of providers. Here are examples of RegTech solutions in each category: —Financial risk and capital management.Asset and liability management (ALM) is an essentialprocess banks use to balance assets (such as loans and investments) against liabilities(such as deposits and borrowings) while managing risks, including interest rate fluctuations,liquidity shortages, and funding costs. Financial institutions can use RegTech to manage ALMand comply with regulations: for example, through tools that support fund transfer pricingand liquidity management. RegTech solutions also support dynamic planning, which improvesthe governance and insights that banks use to navigate volatile financial environments.(European financial institutions most often cite risk management as the reason to implementRegTech; see Exhibit 1 for more.) —Governance, risk, and compliance.Banks operating internationally need tocomply with asignificant number of regulations across regions. Their compliance teams are continuouslyscreening, analyzing, and interpreting regulations for their own institutions—a process thatRegTech can simplify. RegTech enables banks to scan their regulatory environments moreholistically, across jurisdictions, issuing bodies, and languages. These solutions can also helpbanks analyze, interpret, and even map regulatory requirements according to current policiesand controls. Exhibit 1<RegTEch>Exhibit <1> of <2> What reasons did European financial institutions report for wanting toimplement RegTech? McKinsey & Company Case study Achieving near-perfect regulatory compliance with RegTech At one US-based bank,the legacy regulatory management solution fulfilled less than 75 percent ofits regulatory obligations. This gap left the organization vulnerable to regulatory scrutiny and potentialfines. The solution also required substantial manual intervention and reliance on third-party legalservices to address outstanding regulations, provide supporting narratives, and map obligations tointernal policies and controls. To address these inefficiencies, the bank implemented a solution from a RegTech vendor that fullyautomated its process for regulatory changes, or how organizations manage and adapt to new orupdated regulations. The RegTech platform integrated with existing governance, risk, and compliancesystems, then automated t