Chapter 1 Exercises

What Is RegTech? History, Definitions, and the Compliance Crisis

Conceptual Exercises

Exercise 1.1: Categorizing RegTech Solutions

Difficulty: Introductory

For each of the following products or activities, identify which of the five RegTech families it belongs to (Identity & Onboarding, Financial Crime Compliance, Risk & Regulatory Reporting, Trading Compliance, or Regulatory Intelligence). If it spans multiple families, identify the primary one.

a) A platform that scans news articles in 40 languages to identify adverse media about potential clients b) A system that automatically generates and submits MiFIR transaction reports to the FCA c) A biometric verification service that checks selfies against passport photos d) A tool that monitors trading desks' chat messages for patterns indicating coordinated manipulation e) A service that sends daily email digests of new regulatory publications from the SEC, CFTC, and FinCEN f) A model that assigns each customer a money laundering risk score updated monthly g) A system that checks payment counterparties against OFAC's SDN list in real time h) A Basel IV capital calculation engine that reports to the PRA

Exercise 1.2: The False Positive Problem — Quantification

Difficulty: Intermediate

Assume a transaction monitoring system at a mid-size bank processes 500,000 transactions per day and flags 0.5% as potentially suspicious (the industry average is 0.1–1%). The team's review finds that 95% of alerts are false positives.

a) How many alerts are generated per day? b) How many are genuine (not false positives)? c) If each alert review takes an average of 20 minutes, how many full-time analyst hours per day are needed to review all alerts? d) At a fully-loaded analyst cost of £80,000 per year (including benefits, overhead), what is the annual cost attributable to false positive review? e) If implementing a machine learning enhancement reduces the false positive rate to 75% (without reducing true positive detection), what is the annual savings?

Note: Show your calculations. There is no trick in the numbers — this is a real-world calibration exercise.

Exercise 1.3: Regulatory Timeline Analysis

Difficulty: Intermediate

Using the regulatory timeline in Section 1.3, answer the following:

a) Which regulatory development do you think had the greatest impact on driving RegTech adoption? Defend your answer in 150 words or fewer. b) Identify two regulatory events that are closely causally linked (i.e., one was a direct response to problems revealed by or related to the other). Describe the link. c) In 2025, Basel IV capital requirements were fully phased in. Which family of RegTech solutions is most directly implicated by this requirement? Why?

Exercise 1.4: Build vs. Buy — Initial Analysis

Difficulty: Intermediate

Maya is considering whether to build a basic KYC automation system in-house or buy from a vendor. Consider the following information:

  • Verdant Bank has two Python developers who could work on this project
  • A specialist vendor offers a solution at £120,000 per year including implementation
  • The in-house estimate is 6 months of development time, 2 developers at £60,000 salary each, plus £30,000 in cloud infrastructure
  • The vendor solution has API integrations with 15 third-party data sources; building equivalent integrations in-house is estimated at additional 3 months
  • Regulatory landscape: the FCA expects firms to demonstrate that their KYC systems are tested, validated, and capable of being audited

a) What is the first-year cost of each option (ignoring maintenance)? b) What non-cost factors should Maya consider? c) What questions would you ask the vendor before recommending them?

Applied Scenarios

Exercise 1.5: The Compliance Burden at Verdant

Difficulty: Applied

Reread the opening scenario in Section 1.1 from Maya's perspective. Then answer:

a) Maya has been given a budget for one additional hire. Should she hire a compliance analyst (to reduce the backlog) or a RegTech project manager (to lead a technology implementation)? Argue both sides, then make a recommendation. b) The FCA noted that Verdant's compliance framework was "not commensurate with its growth trajectory." What specific evidence in the opening scenario supports this finding? c) Write the first three bullet points of the brief Maya would prepare for the Verdant Board explaining why investment in compliance technology is necessary.

Exercise 1.6: Defining the Problem Before the Solution

Difficulty: Applied

Rafael Torres is preparing to write the business case for replacing Meridian Capital's legacy AML transaction monitoring system. His CEO has said: "Tell me exactly what's wrong with what we have."

Before recommending a specific solution, Rafael needs to clearly articulate the problem. Drawing on the concepts in this chapter, draft a one-page problem statement (approximately 300 words) that Rafael might present. Your problem statement should:

  • Quantify the problem where possible (you may use plausible estimates)
  • Distinguish between symptoms (alert volume, false positive rate) and root causes (rules-based design, outdated typologies)
  • Connect the technical problem to business and regulatory risk

Exercise 1.7: Mapping Cornerstone's Regulatory Relationships

Difficulty: Advanced

Using the description of Cornerstone Financial Group in Section 1.7:

a) Create a table mapping each subsidiary to its primary regulator(s), jurisdiction, and regulatory basis. b) Identify at least three areas where two or more Cornerstone subsidiaries face the same regulatory obligation (e.g., KYC) but under different legal frameworks. Explain why this creates complexity. c) Estimate the minimum number of regulatory reporting relationships Cornerstone must maintain. (A "regulatory reporting relationship" = one regulator to whom reports are regularly submitted.)

Research Exercise

Exercise 1.8: A Real-World Compliance Failure

Difficulty: Research-required

Select one of the following real-world AML compliance failures and research it using publicly available sources (enforcement notices, press releases, academic papers):

  • HSBC's 2012 $1.9B settlement with the US Department of Justice
  • Deutsche Bank's 2017 $630M settlement with US and UK regulators
  • NatWest's 2021 UK plea to AML failures
  • Standard Chartered's 2019 $1.1B settlement

Write a 500-word case analysis covering: a) What regulatory failures were alleged? b) What technological or process failures contributed? c) Which of the five RegTech families would have been most relevant to preventing the failures? d) What regulatory changes followed?

Reflection Questions

Exercise 1.9: The Human in the Loop

Difficulty: Reflection

This chapter argues that RegTech augments compliance capacity rather than replacing human judgment. Identify a compliance decision — in any of the five RegTech families — where you believe human judgment remains irreplaceable even with sophisticated technology. Explain why the decision cannot be safely automated.

Exercise 1.10: The Practitioner's Dilemma

Difficulty: Reflection

Priya Nair has just returned from a client presentation where she recommended a phased approach to KYC automation over 18 months. The client pushed back, asking for a 6-month implementation. Priya knows from experience that compressed timelines for KYC implementations frequently result in data quality problems that create regulatory risk.

What should Priya do? Write a 200-word response that takes her professional obligations seriously — both to the client relationship and to the underlying compliance goals of the project.