RegTech is the combination of `regulation’ and `technology’, and refers to the research and development of ICT technologies fit to help assessing and monitoring compliance with regulations, finding in force regulations relevant to some given business activities (e.g., specialized search engines), etc. One of the most currently popular subfields of RegTech is Fintech, i.e., applying RegTech to the financial domain.

While Law and Ethics for Science and Technology mostly refers to the study of existing AI technologies in order to make them more “human” or “human-compatible”, RegTech mostly refers to the opposite direction: using existing AI technologies to speed up and monitor the work done by humans. RegTech needs interdisciplinary research covering areas including Natural Language Processing (NLP), Computational Ontologies, and Logic & Reasoning.

Legal scholars and practitioners are feeling increasingly overwhelmed with the expanding set of legislation and case law available these days, which is assuming more and more of an international character. Consider, for example, European legislation, which is estimated to be 170,000 pages long, of which over 100,000 pages have been produced in the last ten years. Furthermore, legislation is available in unstructured formats, which makes it difficult for users to cut through the information overload. As the law gets more complex, conflicting, and ever-changing, more advanced methodologies are required for analyzing, representing and reasoning on legal knowledge.

The management of large repositories of norms, semantic access, and reasoning on norms are thus key challenges in RegTech. The aim is the definition of formal frameworks and the development of tools for mining and reasoning with legal texts, i.e., for translating these legal texts into formal representations that can be used for querying repositories of norms, compliance checking, decision support, etc., in light of computational challenges such as the handling of big data and the complexity of regulatory compliance.

Percentages of companies operating in RegTech – UK and USA dominate the market
(source: Citi Research, based on 127 RegTech companies identified by Jan-Maarten (JM) Mulder)

Norm mining. State-of-the-art systems in legal informatics classify, index, and discover inter-links between legal documents by exploiting NLP tools such as parsers and statistical algorithms as well as semantic knowledge bases or legal ontologies. This is often done by transforming the documents made available on the Web from legislative institutions into XML standards such as Akoma Ntoso, where relevant information is tagged. The XML documents are then archived and queried in a subsequent phase to retrieve the desired information. Although these techniques provide valid solutions to help navigate legislation and retrieve information, the overall usefulness of the systems is limited due to their focus on terminological issues and information retrieval while disregarding the specific semantic aspects.

Reasoning about norms and regulations. Reasoning is used to aid decisions and derive new knowledge from already encoded knowledge of norms and regulations – this knowledge may either exist directly through manual encoding, or may derive from the norm mining. One key idea of most logical accounts of normative reasoning (e.g., moral/ethical and in particular legal reasoning) is that it is defeasible, that is, that we may have reasons to abandon certain normative conclusions even though there was no apparent mistake in previously supporting them. Another key idea of legal reasoning is that legislation is not only a repository of rules, but it also contains texts that state the purpose of the laws, and the values and principles that underlie the laws. Laws are by design sometimes inconsistent, vague, inherently dynamic, can be violated if not useful, and may repair violations of other norms. It is necessary to model interpretation as well as the argumentative procedure behind the interpretation of statutory law.

Norm enforcement and compliance. Compliance requirements may stem from legislation and regulatory bodies (e.g., Sarbanes-Oxley, Basel II, HIPAA), standards and codes of practice (e.g., SCOR, ISO9000), and business partner contracts. Regulatory compliance in computer systems is aimed at ensuring that the specification requirements of such systems are in accordance with prescribed and/or agreed set of norms. Two fundamental strategies are identified in the literature to characterize norm enforcement and the concept of compliance in computer systems. First, norms may be hard constraints and the system compliance is achieved by design. This option is usually implemented by adopting the so-called norm regimentation strategy, which can amount to simply designing the system in such a way as illegal states are ruled out and made impossible in it, or by imposing that the occurrence of any illegal states is, in theory, possible but leads to signalling a system failure. Second, norms are soft constraints and so do not limit in advance the system’s behaviour. Compliance is then ensured by system mechanisms stating that violations should result in sanctions or other normative effects to recover from violations. In general, certain situations must be avoided by design, for example any serious failure affecting the system’s overall functionality: norms can be modelled here as hard constraints. In other cases, where it is of paramount importance to design flexible and adaptive systems, coordination and social models are used to set up self-organizing systems: whenever the overall functionality of the system is not directly in jeopardy, then norms (as soft constraints) can play a decisive role to guide and control the desired system behaviour.