RegTech (Regulation Technology),  has been used in the financial industry (often referred to as FinTech), since 2008. But, it has only been recently that the tech industry has considered applying this to other fields. As a small business consultant and web developer, I often have small businesses come to me looking for small-business solutions to big problems.

One of these has been the need to comply with regulations for tobacco and vaping products. Needing to comply with regulations isn’t something new in business, or in e-commerce. Sometimes they are relatively simple, sometimes they are complicated. With two recently customers, I used RegTech to help them comply with new regulatory burdens for the vape company.

As e-commerce has become the norm, states have begun to regulate e-commerce and the sale of goods in their state. The problem we were presented with is that each state has different regulations related to the sale of vape products. For example, different states have different ages that range from 18 to 23 years old to be allowed to buy tobacco. Some states regulate vape products the same as tobacco, while others only regulate the vape juice. Others regulate the way that verification is conducted online. Some require that the e-commerce company actually see and verify the customer’s ID (such as a driver license). With others, you are simply required to verify their date of birth. Whatever the case, there are APIs that can usually provide this information.

We were able to build our clients a system, based on RegTech that provides them with real-time compliance, with the least intrusiveness possible. When the customer checks out, based on their state, the system asks them for the least amount of data needed to comply with that state’s regulations. For example, in California, customers must be 21. We would ask them for their date of birth. They already fill in their address, so the two are sent in realtime to an API which returns either a verification or a need for more information. In some cases, a partial (last 4) social security number is needed. Once they enter that, the SSN is sent back to the API and a new verification is run. This takes less than a second. A decision is returned. In some states, we are required to take further steps to verify a customer’s identity. For example, we may present them with questions that only they should know, such as ask them the name of their car loan company. The customer does not see this as it is completed as they are finishing the checkout, and the verification information is stored in the backend for order processing.

When employees begin the processing of the order, they are given a score that tells them if the customer has been properly verified. It also gives a score on the likelihood (based on data) of their being any fraud related to the verification. In rare cases, the employee may either send a request for the customer to provide additional information or in very rare cases have them upload a copy of their state-issued ID.

Buy using RegTech, we have been able to help small and medium-size companies stay in compliance with 50 different state regulatory requirements and made it less burdensome for them. Even with the initial cost of implementing, their cost has been cut because it is less labor intensive. It has also helped them to retain customers because the process has become less invasive. Before our solution, companies would have to have every customer upload a copy of their ID. Then an employee would have to manually call and verify that. Not only did this present security and privacy concerns, but it takes many more hours – costing the company more in wages.