Ask any compliance officer and they’ll tell you; compliance is expensive. There’s the cost of staff, both in wages and in time. There’s the overhead to support the personnel, from office space to computers. There’s the lost business, from potential customers or businesses turned off by the cumbersome onboarding and frustrating process.
Even more damaging though, is the cost of non-compliance. According to Mark Carney, Governor of the Bank of England, “Global banks’ misconduct costs have now reached over $320 billion.” But the damage doesn’t stop there. If that $320 billion was investment capital, “it could otherwise have supported up to $5 trillion of lending to households and businesses.”
These huge fines and penalties for misconduct and non-compliance build distrust in financial institutions, adding fuel to the fire for those who believe that our financial system is corrupt with opportunists and criminals. Deteriorating trust in financial institutions has wide-ranging effects on the institution, from lower sales and margins to higher employee turnover. Effects also spill out onto society as a whole by slowing economic growth; with less capital available, there’s a decreasing availability of consumer and business loans.
The cost of compliance is significant, both as a cost of doing business and as a reputational gatekeeper. Only by being good corporate citizens and adhering to compliance regulations can financial institutions expect, as Carney pointed out, to get “the consent of society in order to operate, innovate and grow.”
These observations are amongst the insights found in Cost of Compliance 2017, the eighth annual survey of compliance costs by Thomson Reuters. The report uses survey information from over 900 compliance professionals around the world and is a good compendium of an industry facing an ever-increasing rate, complexity and amount of regulatory changes.
While 53 percent of respondents report that compliance budgets will increase at least a bit this year, the days of throwing money at the problem seems to have ended; only nine percent expect a significantly higher budget. One factor is the growing acceptance of RegTech solutions that use technology to create more efficient workflows and require less human resources to accomplish the task.
As Ed Sibley, Director of Credit Institutions Supervision, Central Bank of Ireland, states, “We need to be alive to the disruptions that are coming, to be flexible and adaptive and recognize that successful implementation of new technologies can drive significant efficiencies and greater robustness.”
Besides the day-to-day operations of complying with rules, 2017 is full of strategizing, planning and implementing for massive regulatory changes. For example, in Europe, there was 4AMLD, which went into full effect in June 2017, as well as the upcoming MiFID II (January) and GDPR (May). In the US, there’s the FinCEN Final Rule (also in effect May 2018).
There’s also a lot of uncertainty to consider with Brexit and the Trump presidency, with his call for deregulation. Whatever the outcomes are, compliance needs to be ready. Better yet, they can get involved and help legislation by actively lobbying and sharing their viewpoints. After all, they will bear the brunt of the changes, so they need to have their voices heard.
Besides regulatory change, there are significant changes in the technology. Unfortunately, it seems that compliance is not yet fully involved in the technology adoption process; only 21 percent are fully engaged and consulted in implementing fintech solutions. Although 42 percent are somewhat involved, shockingly 16 percent are not involved at all with tech assessment. This points to a divide; those firms that are embracing new technologies and those that are ignoring them.
RegTech is in the same situation, while 35 percent of respondents are growing their budget for these solutions, 24 percent don’t even have a budget for it. As regulators are increasingly accepting and promoting technological developments —including regulatory sandboxes, forums and hubs— those not using the best tools for the job will have to answer for their lack of progress. Regulatory intelligence experts Stacey English and Susannah Hammond, stated in the report “compliance functions in particular are likely to come under increased scrutiny if they are not seen to be considering and deploying RegTech solutions to aid regulatory risk management.”
One of the main stumbling blocks for the tech dawdlers is lack of technical expertise. With the new technology comes a change in the actual job role and skill set to properly perform compliance. Before, compliance was focused on knowing the laws and regulations for your business. Soon, as Andrew J. Donohue, SEC Chief of Staff points out “[tweet_dis excerpt="Compliance will require expertise in technology, operations, market, risk & auditing, to name a few"]the necessary expertise for compliance will consist of a far broader set of subjects, including expertise in technology, operations, market, risk and auditing, to name a few[/tweet_dis].”
The amount and diversity of tasks that now fall on compliance is immense. With an average of 200 regulatory updates per day from over 750 bodies, just tracking and analyzing changes is challenging. On top of it all, tasks such as reporting to and interacting with the board and regulators, monitoring, training, implementing cultural change, risk assessments and reviews, reviewing and implementing best practices, protecting data and reporting money laundering, are just a few other responsibilities of compliance professionals.
To ensure compliance professionals keep up with these changes, they will require serious upskilling or need to onboard new talent, both expensive options. However, as the report writers point out, “Without sufficient appropriate investment in technology and associated skills, firms and their compliance functions will not have the infrastructure to enable them to thrive into the medium to long-term, and specifically, the compliance function will not be able to reap the benefits of rigorously customized and deployed regtech.”
The report covers many other areas, from personal liability to reporting, interacting with regulators to managing regulatory risk. With so much change happening, this year puts compliance at a crossroads on which direction its future will develop. Is your firm making the right choices that will help guide you going forward? Are you starting to implement the changes that will serve you well?
It’s not about making changes for change sake. Rather, it’s about making smart changes; understanding the possibilities, making smart decisions, creating a plan and implementing it. Change is going to happen, whether we like it or not. By anticipating it, accepting it, and planning for it, we can better manage it and create a more prosperous, enjoyable, workable future.