How much does your organization spend on compliance? It seems like a straight-forward question, but according to Cost of Compliance 2018, a Thomson Reuters survey, “accurately benchmarking total compliance spend is near impossible.”
Heightened regulatory scrutiny, compounded by complex requirements around data protection and privacy, have ballooned compliance-related spending, which is only set to rise as companies tap into the online borderless economy to pursue opportunities for global expansion.
Even from a human capital standpoint, compliance spending is significant. The competence expected of senior compliance professionals, at a time when the job function is undergoing rapid change, does not come cheap; further, compensations also need to account for personal liability – given the increasing number of individuals being held accountable and penalized for their employer’s instances of non-compliance.
And let’s not forget costs associated with non-compliance, the exorbitant fines levied on financial institutions for lapses in their compliance programs, notwithstanding the reputational risk to them – the costliest outcome of non-compliance.
Data privacy rules fueling regulatory scrutiny
GDPR has dominated the headlines for over a year now; its impact on compliance professionals has been palpable: Data privacy, particularly the ways in which Personally Identifiable Information (PII) data is handled, has changed with the implementation of GDPR. Recent cases of data breaches have further exacerbated the need for data security and privacy, with regulators adopting a more punitive approach to deal with non-compliance. As Elizabeth Denham, Information Commissioner at the UK’s Information Commissioner's Office (ICO), states, “hefty fines can and will be levied on those organizations that persistently, deliberately or negligently flout the law. Report to us, engage with us. Show us effective accountability measures.”
Compliance is coping …barely
Besides GDPR, there were other regulators acts placing demands on compliance. The survey noted 15 specific regulations in Europe and the US that were of major significance, in addition to ongoing regulatory alerts. During 2017, over 56,000 alerts were issued by over 900 regulatory bodies, averaging 153 a day.
Almost every aspect of compliance is being affected, as a result. Compliance professionals can expect more assessments, more risk management, more processes, training and reporting. Compliance would have to invest more to manage regulatory risk – survey respondents believe that costs are likely to increase by 74 percent.
The demands on compliance are not confined to meeting regulatory requirements – compliance is also expected to create and champion a culture of compliance within their organizations, which is perhaps the hardest job of all.
Technology and its attendant risks
Even as technology has eased the day-to-day of compliance, it has also created new kinds of problems. Cyber-attacks are a particularly acute concern, with a 1,700 percent rise in reports made to regulators since 2014. Indeed, the risk is so high, it’s no longer a solely IT issue anymore. As Robin Jones, head of technology, Resilience & Cyber, at the Financial Conduct Authority (FCA) – the UK body regulating the conduct of financial service firms and financial markets – states, “It needs to move into the boardroom. It needs to be understood as a significant risk to the operation of a business, its consumers and wider markets.”
Compliance needs to play its part here, ensuring that training and processes are in place and best practices are followed. After all, FIs handle valuable financial and PII data and regulators expect them to safeguard the information with the highest levels of security and compliance.
Survey respondents, however, evinced a high reliance on RegTech solutions aimed at streamlining compliance tasks, particularly those related to customer onboarding, monitoring, detection, reporting and process controls. 55 percent of the global financial institutions surveyed – the same institutions which have traditionally favored proprietary legacy technologies – stated that they would spend more time assessing RegTech and fintech solutions.
The way forward…
Compliance professionals will have no option but to bear the weight of these new requirements and expectations going forward; having said that, it’s essential to examine that these regulatory strictures serve a vital functions: Battling fraud, eliminating money laundering, terrorist financing, bribery, corruption, market abuse, and other financial misconduct. While the fight is complex and often costly, the value is vital, both in protecting consumers and the whole financial system from being manipulated by bad actors.