The cost of compliance can prove to be prohibitive unless managed pro-actively, and
efficiently. What are the imperatives for a bank to watch out for?
The top 20 global banks have reportedly paid more than €211 billion in fines, while there have been at least 40 new measures that were proposed by the European Commission since the 2008 crisis. Now, that is a number the banks need to sit up and note. Either the regulations are likely to come down, or the need to comply will become more compelling. And the tight-rope walk of managing shareholder expectations while being fully compliant with changing regulatory norms can be quite an ask. More importantly, the emerging competition for banks from market forces, is not necessarily constrained by the same regulatory compliance costs.
General Data Protection Regulation (GDPR), EU-US Privacy shield, Anti-money laundering directive (AMLD), Comprehensive Capital Analysis and Review (CCAR), FATCA, Dodd-Frank, Basel III, OFSI, International Financial Reporting Standards (IFRS) – the list of regulatory guidelines that need active monitoring and compliance has been on the rise. Banks increasingly need to watch for both the effectiveness and the efficiency of the resources deployed for compliance management. It is a delicate balance between minimising violations and fines on the one hand, versus reducing the cost associated, and the potential business opportunity loss. The cost of compliance – be it in terms of technology or people resources, or the sheer investment of time and effort – can be quite steep, if one considers the capital investments required and the costs associated with it. Here are three key imperatives that would be critical for banks to be increasingly sensitive to, as we move ahead.
Embed compliance into the process framework
The most significant cost that is incurred by banks, besides fines which may be quite hefty, is not in the investments of technology or data management, but in the staffing of the compliance function focused on audit validation and reporting. More successful banks have found a way to minimise this by integrating compliance and risk management as an integral part of the operating model.
When compliance is seen as an independent function, narrowly focused on a centralized set of risk reporting activities, without directly being engaged with the channels or customer, and focused on a select few areas of high impact, the entire framework tends to get siloed and seen as someone else’s responsibility. And that is a recipe for a massive duplication of effort and resultant compliance costs. The trick here is to embed the compliance requirements as a part of the business-as-usual (BAU) norms of the process, then make it an extra activity that’s outside the routine. This is not about just having a few checklists in every process, but ensuring that the risk and compliance consciousness is part and parcel of the operating and delivery model. This is quite akin to the health-conscious making a visit to the gym a habit - a part of the daily schedule.
Manage, harness and leverage dataAn industry estimate pegs the number of pages of regulation that global banks need to comply in 2020 at a whopping 120,000 pages. Now if we think about it, the single biggest factor that can make or break the ability to comply with any regulation is being able to record, retrieve and review data – be it that of the customer or the transaction. Non-standard data architecture and sub-optimal use of reporting applications results in reporting challenges. The granularity of the data and the ability to construct individual data elements is an essential pre-requisite to providing accurate and timely reports to the regulator. The quality of the reports produced and the speed of its delivery is positively correlated to the ability to process data efficiently, and quickly. The evolution of Regtech has been accelerated also because of the need for quick, effective and accurate reporting tools that help banks meet with compliance deadlines. The 4 key characteristics of a good Regtech being Agility, Speed, Accuracy and Interoperability.
On another note, use of data is also a pre-requisite for driving innovation and testing new ideas. However, data masking is a key factor to bear in mind with any experimentation, as the breach of data is not just a regulatory challenge, but also a huge reputational risk. We are not even talking about the cyber-attacks or data leaks – this is just about complying with regulations such as GDPR, introduced in the EU. Investing in data masking and delivery process would be important.
Imperative #3. Data, AI & Analytics: True application of digital to drive fin-tech innovation
Convert Compliance as a competitive edge
If adopted correctly, compliance could well serve as a competitive edge, and there are no surprises there if one could see this as a ‘first-mover’ advantage. Sensitivity to regulation compliance has a positive influence on process efficacy, technology effectiveness, rigour of governance and overall risk consciousness, across the organisation. And that can be quite helpful if applied constructively.
Reduction of costs in non-value adding activities that can be easily automated or reduction in duplication can help redeploy compliance resources for meaningful risk mitigation. For instance, when compliance reporting is constrained by semi-automated excel reports or error-prone manual files, it is an excellent opportunity to drive change and bring about an integrated, centralised technology solution with a long-term and holistic approach.
Banks that have embraced this principle, look to drive new ways of doing their business, with an active participatory model with the regulators, potentially having a positive influence on policy making too.
There may be an entirely different perspective to viewing the investments in compliance. In the process of building a substantial compliance and risk management framework, the opportunity loss with a sudden, unexpected impact is significantly minimised.
Pro-active approach to averting issues, if articulated well, will only enhance the valuation of any enterprise in the eyes of a shareholder, as long as it is tenable and in the realms of an acceptable order of magnitude. After all, every insurance policy does come with a premium!