Three imperatives to manage the cost of compliance

The cost of compliance can prove to be prohibitive unless managed pro-actively, and efficiently. What are the imperatives for a bank to watch out for?

The top 20 global banks have reportedly paid more than €211 billion in fines, while there have been at least 40 new measures that were proposed by the European Commission since the 2008 crisis.

Now, that is a number the banks need to sit up and note. Either the regulations are likely to come down, or the need to comply will become more compelling. And the tight-rope walk of managing shareholder expectations while being fully compliant with changing regulatory norms can be quite an ask. More importantly, the emerging competition for banks from market forces is not necessarily constrained by the same regulatory compliance costs.

General Data Protection Regulation (GDPR), EU-US Privacy shield, Anti-money laundering directive (AMLD), Comprehensive Capital Analysis and Review (CCAR), FATCA, Dodd-Frank, Basel III, OFSI, International Financial Reporting Standards (IFRS) – the list of regulatory guidelines that need active monitoring and compliance has been on the rise. Banks increasingly need to watch for both the effectiveness and the efficiency of the resources deployed for compliance management. It is a delicate balance between minimising violations and fines on the one hand, versus reducing the cost associated, and the potential business opportunity loss. The cost of compliance – be it in terms of technology or people resources, or the sheer investment of time and effort – can be quite steep, if one considers the capital investments required and the costs associated with it. Here are three key imperatives that would be critical for banks to be increasingly sensitive to, as we move ahead.

Imperative #1. Embed compliance into the process framework
The most significant cost that is incurred by banks, besides fines which may be quite hefty, is not in the investments of technology or data management, but in the staffing of the compliance, function focused on audit validation and reporting. More successful banks have found a way to minimize this by integrating compliance and risk management as an integral part of the operating model.

When compliance is seen as an independent function, narrowly focused on a centralized set of risk reporting activities, without directly being engaged with the channels or customer, and focused on a select few areas of high impact, the entire framework tends to get siloed and seen as someone else’s responsibility. And that is a recipe for a massive duplication of effort and resultant compliance costs.

The trick here is to embed the compliance requirements as a part of the business-as-usual (BAU) norms of the process, then make it an extra activity that’s outside the routine. This is not about just having a few checklists in every process, but ensuring that the risk and compliance consciousness is part and parcel of the operating and delivery model. This is quite akin to the health-conscious making a visit to the gym a habit – a part of the daily schedule.

Imperative #2. Manage, harness and leverage data
An industry estimate pegs the number of pages of regulation that global banks need to comply within 2020 at a whopping 120,000 pages. Now if we think about it, the single biggest factor that can make or break the ability to comply with any regulation is being able to record, retrieve and review data – be it that of the customer or the transaction. Non-standard data architecture and sub-optimal use of reporting applications result in reporting challenges.

The granularity of the data and the ability to construct individual data elements is an essential prerequisite to providing accurate and timely reports to the regulator. The quality of the reports produced and the speed of its delivery is positively correlated to the ability to process data efficiently, and quickly.

The evolution of Regtech has been accelerated also because of the need for quick, effective and accurate reporting tools that help banks meet compliance deadlines. The 4 key characteristics of a good Regtech being Agility, Speed, Accuracy and Interoperability.

Unfortunately, most banks tend to see compliance reporting as an independent action from a tactical workaround model of a “point solution” to address an immediate reporting requirement, then developing a holistic data-oriented approach. Multiple solutions would not only create duplication of data stores, systems and documentation but also result in multiple “sources of truth” which is precisely the biggest cause of compliance nightmares. The critical takeaway, therefore, is to ensure there is a higher focus to ensure the robustness of a unified data framework across the value chain – from the point of its capture to where it gets harnessed.

On another note, the use of data is also a pre-requisite for driving innovation and testing new ideas. However, data masking is a key factor to bear in mind with any experimentation, as the breach of data is not just a regulatory challenge, but also a huge reputational risk. We are not even talking about the cyber-attacks or data leaks – this is just about complying with regulations such as GDPR, introduced in the EU. Investing in data masking and the delivery process would be important.

Imperative #3. Convert Compliance as a competitive edge
If adopted correctly, compliance could well serve as a competitive edge, and there are no surprises there if one could see this as a ‘first-mover advantage. Sensitivity to regulation compliance has a positive influence on process efficacy, technology effectiveness, the rigour of governance and overall risk consciousness, across the organization. And that can be quite helpful if applied constructively.

Reduction of costs in non-value-adding activities that can be easily automated or reduction in duplication can help redeploy compliance resources for meaningful risk mitigation. For instance, when compliance reporting is constrained by semi-automated excel reports or error-prone manual files, it is an excellent opportunity to drive change and bring about an integrated, centralized technology solution with a long-term and holistic approach.

Banks that have embraced this principle, look to drive new ways of doing their business, with an active participatory model with the regulators, potentially having a positive influence on policymaking too. There may be an entirely different perspective to viewing the investments in compliance. In the process of building a substantial compliance and risk management framework, the opportunity loss with a sudden, unexpected impact is significantly minimized.

Pro-active approach to averting issues, if articulated well, will only enhance the valuation of any enterprise in the eyes of a shareholder, as long as it is tenable and in the realms of an acceptable order of magnitude. After all, every insurance policy does come with a premium!