Three imperatives for managing the cost of compliance


The cost of compliance can be prohibitive if not managed proactively and effectively. What are the imperatives to watch out for for a bank?

The world’s top 20 banks have reportedly paid more than € 211 billion in fines, while at least 40 new measures have been proposed by the European Commission since the 2008 crisis. Now that is a number that banks owe sit down and write down. Either regulations are likely to fall, or the need to comply will become more pressing. And the tightrope walk of managing shareholder expectations while fully complying with changing regulatory standards can be a real challenge. More importantly, the emerging competition for banks from market forces is not necessarily limited by the same regulatory compliance costs.

General Data Protection Regulation (GDPR), EU-U.S. Privacy Shield, Anti-Money Laundering Directive (AMLD), Comprehensive Capital Analysis and Review (CCAR), FATCA, Dodd-Frank, Basel III, OFSI , International Financial Reporting Standards (IFRS) – the list of regulatory guidance that requires active oversight and compliance is growing. Banks increasingly need to monitor both the effectiveness and efficiency of the resources deployed for compliance management. This is a delicate balance between reducing infractions and fines on the one hand, and reducing the associated costs and potential loss of business opportunities. The cost of compliance – whether in terms of technology or human resources, or the simple investment of time and effort – can be quite high, considering the capital investments required and the costs associated with it. . Here are three key imperatives that banks should be increasingly sensitive to as we move forward.

Imperative # 1. Integrate compliance into the process
The biggest cost to banks, aside from fines that can be quite steep, is not investing in technology or data management, but staffing the compliance function focused on validation and accountability. audit reporting. Top performing banks have found a way to minimize this by making compliance and risk management an integral part of the operating model.
When compliance is viewed as an independent function, narrowly focused on a centralized set of risk reporting activities, without being directly engaged with channels or the customer, and focused on a few selected high impact areas, the entire framework tends to be siled and seen as someone else’s responsibility. And that’s a recipe for massive duplication of effort and the resulting compliance costs. The trick here is to embed the compliance requirements as part of the business-as-usual (BAU) standards of the process, and then make it an additional activity out of the routine. It’s not just about having a few checklists in every process, but making sure that awareness of risk and compliance is an integral part of the operating and delivery model. It is very much like worrying about your health to make a visit to the gym a habit – part of your daily schedule.

Imperative # 2. Manage, exploit and exploit data
An industry estimate puts the number of regulatory pages that global banks must comply with by 2020 at 120,000 pages. Now, if we think about it, the most important factor that can make or break the ability to comply with any regulation is being able to record, retrieve, and review data – whether it’s the customer or the customer. transaction. Non-standard data architecture and suboptimal use of reporting applications lead to reporting problems. Data granularity and the ability to construct individual data elements is an essential prerequisite for providing accurate and timely reporting to the regulator. The quality of reports produced and the speed of their delivery are positively correlated with the ability to process data efficiently and quickly. Regtech’s evolution has also accelerated due to the need for fast, efficient and accurate reporting tools that help banks meet compliance deadlines. The 4 key characteristics of a good Regtech are agility, speed, precision and interoperability
Unfortunately, most banks tend to view compliance reporting as an independent action of a tactical circumvention model of a “one-stop-shop” to meet an immediate reporting requirement, and then develop a holistic approach focused on them. data. Multiple solutions would not only create duplication of data stores, systems, and documentation, but also lead to multiple “sources of truth”, which is precisely the root cause of compliance nightmares. The bottom line, therefore, is to ensure that there is greater attention to ensuring the robustness of a unified data framework throughout the value chain – from the point of its capture to the end. place where it is operated.
In another register, the use of data is also a prerequisite to stimulate innovation and test new ideas. However, data masking is a key factor to keep in mind during any experimentation, as data breach is not only a regulatory challenge, but also a huge reputational risk. We’re not even talking about cyber attacks or data breaches – it’s just about complying with regulations like GDPR, introduced in the EU. It would be important to invest in data masking and the delivery process.

Imperative # 3. Convert compliance into a competitive advantage
If enacted correctly, compliance could well serve as a competitive advantage, and it is no surprise that this could be seen as a “first-mover advantage”. Sensitivity to regulatory compliance has a positive influence on process efficiency, technology efficiency, governance rigor, and overall risk awareness across the organization. And it can be very useful if it is applied constructively.
Reducing costs in non-value-added activities that can be easily automated or reducing duplication can help redeploy compliance resources for meaningful risk mitigation. For example, when compliance reporting is constrained by semi-automated Excel reports or error prone manual files, this is a great opportunity to drive change and deliver an integrated, centralized technology solution with a long-term approach. term and holistic.
Banks that have embraced this principle seek to embrace new ways of doing business, with an active participatory model with regulators, which can also have a positive influence on policymaking.
There can be a whole different perspective to looking at investments in compliance. In the process of building a substantial compliance and risk management framework, the loss of opportunities with sudden and unexpected impact is significantly minimized.

A proactive approach to avoiding problems, if well articulated, will only improve the valuation of any company in the eyes of a shareholder, as long as it is tenable and in areas of an acceptable order of magnitude. After all, every insurance policy comes with a premium!


Comments are closed.