As a leader of a critical business function, you’re always curious about how peer firms are faring in the current environment. That’s not just your competitive drive talking—knowledge of peers’ performance helps benchmark your own.
It’s instructive to see how peers are handling today’s hot-button issues facing financial firms, including the growing volume and velocity of regulation, the challenge of efficiently addressing data and privacy concerns, and managing Know Your Customer (KYC) obligations.
1) Increasing regulation: RegTech vs headcount
The financial services regulatory burden has exploded since the 2008 financial crisis. More rules impose more obligations that change more frequently. Unfortunately, the cost of compliance has grown alongside the regulatory explosion.
How are peer organizations handling regulatory growth?
Firms face the choice of prioritizing compliance above activities that might be more profitable or strategic, or investing in compliance infrastructure on the front-end to save time and money on the back-end.
The first option means devoting more time and personnel to the time-consuming and error-prone manual process of reviewing reams of regulatory text to a) identify what rules actually apply to your business, and b) what your specific obligations are under any new or changed rule.
Unfortunately, hiring extra staff and/or outside consultants and attorneys often feels like an unrecoverable cost with little strategic value. Extra bodies do not reduce the regulatory load. They just lighten that load for a time (until regulatory complexity outpaces compliance capacity again) and simultaneously increase costs. It’s just not scalable. There’s a limit to the additional heads you can add before the efficiency and profitability bite becomes too painful to bear.
In contrast, other peer firms invest in RegTech solutions with an eye to digitally transform their compliance operations and automate regulatory processes.
Instead of throwing more humans at the problem, these firms leverage technology to handle the more time-intensive and error-prone compliance tasks. Purpose-built RegTech tools can streamline compliance by reading, parsing, and summarizing millions of pages of regulatory text, freeing risk and compliance personnel for more strategic tasks.
The time and cost-savings can be extraordinary. It can take good RegTech tools a few minutes to parse a 15-page regulation, identify whether it’s relevant to your business, and pull from it your specific obligations—plus tell you how the obligation impacts your business. That work might take humans hours, and always with the risk of human error.
2) Data privacy and security concerns lead to compliance “overkill”
As technology alters how financial markets operate, firms confront the growing risk of digital security lapses, malicious intrusions, and data theft. Of course, regulations are issued to ensure firms adequately manage these risks.
Your peers have responded to the new data privacy and security rules in a couple of ways. First, quite sensibly, they hire experts who understand the digital challenges their firms face and have experience handling them cost-effectively. This entails developing rock-solid procedures and digital controls detailing the who/what/when/where/why/how of ensuring data privacy and responding to data breaches.
However, that’s only half the battle. Part of the experts’ task is to ensure data privacy and security processes align with the latest regulations. To do that, firms must know the latest rules, regardless of how often or radically they change.
Your most efficient peers embrace a central, enterprise-wide, continually updated source of compliance truth—from US rules to the EU’s GDPR. This central repository for all enterprise regulatory obligations ensures that security teams and compliance teams are singing from the same song sheet, efficiently coordinating cross-departmental policies and procedures. This alignment helps teams identify the most cost-effective and efficient means of ensuring security and compliance, while guaranteeing that you’re responding only to relevant obligations instead of laboring under stricter guidelines than necessary.
3) Know your customer (KYC) point solutions help deter bad actors
Anti-money laundering (AML) and anti-bribery statutes have made KYC part of the financial industry’s primary lexicon. As capital flows become ever-more global and interconnected, firms run a growing risk of falling prey to bad actors seeking to exploit lax KYC practices.
Fortunately, this is where KYC-focused RegTech innovations shine. There are multiple, high-quality KYC vendors drawing on massive databases of information to explore and uncover beneficial owners, suspect transaction histories, and opaque ownership structures. Akin to the security scenario, however, a central source of regulatory compliance information can be crucial for KYC. In this instance, it facilitates the coordination between onboarding and compliance teams that ensures maximum onboarding efficiency plus compliance with all applicable regulations. This even extends beyond financial institutions now that financialized large corporations are also subject to AML and KYC rules.
Historically, the responsibility for compliance with expanding regulatory requirements lay primarily with financial institutions. In recent years, however, financialized large corporations have been taking on similar regulatory obligations. This has created particular challenges in the area of onboarding. Companies not only need to verify client identities and comply with anti-money laundering (AML) and know-your-customer (KYC) standards, but also ensure that they’re meeting industry-specific regulatory demands. And as regulatory frameworks continue to evolve, so has the onboarding process evolved from an initial client assessment to an ongoing activity, where best practices include continuous monitoring and real-time risk detection.
Your peers support KYC compliance programs by making it easy for vendors and their clients to stay on top of the latest relevant KYC obligations in multiple jurisdictions, which is a critical part of choosing the best tools for your organization.
By automating and streamlining the task of staying current on changes to KYC rules, you help ensure your firm avoids onboarding suspect accounts. However, should a bad actor slip through, a centralized, continually updated source of regulatory truth, tied to your internal policies and controls, can demonstrate to investigators that it happened despite total compliance with applicable regulations, rather than as a result of compliance failure.
