The average financial firm has six lines of business to monitor, with each having their own set of goals, restrictions, and regulatory requirements.
To keep up with the rising tide of regulation, firms often have little choice but to throw more people, time, and resources at the problem, which can add up quickly. In this article, we highlight the growing costs of compliance – and non-compliance – for financial firms.
What Financial Firms Spend on Maintaining Compliance
How can one calculate the cost of compliance? One option, perhaps the most straightforward, is to look at the grand sum total for key markets in the industry. The Asian-Pacific, European, Middle Eastern and African, Latin American, and North America markets spend about $181 billion per year on maintaining financial crime compliance. That number is impressively large —even incomprehensible – but it hides the burden placed on each individual firm.
50 percent of respondents to a Risk Management Association survey said they spend 6-10 percent of their revenue on compliance costs. Large firms report that the average cost of maintaining compliance runs approximately $10,000 per employee. Global banks and large brokers that have upwards of 20,000+ employees could end up spending a staggering $200 million+ in compliance every year. While smaller firms like RIAs and broker-dealers may spend less overall, the burden of regulation can still act like a regressive tax that disproportionately eats a larger portion of their bottom line.
Though startling, even these numbers show only a static snapshot. They fail to capture the acceleration of regulatory change and the level of regulatory complexity, which have both exploded over the last decade. Regulatory change has increased 500 percent since the 2008 global financial crisis and, unsurprisingly, has heightened regulatory costs in the process. Compared to pre-crisis levels, retail and corporate banks have seen operating costs spent on compliance shoot up 60 percent.
Regulatory change has reached such a superhuman pace that many firms simply cannot keep up. Instead of making informed decisions based on a deep understanding of their specific compliance requirements, Risk and Compliance teams are too often forced to make a best guess based on a fragmented and incomplete view of their regulatory environment. However unintentional, this often leads to compliance failures and increased costs of non-compliance.
What Financial Firms Pay for Non-Compliance
The cost of non-compliance is most notoriously understood via the jaw-dropping fines issued by regulatory agencies every year. U.S. banks alone have been fined a staggering grand sum of $243 billion since 2008. s.
The pace of these fines shows no signs of slowing down.
- Between 2018 and 2019, global regulators levied a near record $10 billion worth of fines against banks.
- By summer 2020, these same regulators had already issued $5.6 billion in fines against financial institutions.
In 2019, the Securities and Exchange Commission (SEC) alone issued 862 enforcement actions, ordering those in violation to pay more than $4.3 billion combined.
But fines actually represent the smallest cost of non-compliance for firms. Over a 12-month period, the average fine for an enforcement action is $2 million, compared to the average cost of business disruption due to an enforcement action at $5 million, the average revenue lost at $4 million, and the cost of lost productivity at $3.7 million.
In total, firms spend almost $15 million on the consequences of non-compliance. That’s 2.71 times higher than what firms typically pay to stay in compliance by building strong compliance programs.
This difference, while dramatic, should not be surprising. After all, the system is designed to incentivize firms to comply or risk being heavily penalized. Therein lies the compliance conundrum: in an environment where the pace and complexity of regulation is increasing to a point where people cannot possibly keep up, how can firms expect to avoid the expensive consequences of non-compliance?
‘Expense’ does not only refer to monetary loss. The true cost of non-compliance is the reputational damage that it can cause both for your organization and your compliance personnel alike.
A study from ECGI showed that stock price reactions of negative press were 9x larger than the penalties themselves.
According to a Deloitte survey, 87 percent of executives rate reputational risk as more important than other strategic risks. These executives say that the areas of their business that were impacted the most after a negative reputational event were revenue (41 percent), loss of brand value (41 percent), and regulatory investigations (37 percent). In line with these concerns, a study from ECGI showed that stock price reactions of negative press were 9x larger than the penalties themselves.
Legislation in recent years such as the Yates Memo in the U.S., the Senior Managers Certification Regime (SMCR) in the U.K., and the Banking Executive Accountability Regime (BEAR) in Australia have made it clear that senior executives can be held personally liable if their firm is found to be non-compliant.
READ ARTICLE: The Evolution of Personal Liability
Preparing for the Next Normal
As financial firms prepare for whatever the future might hold, many will be looking to trim costs wherever they can. Yet in one department — Risk and Compliance — costs are clearly continuing to rise. As Boards continue to scrutinize compliance even further, businesses should consider the right balance of people, process and technology that will allow them to make the most of their resources.
READ ARTICLE: How Ascent Helps Financial Firms Slash Compliance Costs