When we discuss compliance costs, we are really making the distinction between two types of costs:

1. The cost of compliance, which is the amount that firms spend to manage their compliance programs, and

2) the cost of non-compliance, which is the consequence of failure to comply (and which is not always monetary).


The Cost of Compliance

The financial industry (as a whole) spends roughly $270 billion per year on maintaining compliance. According to a benchmark study conducted by Ponemon Institute, the significant costs associated with compliance fall into the following categories.

65% of compliance costs are directly (or indirectly) related to enabling security technologies, which shows that organizations are increasing expenditures across the board on tech infrastructure. This trend is also reflected in the report which highlights a 36% increase in compliance tech investments between 2011 and 2017.

The financial industry averages the highest cost-per-category, spending $30.6 million on compliance in 2017, with Energy & Utilities ($24.8 million) and Transportation ($24.3 million) following not too far behind. Given the relatively high number of regulatory bodies that financial firms are required to comply with (12 on average), this figure will grow year-over-year without strategic technology integrations.

To frame these costs another way — firms spend approximately $10,000 per employee on compliance — if we do the math, that means that larger institutions (i.e. global banks, large brokers, etc.) with 20,000+ employees are potentially looking at $200 million in compliance costs per year!

Smaller firms (fewer than 5,000 employees) may spend less overall, but their costs are often higher per employee due in part to the fact that they lack the resources to implement massive tech infrastructure more prevalent in large firms that becomes more cost effective at scale.

RegTech as a Cost-Cutting Opportunity

To reiterate, financial firms are spending more every year on specialized technology. As compliance costs continue to increase, financial institutions are investing immediate capital in long-term cost-cutting solutions like regtech, illustrating an industry shift in the ways that firms are approaching technology to introduce sustainable regulatory process changes into their ecosystems.

The Cost of Non-Compliance

Failure to comply presents a range of consequences that include both monetary and non-monetary costs. Fines — while the most obvious and public — actually represent the smallest cost when compared to:



Then, there are the non-monetary costs:

  • Reputation damage: Because enforcement actions are generally made public, failure to comply can result in serious reputation damage, negatively spotlighting your firm to both customers and competitors. This concern looms large as media scrutiny continues to grow.
  • Personal liability: Regulatory bodies are increasingly targeting individuals, including compliance executives and CEOs. These liabilities are far-reaching, and laws (like the Park doctrine) can result in civil fines and even jail time. In 2018, the NFA’s work with the FBI, USPS, and CFTC led to significant prison sentences for nearly 30 individuals, including sentences of more than 20 years.


An important takeaway is that the costs of non-compliance are 2.71 times the costs of compliance — meaning it’s far more cost effective in the long run to invest in a strong compliance program. 


Ascent helps customers automate and manage their compliance programs through a simple-to-use, cloud-based platform powered by Regulation AI. We help you reduce risk, control costs, and achieve total confidence in your compliance program.


Leave a Reply