The Compliance Conundrum
Given the growing volume and velocity of regulation, how can financial firms stay in compliance while balancing budgets and resources?
Here we review the state of compliance today, the role of the modern compliance officer, and how technology is emerging as no longer a nice-to-have, but a necessity.
COVID-19: Compliance in a global pandemic
In early 2020, one of the longest bull markets on record finally came to an end. Unsettled by the COVID-19 pandemic and with large swaths of the population being forced into social distancing practices, the global economy slowed to a putter and markets plunged into bear market territory.
Financial institutions of all sizes are still trying to adapt, especially as regulators continue to impose even more rules and expectations on businesses in light of global health concerns. Today, corporate executives view over-regulation as the largest threat to business growth, according to PwC’s Annual CEO Survey. Since the 2008 financial crisis, regulatory rule changes have increased by 500 percent, leaving Risk and Compliance professionals struggling to keep pace with fewer resources and tighter budgets. The challenge of untangling complex regulation in a rapidly changing world is further exacerbated by the rise of personal liability for Compliance and other executive leaders in recent years.
Regulatory challenges: complexity and confusion
The average financial firm has six lines of business to monitor, with each having their own set of goals, restrictions, and regulatory requirements. At the federal level alone, the average U.S. bank has upwards of five regulatory agencies to keep track of; add international, state and local legislation and, very quickly, firms are left staring boggle-eyed at a regulatory morass.
Even with only a handful of regulators and a couple of business lines, Risk and Compliance teams are contending with hundreds to thousands of pages of dense regulatory text. Traditionally, firms have used a mix of in-house compliance staff and outsourced resources like consultants or lawyers to analyze this text and determine which obligations are actually applicable to the business.
Based on Ascent’s internal analysis conducted with natural language processing tools, only about 35 percent of any given regulation contains an actual obligation (i.e. the individual action imposed on a business). The remaining 65 percent is made up of non-obligations such as definitions and clarifications. What these numbers indicate is that firms spend a tremendous amount of time sifting through irrelevant information to get to the regulatory intelligence they need.
Cost of compliance: more spend, same results
To keep up with the rising tide of regulation, firms often have little choice but to throw more people, time, and resources at the problem. In 2020, more than a third of financial firms report outsourcing some or all of their compliance activities, a slight increase from 2019. At the same time, 60 percent of firms expect their in-house compliance teams to either stay the same or shrink.
Striking the right balance of in-house staff, outsourcing, and technology continues to rise as a top challenge for corporate executives and boards – and the reason why is clear. The process of complying with financial regulation costs more than ever— a reality that’s forcing businesses to choose between their compliance needs and their budgets.
On top of the costs of operating an effective compliance operation are the rising costs of fines, penalties, and other supervisory actions incurred from non-compliance. In 2019, the Securities and Exchange Commission (SEC) alone issued 862 enforcement actions, ordering those in violation to pay more than $4.3 billion combined.
While large penalties can and do shock the industry, smaller infractions — though not often cited in the press – can add up quickly to create a major dent in a company’s bottom line. One Ascent customer — a global bank — shared that remediating MRAs and MOUs costs the business upwards of $1 million apiece.
A day in the life of a Compliance Officer
How are Risk and Compliance teams handling these challenges? While processes naturally vary from business to business, compliance work takes a similar shape across most financial institutions.
By and large, those who operate within this critical function are responsible for establishing frameworks and standardizing how the firm assesses regulatory developments to ensure consistency and accountability across all in-scope regulators and jurisdictions. Day-to-day, compliance personnel may:
- Read and analyze laws, rules, and regulations to determine the firm’s obligations (may be outsourced)
- Monitor the regulatory horizon for new rules or amendments to existing rules, followed by applicability analysis (again, this may be outsourced)
- Plan and coordinate next steps to manage the required change
- Manage working groups or projects to implement the change
- Conduct end-to-end tracking, which involves the full lifecycle of the regulatory development and a smooth transition to “business-as-usual”
- Provide a line of sight of the global regulatory landscape impacting the line of business and/or enterprise
- Deliver metrics and the status of the end-to-end regulatory change process
- Coordinate with Executives, General Counsel Office, Compliance, Risk, Audit, and the Lines of Business to ensure firm-wide compliance
The first two points above — identifying the obligations and ongoing rule changes that apply to the business — take up only a small portion of this list but in fact represent a massive effort. Before Compliance can even begin on the remainder of this list, hundreds of hours are spent per regulation in reading the laws and scouring multiple online sources for relevant regulatory updates.
This process – sometimes referred to as regulatory mapping — is a complex rigamarole of rulebooks, newsfeeds, email alerts, lawyers/consultants, and excel spreadsheets. The consequences of such a fragmented and manual process? — High compliance costs and greater likelihood of human error leading to increased risk to the business. Unfortunately – and unfairly – Risk and Compliance personnel often find themselves facing both the fear and the fallout of a potential missed obligation.
RegTech rising: a step change for modern compliance
The challenges faced by the modern compliance officer have brought to bear a booming new industry – RegTech. Though relatively young, RegTech is maturing rapidly.
The goal of RegTech in financial services is to expand a compliance team’s capabilities, lower costs, and ultimately reduce the severity and frequency of supervisory actions within a regulated business. As regulation continues to grow, the businesses that proactively implement technology to lighten the compliance burden will be the ones poised for greater success in an increasingly competitive environment.
Learn why financial firms choose Ascent to automate the most tedious parts of regulatory compliance.
Read about how firms like yours used Ascent to significantly reduce their regulatory and reputational risk.