February 15, 2018
Five financial institutions know how much misconduct costs like no other. Bank of America, JP Morgan Chase, Morgan Stanley, RBS, and Lloyds Banking Group altogether paid close to $200 billion in fines in a four-year period of 2012-2016. In the same period, the cost of misconduct for 20 largest global banks hit $359 billion, signifying a 32% growth over the same cost in the period of 2008-2012.
Over the course of decades of operations and fine payouts, it became obvious that existing compliance practices cannot effectively dodge the bullet, no matter how much is invested in the legal/compliance departments. In fact, on average, financial institutions have 10–15% of their staff dedicated to compliance, but billions are still paid for missteps. Globally, around $80 billion is spent on governance, risk & compliance, and the market is only expected to grow, reaching $120 billion in the next four years.
Over time, the regulatory environments get even more complex – over 300 million pages of regulatory documents will be published by 2020 and over 600 legislative initiatives need to be cataloged by a medium-sized sell-side institution in order to have a holistic view of their rulebook.
Compliance costs for financial institutions amount to substantial parts of total expenses, with a negative correlation between the size of the institution and the percentage of total costs. While banks with assets ranging from $1 billion to $10 billion reported total compliance costs averaging 2.9% of their non-interest expenses, banks with less than $100 million in assets reported costs averaging 8.7% of their non-interest expenses.
Despite obvious obsolescence of the existing approach to compliance, emerging technologies, and ecosystems – there is a wide variety of RegTech startups building next-gen solutions – there is work to be done by all parties to accelerate the adoption of more efficient systems. That requires standardization of data, recording, storage & management systems, cooperation between jurisdictions on regulatory environments, and standardization of requirements for IT infrastructure and its updates.
Furthermore, we will review some of the key challenges faced by institutions, regulators, and the ones coming from the tech ecosystem that inhibit the adoption of advanced solutions to a highly complex and inefficient approach to how diverse ecosystems tackle compliance.
Current AML procedures and fraud monitoring systems are as disparate as compliance reporting. Professionals suggest that coordinated or centralized surveillance could significantly improve efficiency and effectiveness in recognizing suspicious trades.
Progress in this area will require the authorities to address current obstacles to the sharing of suspicious transaction reporting (STR) customer information, and other information that would be useful to more effective AML, CTF, and sanctions compliance.
There is a need for more industry collaboration on analytics to identify and report suspicious transactions for AML/CTF and sanctions compliance, and for an improvement in pattern recognition across institutions. – IIF
Confidentiality of data mounts above regulatory reporting, imposing significant hurdles in adopting new technologies and solutions. Changing reporting mechanisms institution-wide (and industry-wide) largely depends on how it affects data privacy.
With any compliance solution, financial institutions must prioritize protecting the confidentiality of clients’ data and ensure security when transferring that data.
According to IIF, legislations and regulations on data are important to protect the privacy of individuals and assure the appropriate use of sensitive or personal information. At the same time, restrictions on the ability to use data across national borders may impact the ability of financial institutions to rely on big data or advanced analytics solutions.
Policymakers should continuously reassess the impacts of technological developments on data security and privacy, ensuring that regulations strike an appropriate balance between protecting privacy and security, and effective data use. Removing the existing legal and regulatory impediments to the sharing and use of data for regulatory purposes should be a priority.
According to the Institute of International Finance, a lack of data standardization and harmonized definitions of key reporting concepts impedes the aggregation of risk data in FIs from across subsidiaries and geographies.
Definitions of data and key regulatory concepts differ widely internationally, be it in payments systems or in regulatory frameworks, even though certain regulatory regimes are negotiated at the international level. This complicates the aggregation of data originating in multiple jurisdictions at an enterprise level, whether by automation or manually. Importantly, the heterogeneity of national requirements and regulations makes it unattractive to develop solutions that cover national regulatory requirements unless the developer reaches a critical mass.
IIF emphasizes that the diversity of data standards and definitions remain an issue and the stability & efficiency of the global financial system can benefit from harmonization initiatives at an international level. Moreover, as technology and data management requirements change over time and across jurisdictions, it’s equally important to move towards standardization of those data requirements that have been well-established in practice while still keeping a more open approach to new data concepts.
Deloitte’s 2018 Banking Regulatory Outlook recommends that financial institutions implement standard frameworks, policies and procedures, methodologies, and approaches. Institutions need to optimize and standardize activity execution and oversight (e.g., risk assessment, taxonomies) as well as standardize supporting tools, technology, and deployment.
The RegTech ecosystem has a role to play in transforming how compliance is handled by all parties involved. The disparity of standards cannot resolve the complexity and inefficiency unless the technological answer is as complex and non-integrated as the question.
Hundreds of startups offer patch solutions to comprehensive problems, but for the compliance business to change, the startup ecosystem has to offer a unified and standardized way of addressing disparity and complexity of the regulatory environment.
It is likely that the startup ecosystem will go through a curation phase in the next few years, where the vast majority will fall victim to consolidation (M&A, shutdowns, acqui-hires, etc.). The consolidation of resources (financial, talent, technology, and ideas) in the startup environment will balance the market. It will also bring out the best the market can offer, with a very limited number of companies moving towards standardization of the supply side.
What are other challenges in RegTech implementation for financial institutions? Share your opinion, send an email to elena@gomedici.com.