Update: how banks can manage regulatory change

In February 2019, we published a report exploring how banks could efficiently manage compliance in the face of accelerating regulatory change. One year on, we reflect on how the landscape has evolved.

In February 2019, we published a report in collaboration with Medici exploring how banks could efficiently manage compliance in the face of accelerating regulatory change. One year on, we reflect on how the landscape has evolved.

The accelerating pace of regulatory change

Regulatory environments globally are becoming increasingly complex – 300+ million pages of regulatory documents were published by 2020 and 600+ legislative initiatives need to be catalogued by a medium-sized, sell-side institution to have a holistic view of their rule book.

Global financial institutions must diligently monitor and implement change in three regulatory clusters: financial stability, prudent operations, and resolution. The flood of revisions averages 220 per day – more than three times the rate in 2011. Thomson Reuters’ Cost of Compliance 2019 Report found that 65% of firms expect the cost of senior compliance staff to increase, down from 66% in 2018 – but up from 60% in 2017. Around two-thirds (63%) of firms expect the total compliance budget to be slightly or significantly more over the next year – another increase from last year (61%) and a significant rise from 2017 (53%).

Globally, banks are spending more than $270 billion a year on compliance and regulatory obligations. However, 59% of firms expected the size of their compliance teams to stay the same over 2019. This bucks the trend of recent years in which it has been generally anticipated that teams will grow. In fact, 3% of firms anticipated that their compliance team would shrink over 2019. It might be suggested this is slowdown is the result of increased tech, which automates procedures that might previously have been done by a number of employees: RegTech is expected to make up around 34% of all regulatory spending.

Overall, compliance costs for financial institutions amount to a substantial proportion of total expenses. In 2018, for banks with assets ranging from $1 billion to $10 billion, total compliance costs were averaging at 2.9% of their non-interest expenses; for banks with less than $100 million in assets, the costs were averaging at 8.7% of their non-interest expenses. For some banks, it takes up to $4 billion a year to cover demands ranging from anti-money laundering checks, to requirements to give more data to regulators for stress tests. By 2018, The Dodd–Frank Wall Street Reform and Consumer Protection Act had already cost banks $36 billion in 2016, with MiFID II costing €2.5 billion in 2017.

By 2021, regulatory costs are expected to rise from 4% to 10% of revenue, driven primarily by the sheer volume of regulations – each week sees an average of 45 new regulatory-related documents issued. The impact of this change on information governance in a financial institution is profound across all stages – data collection, data processing, data sharing, and data security.

The pressure of enforcement

As global regulatory environments become increasingly complex, strict enforcement of new and updated guidelines leads to a highly prohibitive cost of even the simplest misstep, not to mention misconduct. An estimate by BCG in its Global Risk 2019 report, estimates that the cumulative penalties imposed since 2009 rose to $372 billion by the end of 2019, up from $327 billion in 2018 and more than $50bn than in 2016. About 74% of compliance and risk practitioners expected that personal liability costs would rise in 2019, and it is highly likely that number will be significantly higher in 2020 given the number of fines issued to senior-level employees by US regulators in the past few months.

Financial risks alone associated with failure to adequately address regulatory requirements called for a change in the way financial services firms manage their compliance obligations and practices. Rob Fulcher, a recognized professional with 20+ years in the compliance and risk industry, explains the need for progression from manual data governance to sophisticated automation, leveraging technology made available by RegTechs.

“There is a huge responsibility now on the shoulders of regulatory professionals to stay up-to-date with regulatory change, be it proposed, upcoming or effective, and ensure their organization stays compliant. Pre-2008, it was an easier task for compliance, and certainly an easier task to accomplish manually. With less regulation, less volume of change, and less expectation from regulators, firms could afford to manually monitor regulators’ websites and publications to review the change and determine applicability. Typically, the change was recorded in spreadsheets and distributed to stakeholders for review of policies, controls, and risk – a clunky workflow but commonly used during a time of less regulatory scrutiny. However, after uncovering the regulatory failures of 2008, a tsunami of new regulations flooded the industry and very quickly the volume surpassed the individual or team capacity of monitoring change manually, as well as the limitations of static spreadsheets. Of course, it’s also difficult to retrospectively present a good audit trail for the steps compliance took when using spreadsheets and outlook.

I think it’s fair to say that compliance and risk professionals initially suffered because of a lack of information, service, and dedicated solutions to help support their challenge, but with the emergence of purpose-built RegTech firms over the last five years and a better understanding of how to properly leverage AI, machine learning, and natural language processing (NLP) within compliance, there are now excellent options available to the market, helping to improve operational and commercial efficiencies. Importantly, this use of technology helps to free-up compliance from the laborious task of scouring regulatory websites and instead, allows them to take on more high-value tasks, such as implementing change.

In short, I think it’s become very evident that technology is playing a critical and influential role in effective compliance management. I believe we’ll see this trend and dependence continue to grow in the years to come.” – Rob Fulcher, Head of Americas, CUBE

Since 2008, many of the largest financial institutions increased their compliance staff 10X, yet are still consistently falling foul of the regulators, incurring fines. However, analysts often spend 90% of their time only on data collection and organization, and only 10% on data analysis – an archaic disparity in talent and intelligence allocation, leading to mistakes.

Fulcher explains that while a number of large global banks have significantly increased the size of their compliance teams, manual processes are not scalable and sustainable anymore – banks can only go so far with throwing more people at a problem before they really need to automate the processes to make them more efficient.

“If you look at the patterns in 2008, it was very reactive. Financial institutions increased their compliance costs and increased their compliance resources, but the volume of regulations just kept on coming, and you can’t just keep throwing people at the problem – that in itself introduces risks and inefficiencies. With technology, you can improve operational and commercial efficiencies.”

How banks can effectively manage regulatory changes

Over a decade later, it’s clear that manual processes are not only expensive and slow, but unable to provide the degree of regulatory intelligence required to tell organizations which regulations are relevant to their business, and how to avoid compliance gaps. If manual processes were effective, enforcement fines would not have exceeded $350 billion in the last six years.

Meanwhile, investments in regulatory software can lead to an ROI of 600% or even more with a payback period of fewer than three years, according to 2018 estimates.

One of the first-founded RegTech companies to recognize how extensive and voluminous regulatory requirements would become is CUBE. The company offers an enterprise-scale platform that operates throughout the compliance lifecycle to continuously monitor regulatory change, alert compliance and risk practitioners of the changes that impact the business and enable rapid remediation to reduce compliance risk.

Currently, more than 1.5 million staff in 180 countries are consuming regulatory intelligence and managing regulatory change initiatives that are powered by CUBE. The platform delivers value to regulated financial institutions based on a four-step methodology from monitoring compliance status and managing regulatory change.

The 4-step methodology allows institutions to not only capture the regulatory change but provides the regulatory intelligence and analytical capabilities to understand the impact of regulatory change on a particular business.

CUBE is the only RegTech company to deliver a fully automated regulatory intelligence and change platform that spans the entire end-to-end compliance lifecycle, across all jurisdictions, lines of business, and product types.

Financial institutions are utilizing CUBE to automate the regulatory change management process typically to replace complex, interwoven manual processes that are time-consuming, costly, and reactive. Since CUBE’s customers operate in up to 180 jurisdictions, it requires a team of highly qualified regulatory professionals manually identify relevant regulatory changes, the applicability, as well as the associated policies and controls impacted by the change.

“Regulatory compliance is mission-critical, and no bank can afford to get it wrong. The financial impact is pervasive. Failure to perform results in crippling enforcement fines, damaged reputation, lost customers & revenues, and depressed stock values. The most effective damage limitation strategy is to leverage cognitive technologies to manage regulatory change at enterprise scale, and to view life as a three-way partnership between your financial institution, your RegTech provider and the regulators.” – RegTech 2019 – What’s on the horizon? by Ben Richmond, Founder & CEO, CUBE.