Senior Manager, Regulatory Change & Compliance ,
In this series of articles, Synechron will examine the topic of Digital Compliance. We will get behind the jargon and technical terminology and explain, with practical use cases, the value technological advances in natural language processing, machine learning, data analytics, and distributed ledgers such as blockchain can bring to regulatory compliance. We will provide a practical framework to assist business users in identifying the scenarios where the use of Digital Compliance may be value-adding. Furthermore, we will provide a high-level guide of how to approach the task of digitally transforming the compliance process.
This first article sets out some key challenges and pain points currently impacting compliance processes, which Synechron clearly sees from engaging with its clients globally. The following articles will demonstrate ways in which financial institutions can use digital transformation of their compliance processes to address their key challenges. At all times, the focus is on ensuring that the application of RegTech technological solutions can be demonstrated to be value-adding, from a compliance operating model perspective.
Next to the term RegTech, the term ‘Digital Compliance’ has been steadily gathering attention. But what exactly is the difference between these two?
Let’s start with RegTech. Given the wide usage of the term RegTech, and its self-evident ‘buzzword’ status, most business users recognize that RegTech refers to ways in which new technologies can be applied to regulatory processes -- modernizing or transforming them. In general, we observe that the term RegTech is used for addressing a single regulatory challenge with emerging technology solutions – e.g., solutions using advanced analytics to discover potential cases of money laundering. RegTech is derived from FinTech, a broader, parent term, which captures the way new technologies can be applied to an array of traditional financial services processes.
Digital Compliance as a term, has only surfaced more recently. We see Digital Compliance as a term that is indicative of a much broader concept, looking not only at a point solution for a specific regulatory challenge, but rather looking at the complete compliance journey. Digital Compliance does not stop at the mere introduction of a RegTech solution, but also encompasses transformation of the way teams work with these solutions and how the process can be optimized to get the most value from them.
While it is easy to grasp these high-level concepts, it is not as clear to what extent compliance and risk professionals should be expected to understand the technologies used in more detail. An informal survey of Synechron clients found a diverse range of attitudes toward RegTech. At one extreme, users are outright skeptical, questioning if any of these new technologies and data analytics tools are significantly more advanced than the currently available tools. After all, financial institutions already use sophisticated technology in their business processes to address regulatory compliance. At the other extreme, users make great efforts to be open to embracing the benefits of emerging technologies, possibly without really knowing what tangible benefits these tools can deliver for them.
In one respect, the way that business users have become so familiar with RegTech (and the wider FinTech topic) is understandable. Content relating to topics like machine learning, blockchain, data analytics or natural language processing now feature prominently in financial service journals and the general media. They are priority topics on the agendas of regulators and promoted by consultants and technology experts alike. A term like ‘artificial intelligence’ seems easy to understand, so most of us feel like we know what it means, even if we do not necessarily know how to apply the technology. No doubt Hollywood contributed to this, with Arnold Schwarzenegger and James Cameron certainly helping to inform the public as to what a cyborg or a learning computer is.
However, it might seem almost paradoxical that business users can understand these technologies now. Even just a few years ago words like artificial intelligence and machine learning were not on the radar of most finance professionals as areas they needed to learn about. And while we might feel like we understand these concepts, explaining beyond the headlines what these technologies mean is more challenging. Of course, this is not surprising as they are the domains of computer scientists. In addition, if our roles are to be bankers, underwriters or compliance professionals, for example, we are likely sufficiently occupied in maintaining our professional expertise within the realm of our own business areas. Those of us with at least 10 or 15 years of working experience will likely have studied an Information Technology module in University, and entered the finance environment at a time when technology was conceived more narrowly. It likely included exploring the IT Department, a team whose core role – at least from our perspective as users – was to ensure our computers operated effectively. In that context, the idea of technology playing a holistic role within a financial institution is quite new.
Whether the above rings true for you as particular business user is not the decisive point. The important point to note is that these technologies are new, and knowledge of them is evolving. Consequently, in the words of Socrates it is ‘OK’ for a business user to admit that “All I know is I know nothing.”
Building on this premise, our role as business users is crucial in the move to Digital Compliance. The literature on the topic of innovation shows us that end users are vitally important in innovation processes, as those are the individuals best placed to identify inefficient processes and opportunities for innovation. Accordingly, recognizing the extent of our knowledge in this area, and being receptive to trying to learn about RegTech, is an essential process if financial institutions are going to be able to successfully move to Digital Compliance by integrating RegTech solutions into their compliance processes.
At a macro-economic level, we see several regulatory trends that are making regulatory compliance more challenging. Here are the critical macro-economic regulatory trends we have identified:
Regulatory texts have become more detailed and prescriptive.
The 2008 financial crisis showcased the drawbacks of light-touch and/or principle-based regulation. At the European level, we furthermore see that Directives and Regulations are being expanded by Regulatory Technical Standards, guidelines, and Q&A documents.
The review cycle for regulatory texts has been shortened.
We now see an established practice of subjecting regulations to periodic review and redesign and, additionally, guidelines and Q&A documents are also routinely revised. Financial services in itself is, moreover, a dynamic sector where business models evolve at a rapid pace, resulting in new types of risk exposure and new regulatory requirements to ensure that these new risks are effectively managed. This leads to shorter regulatory cycles and increased pressure to keep up with the pace, testing existing processes to their limits.
Regulations are being introduced to achieve broader societal goals.
This includes current regulatory initiatives around Sustainable Finance to encourage a ‘move to green’, as well as increasing the role of financial institutions as a gatekeeper when it comes to Financial Economic Crime.
Understanding how these trends put pressure on existing processes is crucial in determining what a future-proof target operating model for compliance should look like.
“Financial institutions are active in a constantly evolving compliance environment that is becoming richer and more complex with the introduction of each new regulatory initiative.”
Our expectation is that these trends will continue to play an important role, making the task of designing and maintaining fit for purpose compliance processes even more challenging.
Synechron’s current clients span 200+ marquee firms worldwide, and we count nine of the top 10 global banks as clients. We hone our focus to the largest enterprises across the financial services landscape -- banking, asset management, insurance companies, stock exchanges and others.
From working with our clients on regulatory change and compliance initiatives, we see common pain points that financial institutions face:
The Cost of Compliance is Excessively High
Research suggests that banks typically spend between 6% and 10% of their revenue on compliance. Research also suggests that between 10% and 15% of an organization’s total employees work in compliance-specific related roles or roles with a significant compliance component. Looking at the 2020 revenue of the top 20 international banks, we estimate that this could result in annual compliance costs of up to €3 billion, or upwards of 10,000 employees, spread across the first, second and third line of defense, as well as support functions like IT, Finance and Procurement.
These trends reflect our experiences at top tier financial institutions. However, based on our experience, smaller organizations equally face these challenges, with potentially disproportionally higher costs due to a more limited ability to leverage economies of scale.
Furthermore, we see that the distinction between risk management and compliance is blurred at times, with some processes serving common compliance and risk management objectives. If the broader universe of risk management processes were to be considered, the costs associated with maintaining those processes would significantly exceed the percentage outlined above.
Inefficiencies in compliance processes put pressure on the bottom line and on the business model, and it puts financial institutions at a disadvantage to competitors who have more efficient operating models.
Complexity and Operational Risk
As a result of the developments in the regulatory landscape described above, business processes need to be designed in a way that they support a diverse range of regulations simultaneously. The challenge may become even more complex depending on the jurisdictions in which the financial institution is active, the products carried, their type of clients, and licenses. Operating in such an environment exposes financial institutions to a significant level of inherent operational risk as there is a constant catch-up between processes being redesigned and the associated risk controls becoming mature enough to function effectively.
Transaction reporting obligations have become more onerous over the last ten years. However, the market of full-service, vendor-based solutions for transaction reporting is only recently maturing. Therefore, when the first transaction reporting regimes came into effect, firms developed their own internal reporting solutions, which have been gradually built-out to accommodate a growing number of regulations. This has made the processes and IT architecture complex, inflexible and difficult to maintain. The resulting operational risk is now recognized as being sufficiently high so that firms are rethinking their reporting operating models and increasingly outsourcing to full-service vendor-based solutions.
Shared Industry Challenges:
Overview Typical System Universe
Based on Synechron’s experience supporting large financial services institutions, we estimate that large institutions typically maintain more than 100 systems at any one time that play a role in regulatory compliance. At any one time, there are a great number of systems in stages of being decommissioned with data being migrated to existing systems, and new systems in various stages of being implemented.
Even with significant investment and resourcing, the current approach to compliance has deficiencies because it fails to guarantee effective regulatory compliance. The trend of increased volumes of mandatory risk remediation programs, enforcement cases and regulatory fines is clear, and this should have the attention of all financial institutions.
The most obvious adverse impacts of this trend are the financial impact of fines incurred by institutions along with reputational damage. Currently, enforcement action on violations of AML regulation leads the way in terms of size of the fines. Similar statistics – although different in size – can be compiled for other areas of enforcement.
Global Anti-money Laundering Fines are Growing
According to McKinsey & Company (2019), for example, both the number of AML enforcement actions as well as their total value in US$ Million is increasing. In line with this, according to Global Investigation Review (2021), in 2018, global AML fines totaled US$4.27 billion and, in 2019, US$8.14 Billion. In 2020, furthermore, there was again an increase in global AML fines because in that year these fines equaled to US$10.3 Billion (See Figure 1.)
Regulatory enforcement action and fines for non-compliance can result in significant societal backlash. According to a Forbes study (2018), compliance violations can turn customers away. The damage to brand reputation can often cost even more than the fines.
However, financial institutions should also take note of the extensive costs associated with maintaining cross-business area project teams, business units and legal consultants to execute remediation programs in response to regulatory enforcement.
Significant advances have been made in relation to artificial intelligence, data science, and advanced analytics technologies, and these technologies are now used by the world’s largest financial institutions with proven efficiencies. The European Banking Authority (EBA) has also signaled that RegTech will have an important role to play in reducing the cost of compliance. Synechron has developed a Digital Evolution Model to identify when and why the digital transformation of a company’s compliance operating model will be value adding, as well as a framework for how to plan and implement a digital transformation journey.
We’ve now outlined why compliance processes are inherently complex and the subject of inefficiencies or ‘pain points’. In following articles in this series, will look in detail at ways that RegTech tools and Digital Compliance can alleviate these challenges in a value-adding way.
Synechron has a thriving regulatory and digital compliance practice whose experts understand the full global domain landscape and can thoroughly assess your financial services firm’s current processes, and practices. By doing so, we can identify areas of vulnerabilities, less than optimal functionality and inefficiencies, and can benchmark your regulatory compliance systems against current best practices. If weaknesses are identified, we can competently recommend cutting-edge, future-forward digital technologies that your enterprise can rely on as it moves into the future and enhances readiness for your ever-evolving regulatory compliance needs.
Synechron is working with clients to digitalize their compliance journey. To this end, Synechron launched its RegTech Accelerator program in April 2018, as well as its Digital Compliance Accelerator , as part of our InvestTech Accelerator program in October 2020. Our Digital Compliance Accelerator helps our clients ingest, parse and prepare for compliance across multiple regulatory authorities’ new and changing laws and mandates.