Banks spent over $100 billion on regulatory compliance in 2016 alone, with it also being estimated that regulatory costs will rise from 4% to 10% of revenue by 2021. These costs compose at least 15-20% of total “run-the-bank” costs and 30% of the budget.
The regulatory bodies at banks are very siloed, and the work is both prolific and part of a complex chain. These conditions can create duplication of efforts, lack of transparency and, inconsistencies that can cause litigations and come with high price tags.
Moreover, regulations are frequently updates or revised, pushing banks to struggle to keep up. It's estimated that in 2020, global banks will be required to comply with over 120,000 pages of regulations.
For example, the European Union (EU) announced in 2015 the tightening of money laundering controls, with measures such as closer monitoring of cash transactions and bitcoin, the creation of national payment account registers. The Fourth Anti-Money Laundering Directive, as it was known, has already undergone several amendments. In 2017, financial institutions prompted the delay of reforms implementation by a year citing that their IT systems had struggled to keep up with changes and meet the 2017 timetable.
Given these disconnects, and the sprawling system at hand, compliance systems are not as streamlined as they need to be to be wholly effective. Despite the massive investment banks feed into compliance and regulatory features. In 2014 alone, it's estimated that European and US banks paid US$65 billion in regulatory fines and penalties, which represents a 40% increase from the previous year.
In 2013, JP Morgan Chase was forced to pay US$13 billion in regulatory settlements and in 2014, Citibank paid $US 7 billion and Bank of America US$16.7 billion.
Some of the challenges creating this situation are:
- Compliance is constantly evolving with new risk sources constantly emerging -
- A narrow focus on centralized governance, risk, and compliance (GRC) processes which prevents banks from countering other emerging compliance risks
- Shortage of skilled compliance personnel - most staff traditionally operate in an advisory capacity not on actual risk identification/management
- Suboptimal IT strategy - many banks have a tactical workaround approach rather than holistic and strategic - resulting in technical debt
- Lack of automation - reliance on labor-intensive, slow, and error-prone manual files, hard copies, and excel spreadsheets
- Little ability to track the many channels at hand and siloed operations, with no integration between different compliance and monitoring systems