Standardizing Compliance Processes
Regulatory bodies tend to be siloed and part of a complex value chain responsible for a prolific amount of work. These conditions inherently create opacity and inefficiency, with a dangerous ripple effect.
In the heavily-regulated financial sector, each financial institution maintains its own records on its own ledger system and reports data to the regulatory authorities accordingly with compliance rules. As such, the industry is increasingly siloed, which creates a host of inefficiencies and resulting potential for error and miscommunication.
Context & Challenges
Banks spent over $100 billion on regulatory compliance in 2016 alone, with it also being estimated that regulatory costs will rise from 4% to 10% of revenue by 2021. These costs compose at least 15-20% of total “run-the-bank” costs and 30% of the budget.
The regulatory bodies at banks are very siloed, and the work is both prolific and part of a complex chain. These conditions can create duplication of efforts, lack of transparency and, inconsistencies that can cause litigations and come with high price tags.
Moreover, regulations are frequently updates or revised, pushing banks to struggle to keep up. It's estimated that in 2020, global banks will be required to comply with over 120,000 pages of regulations.
For example, the European Union (EU) announced in 2015 the tightening of money laundering controls, with measures such as closer monitoring of cash transactions and bitcoin, the creation of national payment account registers. The Fourth Anti-Money Laundering Directive, as it was known, has already undergone several amendments. In 2017, financial institutions prompted the delay of reforms implementation by a year citing that their IT systems had struggled to keep up with changes and meet the 2017 timetable.
Given these disconnects, and the sprawling system at hand, compliance systems are not as streamlined as they need to be to be wholly effective. Despite the massive investment banks feed into compliance and regulatory features. In 2014 alone, it's estimated that European and US banks paid US$65 billion in regulatory fines and penalties, which represents a 40% increase from the previous year.
In 2013, JP Morgan Chase was forced to pay US$13 billion in regulatory settlements and in 2014, Citibank paid $US 7 billion and Bank of America US$16.7 billion.
Some of the challenges creating this situation are:
- Compliance is constantly evolving with new risk sources constantly emerging -
- A narrow focus on centralized governance, risk, and compliance (GRC) processes which prevents banks from countering other emerging compliance risks
- Shortage of skilled compliance personnel - most staff traditionally operate in an advisory capacity not on actual risk identification/management
- Banks are forced to hire very quickly, leaving insufficient time for robust training
- By the end of 2014, Citigroup had around 30,000 of its staff engage in regulatory compliance, representing a one-third staff increase in three years
- Suboptimal IT strategy - many banks have a tactical workaround approach rather than holistic and strategic - resulting in technical debt
- Lack of automation - reliance on labor-intensive, slow, and error-prone manual files, hard copies, and excel spreadsheets
- Little ability to track the many channels at hand and siloed operations, with no integration between different compliance and monitoring systems
A STRATO product promises the streamline processes and drive the following benefits:
- Save 30% -50% on compliance costs at a product and procedural level (Accenture)
- Reduce labor costs and time spent on administrative work
- Build unprecedented security and traceability
- Create industry standardization
- Drive sustainable compliance practices, freeing up 30% of risk management programs' capacity
Any STRATO insurance solution leverages STRATO's enterprise grade features
RESTful APIs for direct connection of IoT devices such as bankers' devices to the blockchain network
Identity Management, OAuth and SSO capabilities for simplified IoT authorization and user login
Privacy via private chains to keep sensitive data private and control who sees what data
Enterprise Data Modeling for integration into existing data systems, and to ensure interoperability