Re-emerging from the gloomy banking and financial crisis of 2008, a lot changed across the world (as it will again in the aftermath of the current pandemic crisis). The economy, markets and their governance saw deep changes. We started to live in what was then called a new normal. One of the far-reaching changes and a sustaining feature of this new normal for us in the banking and financial services world is the change in regulatory approach and supervisory practices!
A more prescriptive but risk focussed regulatory regime is now the norm. As a result, regulators insist, as a minimum, on adequate and effective risk management by banks/institutions. That has to be backed by a demonstrated system of supervision and controls in banks to ensure such risk management.
At the same time, a long-standing belief, that markets inherently correct themselves and financial institutions are generally responsible participants and good corporate citizens, was irrevocably shaken. This led to regulators adopting a more hands-on and ongoing approach to regulatory supervision inasmuch as their reviews and scrutiny of the banks/ institutions are now even more penetrating and intense.
Even as customers’ trust in the banking and financial world came at a premium affecting business, the indulgence and tolerance from regulators and governments disappeared as we saw exemplary disciplinary action leading to debilitating financial and non-financial deterrents for those lagging and non-compliant.
The substantially changed regulatory compliance landscape for banks/financial Institutions. Thus, featured-
An onslaught of justified but numerous, new risk-based, prescriptive regulations to understand and implement
Complex new regulatory reporting requirements on financial and non-financial risks
Industrial efforts to implement an effective matrix of processes, controls, and governance to ensure ongoing adherence
Ongoing and close regulatory interaction through supervisory reviews and assessments
Regulators moving the technology needle on risk assessment and risk ratings of banks making regulatory intervention prompt and timely
In the process, Compliance functions, so far enacting an advisory/guidance role, had to go beyond to play a more hands-on, preventive compliance role to
Facilitate a framework of preventive controls
Carry out ongoing risk assessment, monitoring and testing activity augmenting its resources with bigger and diverse teams
Enhancing and acquiring a diverse set of skills ranging from project management, control design, risk management and control to review and audit capabilities
Assuming (a hitherto alien) burdensome administrative role, coordinating within large teams/with stakeholders across the firm, tracking status / progress updates, influencing timely action/implementation and management reporting.
Today it seems like we have already come a long way and nothing is new anymore. This is a regulatory regime we are already living with. We seem to know what is expected and somehow have scrambled to meet these expectations. Or have we?
We had a few options to respond to the compliance challenges. Typically, and as an immediate reaction, most banks across the globe threw a huge amount of human resources to this task. While it was the easiest (though costly) and immediate thing to do, dependency on manual efforts was not necessarily sustainable and made the entire compliance effort ad-hoc and reactive. By their very nature, manual processes are not necessarily amenable to standardisation and quality levels are not sustainable as complexity increases.
Also, obviously they are not scalable and efficient (even as demands on the compliance and adherence process increased in an ongoing basis).
And a disproportionately large administrative activity meant that the compliance bandwidth was less focussed on its more critical risk management and review functions. At times, the approach focussed more on meeting regulatory timelines than pro-active understanding of risks and appreciation of controls required. Even as the regulatory supervision was technology driven, the compliance and adherence frameworks remained resolutely manual.
This points to a widening gap between the regulatory expectations and the ability/capacity of banks and their compliance functions to meet these expectations
A more sustainable and obvious alternative was to be smart and look for efficiency, systematisation and scale through technology driven and digital platforms that would optimally utilise and supplement scarce compliance bandwidth and skill sets. Regulatory oversight is now technology driven. Banks are following digitisation trends set by new age fin-techs. Gradually, efforts at using technology solutions in regulatory compliance have grown and a whole area of reg-tech solutions has emerged. However even after almost a decade, holistic solutions to compliance challenges have been few and far in between sometimes covering narrow reporting processes and/or niche bottlenecks without addressing the full life cycle of the complex compliance processes or harnessing the full potential of modern technology and data capabilities!
This, despite the fact that banks are constantly challenged by increasing costs of compliance further frustrated by existing inefficient processes. Possibly the larger problem area of a broken controls framework pre-empted all management attention and resources.
Nobody, therefore disputes that the need of the hour is to be smart about it. Regulatory adherence and risk management is not an area that can brook any compromise! Like in every other sphere of activity that lends itself to complexity and volume, automation/digitization using cutting edge technologies and leveraging data seems to be the timely and commensurate response. It’s time to put technology to work and harness such a comprehensive solution!