Regulatory Compliance – Time to be smart about it?
July 7, 2020
The economy, markets, and governance experienced profound shifts as an impact of the pandemic that hit globally, leading us to embrace what was once referred to as the “new normal.” Notably, one enduring aspect of this new normal within the banking and financial services realm is the evolving regulatory approach and supervisory practices, which continue to shape our industry’s landscape.
In today’s regulatory landscape, a greater emphasis is placed on a prescriptive and risk-focused regime. Regulators now require banks and financial institutions to have adequate and effective risk management practices as a minimum requirement. This necessitates the establishment of robust supervision and control systems within banks to ensure the effectiveness of risk management efforts.
Simultaneously, the long-held belief in the self-correction of markets and the responsible conduct of financial institutions was profoundly disrupted. Consequently, regulators have embraced a more proactive and continuous approach to regulatory supervision. Their reviews and scrutiny of banks and institutions have become even more rigorous and thorough, reflecting a heightened level of scrutiny and intensity in response to these developments.
In recent times, the importance of customer trust in the banking and financial world has become increasingly apparent. Customers seek reassurance that their financial institutions are reliable and responsible custodians of their funds and personal information. However, this trust has been hard to maintain, given various instances of misconduct and breaches of ethical conduct in the industry.
The substantially changed regulatory compliance landscape for banks/financial Institutions. Thus, featured
An onslaught of justified but numerous, new risk-based, prescriptive regulations to understand and implement.
Complex new regulatory reporting requirements on financial and non-financial risks
Industrial efforts to implement an effective matrix of processes, controls, and governance to ensure ongoing adherence.
Ongoing and close regulatory interaction through supervisory reviews and assessments
Regulators moving the technology needle on risk assessment and risk ratings of banks making regulatory intervention prompt and timely.
In the process, Compliance functions, so far enacting an advisory/guidance role, had to go beyond to play a more hands-on, preventive compliance role to
Facilitate a framework of preventive controls.
Carry out an ongoing risk assessment, monitoring, and testing activity augmenting its resources with bigger and more diverse teams.
Enhancing and acquiring a diverse set of skills ranging from project management, control design, risk management, and control to review and audit capabilities.
Assuming (a hitherto alien) burdensome administrative role, coordinating within large teams/with stakeholders across the firm, tracking status/progress updates, influencing timely action/implementation, and management reporting.
Today it seems like we have already come a long way, and nothing is new anymore. This is a regulatory regime we are already living with. We seem to know what is expected and somehow have scrambled to meet these expectations. Or have we?
We had a few options to respond to the compliance challenges. Typically, and as an immediate reaction, most banks across the globe threw a huge number of human resources into this task. While it was the easiest (though costly) and immediate thing to do, dependency on manual efforts was not necessarily sustainable and made the entire compliance effort ad-hoc and reactive. By their very nature, manual processes are not necessarily amenable to standardization and quality levels are not sustainable as complexity increases.
Also, obviously, they are not scalable and efficient (even as demands on the compliance and adherence process increased on an ongoing basis).
And a disproportionately large administrative activity meant that the compliance bandwidth was less focused on its more critical risk management and review functions. At times, the approach focused more on meeting regulatory timelines than a proactive understanding of risks and appreciation of the controls required. Even as the regulatory supervision was technology-driven, the compliance and adherence frameworks remained resolutely manual.
This points to a widening gap between the regulatory expectations and the ability/capacity of banks and their compliance functions to meet these expectations.
A more sustainable and obvious alternative was to be smart and look for efficiency, systematization and scale through technology-driven and digital platforms that would optimally utilize and supplement scarce compliance bandwidth and skill sets. Regulatory oversight is now technology driven. Banks are following digitization trends set by BFSI-centric multi-product enterprises. Gradually, efforts at using technology solutions in regulatory compliance have grown and a whole area of reg-tech solutions has emerged.
Despite the passage of nearly a decade, comprehensive solutions to compliance challenges remain scarce, often focusing on limited reporting procedures or niche bottlenecks, rather than addressing the entire life cycle of intricate compliance processes or fully utilizing the capabilities of modern technology and data.
This is although banks are constantly challenged by increasing costs of compliance and further frustrated by existing inefficient processes. Possibly the larger problem area of a broken control framework pre-empted all management attention and resources.
Nobody, therefore, disputes that the need for the hour is to be smart about it. Regulatory adherence and risk management is not an area that can brook any compromise! Like in every other sphere of activity that lends itself to complexity and volume, automation/digitization using cutting-edge technologies and leveraging data seems to be the timely and commensurate response. It’s time to put technology to work and harness such a comprehensive solution!
Take action today and get in touch with us to assess the potential risks to your business and identify vulnerable areas. Let’s work together to ensure robust risk management and safeguard your organization’s future.