How to Reduce Cost of Compliance for Financial Services InstitutionsPrincipal, Finance and Risk Practice for Oliver Wyman
Asian financial institutions’ compliance costs have increased significantly over the past decade, owing to an environment of growing internal and external complexities. This is resulting in banks’ compliance functions coming under strain across the region.
In the Asia-Pacific region, according to our research, 86 percent of survey respondents said that compliance costs grew significantly between 2005 and 2016, with a couple of Singaporean banks’ executives saying the costs have been increasing at a rate of between 20 percent and 35 percent per year. Similarly, Australian banks’ investment spend around compliance initiatives has also increased significantly over the past few years, amounting to between A$350 million-A$450 million ($278 million-$357 million) spent on regulation and compliance each year.
Factors Driving the Increase in Compliance Costs
In the Asia-Pacific region, there are a number of factors driving costs up. Some of these include:
New regulations. Increasing government scrutiny and regulatory requirements for banks will likely continue going forward.
Specialized functions. Many sub-functions are being vertically aligned, and that is leading to siloes and duplications—the compliance function has to ensure it adds strategic value and does not just work in siloes.
Widening risk remit. The nature of risks that financial institutions are faced with is changing. Risks today are more complex and interconnected. Moreover, nontraditional risks are becoming increasingly prominent—for example, cyber, information security, “fourth” party risks from open banking and partnerships.
Market fragmentation. The differences in the financial and institutional setups across multiple jurisdictions in Asia mean the compliance function has to manage increased complexities.
‘Bending the Curve’
Banks need to respond to this challenge, even as compliance requirements grow. This means moving beyond tactical, reactive activities and focusing on what future compliance functions look like when they incorporate a strategic view of compliance.
It is important for the compliance function to “bend the curve” going forward. This means meeting increasing demands while ensuring a sustained reduction in cost and complexity.
Banks in the region are responding to this challenge and embarking on improving compliance effectiveness in five specific ways.
Perimeter and demand management. As organizations grow in size, they ought to refocus compliance on their core activities and reduce internal complexity drivers through transparent discussions with the businesses, thereby eliminating activities that are redundant. This can be done by turning processes into utilities that service a wider risk agenda; assessing full-time equivalents and effort is required to complete certain processes; mapping each process to requirements to identify redundancy; and categorizing process based on the effort required to identify potential outsourcing or near-shoring.
One of our clients had 30 percent of overlapping requirements in compliance and control and over 180 control frameworks, including those capturing risks. It centrally coordinated control identification, execution, testing and reporting and set up a top-down central database of controls to remove overlaps. The freeing up of resources led to a 15-20 percent increase in productivity and a 50 percent reduction in the number of control frameworks.
Process reengineering and digitization. Meeting today’s risk and compliance needs well requires streamlining and automation of processes, supported by a formal process that ensures innovation does not stall. This includes building a central data repository for compliance (client queries, policy); optimizing compliance data architecture for future scalability (new regulation, anti money laundering, complex controls); standardizing and streamlining processes (data collection and testing); and automating repetitive and low-value compliance activities such as advisory.
One of our clients has 25,000 monthly advisory requests for compliance, however 95 percent of the advice given in response was standard and could be automated—for example, queries such as, “Can I buy a $100 gift for my client?” To address efficiency, the client developed a data repository based on Hadoop and built robo-advisory capability for repeatable advice. Additionally, it optimized automation filters to reduce the human interaction required and adapted a chatbot to route queries better. The impact was significant—these strategies led to a 50-70 percent reduction in the time required to respond to queries, and it has led to $1 million in sustained annual cost savings.
Resource optimization. This facet ensures that compliance organizations take a more strategic look at the people they have in their organizations, the nature of the tasks they are performing and the locations they are working from. This involves optimizing the use of offshore or near-shore centers in cheaper locations; implementing cost-effective outsourcing and contractor utilization strategies; developing centers of excellence with interface to functions; and optimizing across the workforce, leveraging talent in efficient, non-siloed ways.
One bank had a high delegation of authority of tasks/responsibilities ranging from core compliance activities to local activities, such as project handling, organizational training and periodic monitoring. To address this, it identified opportunities to centralize common or standard activities that required specific knowhow and designed a new model to delegate and operate authority. The subsequent impact was a 20 percent reduction in compliance resources required within two years and a 10-15 percent increase in overall group-wide productivity.
Data science and technology. Managing data as a strategic asset is important when it comes to compliance. As such, it is important for organizations to innovate within the compliance function through investing in emerging data science and technologies including analytics, artificial intelligence and big data. The key here is to deploy suitable techniques and tools and to leverage analytics to drive better decisions. Organizations also need to become digital-ready, and they need to coordinate accordingly with business, information technology departments and vendors.
A client had “know your customer” files reviewed manually and 40-50 percent of resource time and costs were tied up in these basic file reviews and “level 1” transaction alert processing. Additionally, conversion from alerts to suspicious activity reports (SAR) was only around 1 percent. To improve this, we leveraged data analytics and machine learning to improve the quality of risk factors feeding into the transaction-monitoring engine. We also identified repeatable activities in transaction alert processing and file reviews that could be automated.
In addition, we collected data including false positives/negatives and developed algorithms to better differentiate and calibrate the screening engines. The result was an increase in the alert-to-SAR conversion rates of between two to three times. Additionally, these efforts contributed to a 30 percent reduction in false positive cases. Finally, the bank made substantial resource savings and saw an improvement in compliance activity productivity.
Forward-looking compliance approach. As risk and compliance capabilities are restructured and modified, it is imperative for organizations to take a forward-looking view with respect to the operating model in place so it can identify future risks. This includes embedding data science into the organization; frequently war-gaming to identify new emerging risks; moving fast and becoming more agile; and raising awareness and building governance over new advanced capabilities.
The Future of Compliance
As a growing number of banks rethink their compliance-related strategies and look to optimize costs, the future of the compliance profile will likely look very different.
- Fulfill “bend the curve” philosophy
- Integrated regulatory adherence process
- Transparent subsidiary governance and control
- Value add through strategic analytics
- Data-driven, backed by data science and tech
- Documented decision-making processes and outcomes
- Well-articulated compliance culture
- Forward-looking model—be preventive instead of reactive
- Embedded in strategic planning and other processes
- Lean team with close alignment to businesses
- Highly optimized with increasing automation and digitization
- Optimal use of offshoring and outsourcing
These are initiatives organizations will look to implement over the next two to three years if they are to maintain their bottom lines in an uncertain risk and regulatory environment.