Recent reports criticize banks for not devoting enough resources, or not doing so fast enough, to keep up with accelerating regulatory demands. Other reports indicate such regulatory pressure is starting to boost those responsible for compliance higher in the corporate decision-making chain, while highlighting the operational importance of advanced compliance technology.
IT spending to rise 25% over three years
SAP, in conjunction with several U.S. and European universities, uncovered what it calls “a large disconnect between regulators’ expectations and the ability of banks to meet compliance and reporting requirements.”
It cites several national and international regulatory requirements as driving the need for greater bank investment in various technologies: The Basel Committee’s guideline on Principles for effective risk data aggregation and risk reporting (“BCBS 239” for short), followed by Basel III, Dodd-Frank, and others.
In its report, SAP quotes an unnamed regulator saying: “IT budgets have to significantly increase to meet the current and future requirements.” Meanwhile, 61% of survey participants expect an increase in their IT budget of at least 25% in the next three years— primarily to comply with regulations.
Second, Lepus, a financial research company, and SAS, which produces business analytics software and services, did their own survey and concluded that “increasing regulatory pressure requires banks to improve risk aggregation and reporting. Yet a majority struggle with data inconsistencies.”
This survey also specifically points to the requirements of BCBS 239 as a key driver of tech requirements, as its principles guide how banks improve stress testing and anticipate future problems.
“In the regulatory compliance future, stress testing will be an ongoing process of analyzing unpredictable scenarios instead of an annual exercise devoid of surprise,” says David Wallace, SAS global financial services marketing manager. “Banks that fully implement BCBS 239 principles as best practices will be able to analyze surprise scenarios on demand for regulators. In addition, they’ll be more effective and efficient in capital planning.”
Tech as a proactive tool
Capital planning and stress testing aside, regulators also expect banks to increasingly use technology for anti-money-laundering, data security, identity theft, and other security-related risks. Those kinds of requirements are starting to resonate at the top levels of corporate offices, particularly in the areas of general counsel and compliance.
A Grant Thornton LLP survey of corporate general counsels (not limited to financial institutions but generally of interest) concludes that “in-house counsel are dealing with a lack of resources, which impact their ability to proactively reduce and appropriately react to risks.”
“Corporate counsel are facing a variety of new regulatory risks every day, In addition to industry-based regulation, there are concerns about fraud, ethical behavior, and new threats such as data security,” says Brad Preber, national managing partner of Grant Thornton’s Forensic and Valuation Services practice. “At the same time—or perhaps because of these new risks—corporate counsel do not feel they have the resources to keep up, perhaps creating a vicious circle of regulatory and litigation risk.”
Compliance must have its own chief
PwC U.S., meanwhile, declares that “compliance is at a tipping point” and that more business organizations ought to create the position of “chief compliance officer.” While such a position is well recognized within the banking industry, the point PwC makes is that such a position should “become a more strategic partner in the organization; a vital member of the C-suite.”
“As the CCO’s role further evolves, compliance will become more integrated with business performance and CCOs will assume a more strategic role,” says Sally Bernstein, principal, PwC.
Specifically, PwC says that, to assume a more strategic role in their organizations, CCOs should emulate the behaviors of chief information officers by:
• Cultivating strong support of the CEO.
• Maintaining close working relationships with business leaders, to drive understanding.
• Leveraging innovation ideas from other companies and functions.
• Understanding the organizational strategy and the broad range of risks associated with that strategy.
• Recognizing that compliance skills must be an enterprise-wide capability.
Some of the tools to do this—which generally could apply to chief counsel as well—involve the use of data analytics, social media, and combinations of the two.
Tools and training to tap
Easy to say, but there are indications that help is out there. One such indication is the announcement earlier this year by SWIFT of its new Compliance Analytics tool. Part of the organization’s compliance services suite, it helps banks monitor and address financial crime risk.
“There are increasingly high expectations for financial institutions to implement policies and tools that will help identify and prevent financial crime activities,” says Luc Meurant, of SWIFT.
What do regulators want?
Circling back to the SAP study mentioned above, it may be helpful to relate what features the regulators themselves define as characterizing a state-of-the-art IT infrastructure for banks:
• Implementation of a central data warehouse.
• Improvement of data and process governance.
• Introduction of more automated processes.
• Flexible and customized modules for automatic analysis, stress scenario generation, and ad hoc stress testing.
• Enhanced capabilities and data analytics for product valuation and bank enterprise risk management calculations.
• Enhanced capabilities for legal entity- and jurisdiction-specific analytics.
Says PwC’s Andrea Falcione, managing director: “There is an increased focus on compliance as a business-enabling function and a growing interest in the topic overall.”
[Editor’s Note: You may also find “You can’t be Dr. No anymore,” a session about Compliance getting its “seat at the table,” from ABA’s 2014 Regulatory Compliance Conference.]
Sources used for this article include: