Have banks done enough to manage the cost of regulatory change and compliance?

05 June 2017

Those areas across the three lines of defence that support regulatory governance, change, risk and control have been insulated from cost pressures. This has primarily been a result of the number of fines and litigation costs associated with rogue trader type incidences and non-compliance from market conduct failures. The consequence is that, over the last few years, these areas have become inflated and absorb significant costs. This is not sustainable. With low return on equity and stagnant growth, banks are now under intense pressure to reduce costs even further. Areas like regulatory governance, change, risk and control ought not to be an exception.

Significant work has been undertaken by banks to manage regulatory change and to gain confidence they operate compliant activities. This has been driven by the large number of regulations and investigations streaming from a number of global regulators, each requiring significant remediation and change effort. The associated changes and improvements are often high impact and have required immensely detailed rules interpretation, business requirement documents and technical specifications. Despite this effort, errors and non-compliance continue to exist and need to be responded to.

Regulators are becoming less tolerant. They want to see evidence that banks have learnt from their mistakes, errors have been rectified, and robust frameworks, governance, risk and control arrangements are in place. In fact, regulators go further – they want to see banks self-identify and proactively improve without further provocation from their supervision teams.

Now is a good time to take stock. Clarity and traceability in navigating regulatory obligations will help those accountable feel confident, support efficient challenge and support across the lines of defence but also provide the capability to demonstrate efforts to regulators. So, the conundrum is how do banks continue to achieve this, and do this in a way that enables them to utilise resources in the most effective way and further reduce costs?

Having worked across the regulatory change portfolios of many banks, we see considerable cost efficiency and effectiveness opportunities. Instinctively, banks have been firefighting to deliver implementation of each regulatory change in a piecemeal way. This has created duplicative governance, change, risk and control arrangements, inconsistencies in implementing common standards, and, lack of traceability to the underlying regulatory obligations and risks.  This leads to significant amounts of communication and rework to close off internal audit points and demonstrate compliance to regulators. For many, this has resulted in high level cost of compliance and control, which have yet to be addressed.

The key to responding to such challenges is to reconsider the way to look at regulatory change and managing compliance i.e. doing things differently, as opposed to doing more for less. Banks need to understand all their obligations across multiple regulatory requirements and jurisdictions, and identify synergies across their governance, change, risk and control arrangements around common themes (e.g. Anti-Money Laundering (AML) and Know Your Customer (KYC), Personal Investments, Data Protection, Conflicts of Interest, Market Abuse, Client Onboarding, New Business and Products etc.). The specific detail of regulations may change, however the underlying philosophy of what risks they are trying to resolve for will not. Therefore, banks need to establish how they achieve global standards and arrangements that transcend specifics of local nuances, but allow for particular local requirements where necessary.

We believe rethinking regulatory governance, change, risk and control can start by contemplating the following eight questions:

  1. Does a global regulatory obligation framework exist which outlines the alignment of regulatory obligations to common governance, risk and control arrangements across multiple regulations?
  2. Do business divisions and functions own and maintain their own regulatory obligations inventory that can demonstrate how their obligations are being owned, managed and delivered on an on-going basis?
  3. Is there a process for how regulatory obligations are prioritised across multiple regulations, regulators and jurisdictions to ensure business critical regulatory risks are being given immediate attention based on limited bank resources?
  4. Have business divisions and functions organised their risk and control resources across common themes emerging across multiple regulations, resulting in removal of duplicative governance, risk and control arrangements?
  5. Do these arrangements deliver traceability that can be evidenced from the implementation of controls to the underlying obligations and risks, allowing for a clear audit trail for both internal oversight/audit functions and external regulators?
  6. Are there clear processes, guidelines and principles for the evidencing of control implementation that align specifically to the underlying risk requirement and obligations?
  7. Has a technology solution been adopted to manage the intricacies of multiple data points across a number of regulations, obligations, risk and controls, and to evidence the traceability across multiple accountable individuals?
  8. Has a co-sourcing or managed services solution been considered to create a project execution ‘factory’ supporting the deployment of the regulatory change portfolio more consistently and at a lower cost?

Banks who start thinking about regulatory change more strategically and invest in end to end architecture will have a competitive advantage when reporting across a large regulatory change portfolio in a consistent and auditable way, and at a lower cost.

If you are faced with any of the above challenges or are interested to learn more about how we have helped our clients build cost effective solutions around their regulatory execution, governance and controls agenda, please contact us at martin.hislop@pwc.com and lisa.dhanani@pwc.com

Lisa Dhanani | Senior Director - Banking & Capital Markets
Profile | Email | +44 (0)20 7213 3375
Follow @LisaDhanani

Martin Hislop | Partner
Email | +44 (0)20 7804 1126

Twitter
LinkedIn
Facebook
Google+

Comments

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been saved. Comments are moderated and will not appear until approved by the author. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment

Comments are moderated and will not appear until the author has approved them.