Thomson Reuters Regulatory Intelligence has carried out its annual survey on the cost of compliance - “Cost of Compliance 2019: 10 years of regulatory change”. This year marks the 10th anniversary of the survey, which looks at the challenges financial services firms expect to face in the year ahead. Almost 900 senior compliance practitioners worldwide took part this year, representing global systemically important financial institutions (G-SIFIs), banks, insurers, broker-dealers and asset managers.

One of the main findings was that there is a growing need for risk and compliance officers to have an increasingly enhanced role within the business to have the best chance of thriving into the medium term. The other main findings of the report, written by Stacey English and Susannah Hammond from the Thomson Reuters Regulatory Intelligence team, were:

• Compliance challenges – Regulatory change remains the single biggest challenge for compliance officers in the year ahead
• Budgets – Compliance budgets are expected to continue to rise
• Regulatory change - The majority of firms expect more regulatory activity in 2019
• Personal liability – Personal liability continues to rise
• Board challenges –  keeping up with regulatory change, cyber resilience, personal accountability, and culture and conduct risk
• Outsourcing - Firms who outsource all or part of their compliance function has remained consistent, ranging between 24% and 28% year-on-year since 2016
• Predictions over the next 10 years – The expected compliance changes for the next 10 years are myriad.

For Hammond, “The most important thing coming out of the 10th annual cost of compliance report is the need for compliance officers to ensure that their skill sets are up-to-date and wide enough to cope with the myriad range of issues arising, technology expressly included. Compliance officers now need to be polymaths and only by consistently investing in resources and skillsets will they be able to meet the current and future challenges.”

Personal liability

Seana Cunningham, Director of Enforcement and Anti-Money Laundering at the Central Bank of Ireland in a speech in August 2018, said: “These reforms will constrain the ability of senior executives to escape liability for wrongdoing; the days of individuals hiding behind the collective will be numbered.”

The survey revealed that almost all respondents agreed with Cunnigham, and believed that personal responsibility is rising and many thought it is rising rapidly.

Number of regulatory changes and alerts

One of the joys of this report is how it brings together all sorts of useful information, e.g. the important regulatory events over the last 10 years:

Not surprisingly, this has resulted in an average of 220 regulatory change alerts/day:

Source & Copyright©2019 - Thomson Reuters Regulatory Intelligence – Cost of Compliance 2019: 10 years of regulatory change, by Stacey English and Susannah Hammond

Managing regulatory risk

The survey quoted a Senior Compliance Practitioner, European Bank saying that the greatest compliance challenge(s) the board expects to face in 2019 is: “Obtaining comfort that regulatory risk is effectively managed.” BUT the survey found that of the 900+ regulatory practitioners only 28% outsourced any or all of their compliance functionality, yet these regulatory practitioners are dealing with on average 220 regulatory changes/day?? 

Outsourcing does not mean that the responsibility for regulatory compliance is removed, it is just that many of the admin jobs are carried out by a specialist organisation, the responsibility remains with the financial institution.

The future

The survey asked practitioners what they thought were the top challenges in 2019:

1. volume and pace of regulatory change
2. increasing regulatory burden
3. financial crime, AML, sanctions
4. culture & conduct risk.

But the greatest compliance challenge(s) the board expect to face in 2019 are:

1. Keeping up with regulatory change
2. Cyber resilience
3. Personal accountability
4. Culture and conduct
5. Financial crime, AML and sanctions.

When asked what the biggest changes in the next 10 years:

1. Automation of compliance activities
2. Continuing regulatory change
3. Enhanced role for compliance within the business
4. Culture & conduct risk
5. Technology risk.

Sad surprises

One of the authors, Hammond, believes that “The most surprising thing about the cost of compliance report findings, both for this year and the over the lifetime of the report, is the concern about the sheer persistence of continuing regulatory change. 10 years after the financial crisis we really should be out the other end of apparently endless regulatory change but it is still being cited as a key challenge for compliance officers.”

For CTMfile, the biggest surprise was that, even with the scale of regulatory compliance required today, outsourcing to specialists continues to be only used by less than 30% of all FIs surveyed.

---

CTMfile take: This excellent report shows that regulatory compliance is going to continue to be a costly and bumpy ride, and it also shows that many more financial institutions need to outsource much more of their compliance operations.