The cost of compliance survey annually focuses on the challenges financial services firms expect to face in the year ahead. This year’s edition closed before the widespread impact of the COVID-19 pandemic had become apparent; thus, the report analyzes both the survey responses and, in an additional dedicated section, looks in more detail at what better risk and compliance practice will look like in the face of continuing uncertainty.
The survey generated responses from more than 750 risk and compliance practitioners worldwide, representing global systemically important financial institutions (G-SIFIs), banks (including challenger banks), insurers, asset and wealth managers, broker-dealers and payment services providers. The findings are intended to help financial services firms with planning and resourcing, while allowing them to benchmark their own approaches and practices to assess whether or not their expectations are in line with those of the wider industry. The experiences of the G-SIFIs are analyzed where these can provide a sense of the stance taken by the world’s largest financial services firms.
The results show that as compliance functions have matured during the years after the 2008 financial crisis, an inflexion point has begun to appear. With the regulatory agenda moving through its post-crisis priorities, firms have enhanced their compliance capabilities to embrace the new range of disciplines and specialities required. Those specialities include culture and conduct risk, which show signs of being successfully embedded, as around a third of firms have discarded a potentially profitable business proposition because of culture and conduct risk concerns.
There are several positive risk and compliance trends for firms, but the survey results indicate firms are beginning to reprioritize their compliance needs. Last year will perhaps be seen as the start of a cyclical turning point for compliance functions. Even though the full effect of COVID-19 is yet to unfold, from the survey results, there are early signs of a shift in focus.
Emerging concerns were highlighted regarding resources, skills and a need to balance budgets and compliance costs. This is set against a background of continued uncertainty about conduct and cultural issues, regulators continuing to produce a raft of changes, and the growing spectre of greater personal liability. To meet these challenges, compliance functions are using other solutions such as regtech and outsourcing arrangements.
The findings include:
- Board challenges – The greatest compliance challenges boards expect to face in 2020 are balancing budgets in the face of increasing compliance costs, the volume of regulatory change, driving demonstrable cultural change, increasing personal accountability and the implementation and embedding of regulatory change. This contrasts with the 2019 board challenges which were keeping up with regulatory change, cyber resilience, personal accountability, culture and conduct risk and financial crime.
- Compliance challenges – The top three challenges for compliance teams for 2020 are keeping up with regulatory change, budget and resource allocation and data protection. In 2019 the top three challenges were the volume and pace of regulatory change, increasing regulatory burden and financial crime, AML and sanctions.
- Culture and conduct risk concerns – In the last year around a third of firms (34%) said they had discarded a potentially profitable business proposition due to culture-or conduct-risk concerns. This has ticked up from the 28% which reported discarding a potentially profitable business proposition in response to the same question in 2018. The biggest culture or conduct risk facing firms is seen as creating a unified compliance culture.
Financial-services firms were already facing an inflexion point in regulatory compliance for 2020, even before the COVID-19 pandemic disrupted the industry worldwide, according to the 11th annual cost of compliance survey by Thomson Reuters Regulatory Intelligence.
Tightening of risk and compliance budgets, regulatory and cultural change and the possibility of increasing personal liability all provided evidence of a cyclical turn from the post-financial crisis years. It is too early to tell how the novel coronavirus will influence that inflexion over the long term, but already regulators are issuing a flurry of revisions to rules, and firms are asking for the postponement of various regulatory initiatives so they can focus on managing events.
- Regulatory developments – TRRI in 2019 captured 56,624 regulatory alerts from more than 1,000 regulatory bodies, averaging 217 updates a day, a slight decrease from the year before. Regulatory change was reported as the top compliance challenge for 2020 with respondents anticipating that more information will be published by the regulator.
- Budgets – Overall budget expectations have eased slightly for the coming year with 49% expecting budgets to increase slightly and 31% expecting them to remain the same. Only 11% expect the total compliance team budget to increase significantly. The budget expectations sit alongside a softening in the expected cost of senior compliance staff with 48% expecting senior compliance staff to cost slightly more in the coming year, 13% significantly more. Since 2011 the expectation that senior compliance staff will cost significantly more has dropped by half (2011 – 27%; 2020 – 13%).
- Compliance teams – Mirroring the expectations on compliance team budgets, 34% expect their compliance team will grow (a gradual decline from 43% in 2018 and 38% in 2019). At the other end of the spectrum 7% expected compliance teams to shrink, up from 3% in 2019. In addition, 34% of respondents expect the turnover of senior compliance staff to increase in the next 12 months, 43% in the G-SIFI population. The top three skills required for an ideal compliance officer in 2020 were reported as being subject matter expertise, communication skills and integrity.
- Personal liability – Personal liability for compliance professionals is a constant concern. Some 17% of respondents reported that in the next 12 months personal liability will grow significantly and a further 41% expected it to be slightly more than today. This is in line with the prior year results where 60% expected the personal liability of compliance officers to increase. In addition, 73% of respondents think the regulatory focus on culture or conduct risk will increase the personal liability of senior managers.
- Technology – Respondents to the 2019 cost of compliance survey report1 thought the biggest change for compliance in the next 10 years would be the automation of compliance activities. In Q1 2020, TRRI published its fourth annual report on fintech, regtech and the role of compliance2. The report concluded the financial services industry has much to gain from the effective implementation of fintech, regtech and insurtech but there are numerous challenges to overcome before the potential benefits can be realized.
- Outsourcing – More than a third (34%) of firms reported outsourcing some or all their compliance functionality (up from 28% in 2019). The reasons given included the need for additional assurance on compliance processes, cost and a lack of in-house compliance skills.
The questions posed in the 11th annual survey were refreshed to reflect the start of the second decade of the report. Some questions were maintained to enable year-on-year analysis while questions on topics such as culture and conduct risk have been added as, for many firms, these have become part of the “new normal”. TRRI has used responses to the free-text questions and build word clouds. For the first time, TRRI asked respondents to list the three key skills required for an ideal compliance officer in 2020.
TRRI extends its thanks to all respondents along with a continued assurance the responses will remain confidential unless explicit permission to include an anonymized quote has been received.
“I hope – indeed expect – that the 2020s will be the decade when all firms and boards put conduct, culture and customers firmly at the top of the corporate agenda. […] As compliance professionals, you have a vital role to play in being firm and decisive in the execution of your essential duties and reminding leadership teams that they are accountable for the behavior and culture of their firms.”
Derville Rowland, director general, financial conduct, at the Central Bank of Ireland, January 2020
2020 marks 25 years since the collapse of Barings Bank and it would seem that everything and nothing has changed in financial services. There is still a huge amount of regulatory change seeking to ensure both financial stability and good customer outcomes. At the same time there have been numerous rogue traders, mis-selling scandals and a financial crisis which rocked the world economy and triggered another round of change, including a proliferation of personal accountability regimes with a view to driving better, risk-aware forms of behavior by senior managers.
The cycle for financial services firms is turning again. Firms are facing an extraordinary challenge posed by the novel coronavirus, and also climate risk and technology. Potential budget constraints threatens to make these challenges more difficult to handle.
Compliance functions had become accustomed to being appropriately resourced. Since the 2008 financial crisis, substantial resources have been allocated as firms have sought to ensure compliance and financial stability. That trend was borne out by the results of the annual TRRI cost of compliance survey reports over the last decade.
The broadly strong trend on resources was first called into question by polling for a series of three regional TRRI webinars in the autumn of 2019, when a global average of 14% cited budget constraints as the greatest challenge for financial services firms in the coming year. This rose to 26% for the poll in the UK and Europe webinar.
Budgets and the skilled resources available to compliance functions are inextricably intertwined. It is essential that risk and compliance functions have, and maintain, access to appropriate expert and skilled resources, preferably in-house, to enable the identification, management and mitigation of risks the execution of compliance monitoring and other activities.
Without an appropriate budget for the compliance function, firms will begin to lack the skill sets required for the future regarding the ramifications of COVID-19, climate risk, data science and technology. Budgets need to be sufficient for firms to invest in day-to-day compliance activities, to update essential skills and be able to deploy technology to improve compliance efficiency.
Insufficient compliance budgets could also lead to problems in terms of liability. Several jurisdictions including the UK, Australia, Ireland, Singapore and Hong Kong, have either implemented specific accountability regimes or are considering doing so, all seeking to eradicate misconduct from financial services firms. Without sufficient skilled resources underpinned by an appropriate compliance budget, senior individuals will be increasingly vulnerable as they are held to account, personally, for regulatory breaches.
The potential vulnerability of compliance officers themselves is likely to be exacerbated by any undue budget reductions. The compliance function itself may have to take the lead in determining how best to manage the rise in individual accountability. Compliance officers should first consider how best to manage their own personal regulatory risk. Once their own risk management infrastructure is in place, they will be better able to advise other senior managers on the best or better practices associated with managing personal regulatory risk. They will then be able to return their focus to the day job of firm compliance.
Compliance officers cannot, and should not, manage regulatory risks alone. They must be supported by their boards and other senior managers through the provision of an appropriate budget and other resources.
The need for skilled in-house compliance officers has already been discussed. The need for other senior managers to be equally skilled is also pertinent. Board members are not expected to be risk and compliance experts; however, they should have sufficient knowledge and awareness to understand the need for the compliance function to be resourced as well as the skills to set an appropriate risk appetite, drive a strong compliant culture, constructively challenge all risk and compliance reports and engage successfully with regulators.
It is overly simplistic to say that a squeezing of compliance budgets in the years running up to the financial crisis was a root cause. However, a lack of skilled in-house compliance resources cannot have helped firms which were facing extraordinary times. 2020 will be seen in the same light, this time because of the disruptions of COVID-19.
Under such circumstances, appropriate resourcing and allocation of budget to the compliance function cannot be allowed to dwindle. The “cost” of compliance may be considered high, but the costs of non-compliance are much higher both for firms and for individuals.
2020 will be another challenging year for financial services firms, we hope you find the 11th annual cost of compliance report useful in developing and benchmarking your firm’s risk stance and compliance practices.