Re-emerging from the gloomy banking and financial crisis of 2008, a lot changed across the world (as it will again in the aftermath of the current pandemic crisis). The economy, markets, and their governance saw deep changes We started to live in what was then called a new normal. One of the far-reaching changes and a sustaining feature of this new normal for us in the banking and financial services world is the change in regulatory approach and supervisory practices! A more prescriptive but risk focussed regulatory regime is now the norm. As a result, regulators insist, as a minimum, on adequate and effective risk management by banks/institutions … that has to be backed by a demonstrated system of supervision and controls in banks to ensure such risk management. At the same time, a long-standing belief, that markets inherently correct themselves and financial institutions are generally responsible participants and good corporate citizens, was irrevocably shaken. This led to regulators adopting a more hands-on and ongoing approach to regulatory supervision inasmuch as their reviews and scrutiny of the banks/ institutions are now even more penetrating and intense. Even as customers’ trust in the banking and the financial world came at a premium affecting business, the indulgence and tolerance from regulators and governments disappeared as we saw exemplary disciplinary action leading to debilitating financial and nonfinancial deterrents for those lagging and non-compliant.
The substantially changed regulatory compliance landscape for banks/financial
Institutions. thus, featured-
⦁ An onslaught of justified but numerous, new risk-based, prescriptive regulations to understand and implement.
⦁ Complex new regulatory reporting requirements on financial and non-financial risks.
⦁ Industrial efforts to implement an effective matrix of processes, controls, and governance to ensure ongoing adherence.
⦁ Ongoing and close regulatory interaction through supervisory reviews and assessments.
⦁ Regulators moving the technology needle on risk assessment and risk ratings of banks making regulatory intervention prompt and timely.
In the process, Compliance functions, so far enacting an advisory/guidance role, had to go beyond to play a more hands-on, preventive compliance role too –
⦁ Facilitate a framework of preventive controls.
⦁ Carry out an ongoing risk assessment, monitoring, and testing activity.
⦁ Augmenting its resources with bigger and diverse teams.
⦁ Enhancing and acquiring a diverse set of skills ranging from project management, control design, risk management, and control to review and audit capabilities
⦁ Assuming (a hitherto alien) burdensome administrative role, coordinating within large teams/with stakeholders across the firm, tracking status/progress updates, influencing timely action/implementation, and management reporting.
Today it seems like we have already come a long way and nothing is new anymore. This is a regulatory regime we are already living with. We seem to know what is expected and somehow have scrambled to meet these expectations. Or have we?
We had a few options to respond to the compliance challenges. Typically, and as an immediate reaction, most banks across the globe threw a huge amount of human resources to this task. While it was the easiest (though costly) and immediate thing to do, dependency on manual efforts were not necessarily sustainable and made the entire compliance effort ad-hoc and reactive. By their very nature, manual processes are not necessarily amenable to standardization and quality levels are not sustainable as complexity increases.
Also, obviously they are not scalable and efficient (even as demands on the compliance and adherence process increased on an ongoing basis).
And a disproportionately large administrative activity meant that the compliance bandwidth was less focussed on its more critical risk management and review functions. At times, the approach focussed more on meeting regulatory timelines than a pro-active understanding of risks and appreciation of controls required. Even as the regulatory supervision was technology-driven, the compliance and adherence frameworks remained resolutely manual.
This points to a widening gap between the regulatory expectations and the ability/capacity of banks and their compliance functions to meet these expectations
A more sustainable and obvious alternative was to be smart and look for efficiency, systematization, and scale through technology-driven and digital platforms that would optimally utilize and supplement scarce compliance bandwidth and skillsets. Regulatory oversight is now technology-driven. Banks are following digitization trends set by new-age fin-techs. Gradually, efforts at using technology solutions in regulatory compliance have grown and a whole area of reg-tech solutions has emerged. However, even after almost a decade, holistic solutions to compliance challenges have been few and far in between sometimes covering narrow reporting processes and/or niche bottlenecks without addressing the full life cycle of the complex compliance processes or harnessing the full potential of modern technology and data capabilities!
This, despite the fact that banks are constantly challenged by increasing costs of compliance further frustrated by existing inefficient processes. Possibly the larger problem area of a broken controls framework pre-empted all management attention and resources.
Nobody, therefore disputes that the need of the hour is to be smart about it. Regulatory adherence and risk management is not an area that can brook any compromise! Like in every other sphere of activity that lends itself to complexity and volume, automation/digitization using cutting edge technologies and leveraging data seems to be the timely and commensurate response. It’s time to put technology to work and harness such a comprehensive solution!