The compliance units within financial services firms are facing challenges from multiple fronts, including new rules and regulations, in the coming years.
The financial sector devotes far more resources to compliance than it did a decade ago, and almost two-thirds (62%) of respondents to the recent Cost of Compliance survey said they expected their budget to increase at least slightly in 2022. Against that, the volume and breadth of regulation have grown while technology is creating new markets, products, and threats, meaning even generously-resourced teams can be stretched too thin for safety.
The recoil from the 2008 financial crisis changed compliance’s standing across the world. Governments reversed light-touch policies and once supine regulators harried firms about breaches and anti-money laundering (AML) failings. Not surprisingly, new regulations followed, such as the European Union’s Fourth Capital Requirements Directive, the Market Abuse Regulation, the Fourth Anti-Money Laundering Directive and the revised Markets in Financial Instruments Directive (MiFID II). With more regulation to comply with and dire penalties for breaches ($8.4 billion worldwide for AML alone in 2016), firms boosted compliance headcount and budgets as regulatory focus broadened around the world, notably in the United Kingdom, mainland Europe, the Asia-Pacific region, and the Middle East.
“Substantial regulatory enforcement in the 2010s, especially by regulators and government agencies in the United States, drove significant investment in financial crime functions,” says Tom Salmond, a UK financial services partner at EY. “This was accompanied by multi-year programs to remediate historic issues, tighten up existing policies, implement new systems, and build stronger data and operational capabilities.”
Firms hardly loved the extra expense — a mindset that compliance stops the company from doing business lingered at large firms and persists at some smaller ones — but leaders realized the necessity of the compliance function. Spending on compliance often peaked while firms built up teams and systems, but EU and UK regulators have made it clear they must maintain effective compliance.
“Some firms have reduced teams from previous highs as they were in a change mode and now are in ‘business-as-usual,’” says Mark Spiers, a partner in the regulatory consulting firm Bovill in London. “However, those resources still need to be adjusted over time according to the risks faced by the particular firms.”
A downside of having substantial resources, however, is that senior management assumes compliance can undertake more tasks, especially when economic uncertainty means cost reductions are sought. Today, fresh challenges requiring compliance input include the regulatory consequences of data- and cybersecurity breaches, expanding climate impact reporting, guided investment in environmental, social, and governance (ESG) initiatives, and firms exploring the opportunities of the crypto-sphere.
Further, regulation keeps evolving and compliance has to ensure that its systems and processes will keep up. The EU is overhauling key provisions in some existing regulation, including MiFID II and the Alternative Investment Funds Manager Directive. Also, major new regimes such as the Markets in Crypto-Assets Regulation and the Corporate Sustainability Reporting Directive are expected to take effect in in 2023 or 2024. And the UK’s new Consumer Duty applies from next July, while the Financial Services and Markets Bill proposes substantial changes to the mechanisms of regulation.
To better keep up, many financial firms have split the responsibilities for financial crime and other conduct compliance areas to separate internal units, but those UK practitioners preparing for the Consumer Duty have a busy time ahead of them, Spiers explains.
“The largest challenge for many UK-focused firms at the moment will be the uplift required by the Consumer Duty,” Spiers adds. “This is a large piece of work for firms and will require an assessment phase followed by, in some cases, substantial investment in data and management information capabilities to ensure that the firm is achieving consistently good customer outcomes over the product, service, and client lifecycle.”
Fight for talent
Perhaps the most insidious problem facing financial firms’ compliance functions cannot be solved by chucking money at it, even if firms were willing to. There is an international dearth of high-quality professionals — especially those who combine compliance and rare technical skills. These specialized professionals are in growing demand as the function’s involvement in areas such as digital security, ESG, and crypto-finance increases.
“Compliance teams are facing heavy and increasing workloads, with a scarcity of some very technical skills in areas such as sanctions,” Salmond says.
Skills shortages also affect efforts to make compliance more efficient by using more regtech and AI, because the experts that can bring that efficiency are in high demand across much of the economy.
“The fight for talent runs across the entire ecosystem,” Salmond says, adding that traditional financial institutions, fintechs, technology vendors, and consulting firms are all competing heavily for suitably skilled staff.
Firms should also not expect regtech and AI in themselves to be an instant solution that slashes the need for expensive compliance headcount. Many technology packages have been available for years and most provide a “digital compliance framework” comprised by a range of tools, the majority of which require human input, Spiers notes. “Making compliance easier, achieving good client outcomes, and reducing financial crime at scale requires data and tools to analyze the business — and the interaction of people with the existing technology tools in the digital compliance framework is key.”
Further, like many change projects, adopting new compliance technology puts additional strain on teams in the short term and requires careful planning to implement effectively. Although compliance consulting firms are commonly called in to help financial firms scale up their business or adapt to regulatory changes, they are now frequently commissioned to help firms integrate technology and the human team.
“Our clients are indeed struggling with finding the balance of people and squaring the promise of elements within the future digital compliance framework with the reality of the tools available today,” Spiers says. “We are frequently called to help them implement, tune, or support elements of their digital compliance framework and augment resources to provide that human brain support.”