Skip to content
Compliance & Risk

Cost of Compliance Survey 2019: Nothing is certain except regulatory change

Susannah Hammond  Senior Regulatory Intelligence Expert / Theta Lake

· 5 minute read

Susannah Hammond  Senior Regulatory Intelligence Expert / Theta Lake

· 5 minute read

It has been 10 years since the great financial crisis and its aftermath led us into an environment that has been characterized by change, change, and more regulatory change

And it has been risk and compliance officers that have risen to and sought to manage the continuing challenges informed by the annual Thomson Reuters Regulatory Intelligence (TRRI) Cost of Compliance Survey report.

The Cost of Compliance 2019 report has become the trusted voice for risk and compliance practitioners around the world. Over the lifetime of the report, there have been almost 6,000 participants and more than 40,000 downloads of the report by financial services firms, global systemically important financial institutions (G-SIFIs), regulators, law firms, domestic governments, and consultancies.

The unparalleled interaction with the global financial services industry and the frank and wide-ranging concerns shared by practitioners continues to bring unique insight into the practical reality and challenges faced globally by risk and compliance officers.


Read and download the annual Thomson Reuters Regulatory Intelligence Cost of Compliance Survey 2019 report.


Today’s financial firms are dealing with regulatory uncertainty, the rise of personal accountability, continuing enforcement action, and the impact of technology. Through that all, these firms seemingly have recognized that in order to have the best chance of thriving into the medium term, they need their risk and compliance officers to have an increasingly enhanced role within the business.

Compliance officers can continue to expect to face complex challenges in the year ahead with regulatory change identified as the single biggest concern, according to the survey. For 2019, the most commonly cited challenges included: increasing regulatory burden; financial crime, anti-money laundering (AML) and sanctions compliance; culture & conduct risk; and the adequacy and availability of skilled resources.

Broadly in line with compliance expectations, the biggest challenges facing boards of directors in the coming year include keeping up with regulatory change, cyber-resilience, personal accountability, and culture and conduct risk, survey respondents noted.

Focus on Risk

Since the financial crisis, financial services firms have seen unprecedented levels of regulatory change as governments and policymakers have sought to ensure that a similar global downturn could not happen again.

Ten years ago, there was an understandable focus on financial stability, and, in policy terms, that led to the creation of the Financial Stability Board (FSB),  a supranational body that sets the policy direction  for  financial services firms around the world. It is to the FSB that risk and compliance officers now look to as the original source for much of the regulatory change continuing to be introduced around the world.

There are three key areas where the role and expectations on the compliance function have dramatically changed over the last 10 years:

  • Culture and conduct risk
  • Personal liability
  • Technology

The inclusion of culture and conduct risk in the stated regulatory expectations around the world has become the new normal with financial services investing heavily to tackle the how as well as the what with regards to substantive issues such as firm culture, sales practices and how best to consistently demonstrate the required good customer outcomes.

Over the last few years, culture and conduct risk issues are no longer being considered as a separate and distinct area of risk and compliance, but rather they have moved much closer to being seen as inherent in the business — and treated as such.

Indeed, the capacity to be able to demonstrate a strong positive culture in action, as well as the ability to mitigate any conduct risks arising, has become a required core competency for firms and their compliance officers with all of the challenges associated with a qualitative, rather than a quantitative, issue.


“Looking to the future, banks and their boards cannot afford to be complacent about their trust and reputational problems, especially in light of emerging competition from alternative providers. Further, as the G30 has pointed out, the reputational fallout from misconduct is often not limited to the offending institution but has a contagion effect on other players. It can also damage the wider economy if money that banks might otherwise have lent to personal and business borrowers is swallowed up on fines for misconduct and related costs.

Derville Rowland, director general of the Central Bank of Ireland, in a speech, The Senior Executive Accountability Regime: The Central Bank’s Expectations and Insights for Boards in May 2019


On personal liability, there has been an inexorable rise in the implementation of accountability regimes around the world. Substantive regimes have been introduced in Australia, Hong Kong and the UK, with Ireland and Singapore in the planning or consultation stages. As with so many aspects of regulation, the compliance function may well take the lead in determining how best to identify, manage, and mitigate the rise of personal liability in financial services firms with the added complexity of having to accommodate evolving culture and conduct risk expectations.

While accountability regimes cover all senior individuals in a firm, compliance officers are continuing to expect an increase (60% in 2019) in their own personal liability.

Technology: the Greatest Challenge

Perhaps the greatest change to compliance regimes in terms of remit, expectations, and terminology over the past 10 years continues to be technology. In 2019, fintech, regtech, insurtech, suptech, and bigtech all gained common currency alongside all things cyber. Risk and compliance functions have had to consider and deal with substantive issues before firms can begin to realize the potential benefits offered by technological innovation.

The successful deployment of technology and the ability to automate future compliance activities is one of the greatest potential innovations for the next 10 years. While there will be numerous challenges to overcome, there are huge possible benefits to firms and their customers alike from solutions deployed successfully on a secure IT infrastructure by highly skilled in-house specialists. Much of the benefit is focused on process with the potential to automate with increased accuracy and speed. The endgame is, of course, smoother, more efficient operations, that then allow risk and compliance functions to focus on more ‘value-add’ matters.

Thomson Reuters Compliance Learning