November 1991 marked the beginning of recorded time for compliance programs, when Congress enacted the U.S. Federal Sentencing Guidelines for Organizations, essentially compelling U.S. corporations and financial institutions to formalize effective compliance programs.
Since then, investments in personnel, technologies, and controls to develop and operate effective programs have charted a steady incline on the cost curve, with no signs of abatement yet in sight.
At the micro level, many organizations continue to attack that curve, trying hard to bend it in a downward direction. The boards of several of the largest global banks have mandated compliance departments to stem the tide and bend the cost curve at their own institutions. These cost-cutting edicts extend to north of $1 billion annualized. That’s not the operating budget, that’s the cut!
At the same time, Chief Compliance and Anti Money Laundering Officers remain charged with managing their institution’s regulatory and financial crimes risks under the constraints of fewer resources, legacy systems and workflow tools, manual processes, and disparate data sources.
Consequently, the current state of the financial services industry largely reflects operational inefficiencies, and expenditures that are ineffective at achieving the compliance mission.
Naturally, with many institutions having aggressive cost takeout targets, it is vitally important to identify the key drivers of cost reduction without ceding effective service delivery or risk management.
The largest drivers of cost tend to accompany remediation, particularly when mandated by regulators through Matters Requiring Immediate Action (MRIAs) or worse, enforcement actions. Under the duress of time constraints and threats of fines and penalties that can impact business growth, new product introductions, or a license to operate, management tends to overspend, or spend in an un-thoughtful way in order to “make it go away”.
Worse, being ordered to operate under the watchful eye of a federally mandated monitor drives costs higher, longer.
The lesson here is to run a compliance program effectively in the first place, so as not to get behind this eight ball. It is too easy to lose control of costs when having to hire external legal counsel, consultants, and contract labor to address a significant regulatory action and demonstrate sustained performance in curing it.
In BAU mode, key levers of compliance costs gravitate around systems, processes, and data. Designing and managing these components thoughtfully will avoid bloat in staffing levels that invariably ramp up dramatically for remedial projects and then must be scaled back upon reaching the point of arrival.
Legacy systems allowed to outlive their useful lives create chaos and inefficiency in the forms of manual workarounds, consolidations, and non-integrated data sets due to lack of interface.
Typically, human capital is deployed to compensate for the inefficiencies, performing comparatively menial task work in place of critical analysis and risk management duties. Headcount expense bloats as a result and, left unchecked, repeats over multiple operating cycles.
Overlapping and redundant systems are another cost-sucking condition that tends to result from inertia when businesses and functions are not integrated following acquisition. Their upkeep, on parallel tracks, along with personnel having to deal with duplicate or inconsistent output, also inflates headcount-associated operating costs.
Smart capital investments in current and centralized technology will provide return on those investments in the form of permanent and repetitive reductions in annual operating expenses.
Processes that are manual in nature, or inconsistently applied, generate much human error and unacceptable results outside established or acceptable norms. The cost of making an error is the expense incurred in having to correct it.
When error-prone processes involve low-value, high volume tasks, they become prime candidates for automation — particularly, robotic process automation that can drive significant saves in unit costs while reducing error rates.
When is the last time you heard a compliance leader speak about delivery of outcomes in terms of unit cost?
Poor data management and governance practices can result in issues around data quality, completeness, or integrity, all of which can drive up the cost of compliance through the need for extensive validation, collection, or remediation. These situations are often accompanied by repetitive and dissatisfying customer interactions.
A word to the wise: get your data right at customer on-boarding, and endeavor to keep it current by following through with the refresh of customer due diligence profiles on a defined, regular cycle.
Doing so will avoid costly data clean-up exercises, hiring of surge labor to do so, and significant down-stream effects in the form of inadequate alerting and reporting of suspicious activity.
Customer data is owned by the business, not Compliance, but Compliance must insist on highly effective governance standards and practices if the costs of compliance are to be reigned in, contained, and kept from bloating.
The solution to bending the cost curve of compliance lies in the form of good governance.
Thought Leadership Series
An Article by Mr. Gary Ferrari, CAMS
Executive Advisor for Strategic Markets
Mr. Ferrari has been an Executive Advisor for Strategic Markets at THE DATA INITIATIVE since June of 2019. He is also a consultant on financial crimes risk and compliance matters. Mr. Ferrari has had an extensive and distinguished career in financial services and consulting; having held executive roles at Ernst & Young, American Express, Standard Chartered Bank, Citi, and GE.