Compliance 2.0 needs to be about more than automation. It requires adequate market infrastructures and the fostering of common norms and standards.
During a recent Sunday family lunch, my father suddenly asked me: “In your new job, you are in charge of verifying that banks follow their rules. Tell me, are they allowed to ask me all of these intrusive questions?” He handed me a substantial pack of paper – a suitability questionnaire, combined with updated Know Your Customer (KYC) documentation requests.
Before I had time to explain that his bank was obligated to collect all of these documents for his own protection, he added: “You tell me that they do all this in order to know what they can NOT sell to me? That is totally mad!”
Anyone working in the financial world has similar anecdotes, prompted by a surge in regulation of all types. In this emerging ‘new normal’ environment, an unexpected category of bankers has blossomed: compliance officers. These bankers are tasked with navigating hundreds of rules, protecting clients and the integrity of markets. Not only have their missions become more prominent, their number has increased by the thousands in a matter of a few years.
From its initial challenge of deciphering thousands of pages of new regulations, the compliance function’s effort is gradually shifting to implementing and processing information – a ‘Compliance 2.0’ phase. These processes are still largely human-intensive. When the banking industry has faced sudden surges in volumes of human-intensive processes in the past, it has structured its response around three pillars: creating adequate market infrastructures; fostering common norms and standards; and focusing on automating processes.
All three steps seem very relevant again when discussing how to take compliance processes forward. However, not all three pillars are being granted the same level of attention, with the automation of processes capturing most of it. It would be beneficial to the industry to progress the other two pillars. Although less fashionable, they are likely to be instrumental in achieving leaner compliance monitoring in the long term.
One such attempt is SWIFT’s KYC Registry, which went live in early 2019. This centralised register of KYC data and documents prevents every institution from having to establish multilateral processes to collect such data as and when needed.
Creating such an infrastructure required the whole industry to agree on a minimum set of rules and standards. To go further, local regulators will most likely need to converge towards international standards. Such a market infrastructure could extend beyond the fields of KYC to transaction surveillance more broadly.
These suggestions would help financial institutions enhance efficiency and the client experience. They would also help them optimise compliance costs, which can represent up to 15% of banks’ total spend. During the initial surge of new regulations, this was seen as a ‘cost of doing business’. However, compliance costs can be vastly optimised, notably by designing ‘end-to-end’ business processes that embed compliance checks.
In the new battle to restore competitiveness, there will be those that make it and those that don’t. Experience shows that those institutions embracing the challenge and taking a leadership role are often best placed to succeed.