As we enter the year in which we will celebrate the 10th birthday of the G20 plan to make our financial services sector safe the agenda for compliance and how it leverages RegTech is being reset at a board level by many financial services actors in parallel.
This article explores 5 drivers for RegTech 2019 and frames the debate we will be having at our 7 June RegTech Capital Markets annual conference.
Based on our industry groups and senior management discussions, it appears fear of direct adverse consequences from non-compliance with recent regulation has dropped significantly – at least for the moment. Last year UK Financial Conduct Authority regulatory fines were noticeably down, and the number of enforcement cases pending also has raised some question.
However, the FCA has issued two whopping fines this year for 10 years of poor MiFID I reporting, and consequence for systemic failures have gone up; for example the $1.27bn Soc Gen settlement with US authorities for surveillance failings. It would, therefore, seem a bit of a stretch for the management team to go to the board and argue for a reduced compliance focus.
Especially when we continue to see high volumes of regulatory noise and know that the regulator will be back at some point for ‘legacy misconduct’. Next time, they will come armed with the Senior Managers & Certification Regime (SMCR) in place, which mean those at the top could be banned for life or even go to jail.
Although the high fines stemming from the 2008 crisis were not sustainable, the culture and tone at the top has begun to change. At least it should have, given the FCA’s unrelenting focus on individual accountability. Precisely how senior management will now manage compliance differently and what that means for the compliance function is unclear, however.
Markets are jittery and political uncertainty is even higher than usual. However, one C-suite issue that is unwelcome by compliance has become a focus: the cost of compliance itself. Bain & Co estimates that Governance Risk and Compliance (GRC) spend accounts for 15-20% of “run the bank cost”, and 40% of “change the bank costs”.
Armies of compliance staff are now required to run the firm and the standing armies brought on to help with the last three waves of major reform programmes are still there.
Surely by now, with total wage and advisory bills for compliance into the billions, RegTech should now be part of the capital allocation programme at the Board level
3. Comprehensive change
Think about it, given the breadth of the compliance demands, the argument to give the board a compliance budget is not at all farfetched. Not only is the firm having to clean up the mess that was made over a decade of rushed implementation efforts, but they are also dealing with the ever-growing new demands from regulators which affect the entire business:
- Better transparency to the markets (e.g., SFTR, EMIR Refit, CAT, Hong Kong, Lexit)
- Protecting the customer and regulating conduct (e.g., MiFID II, global whistleblowing initiatives and SEC Investment Adviser Standards of Conduct)
- Tackling new threats and vulnerabilities (e.g, cyber, BigTech)
- Protecting the financial system (e.g., AMLD V)
- Increasing firm accountability (e.g., SMCR, TRIM, BCBS 239)
Given the importance of this agenda, why should investors not be taking RegTech capabilities into account as part of their analysis of environmental social and corporate governance (ESG) factors?
4. Criteria for success
In sort, the demand for better compliance will demand better RegTech. So… are we getting real enough about how we govern RegTech?
There are some thought leaders in this new sector, and they are starting to shape the industry’s thinking – often with real, tangible results that have been ‘proven’ in test environments or ‘sandboxes.’
While the UK continues to be at the forefront, it is no longer alone in wanting to disrupt the way that rules are made, and compliance is judged. Real RegTech activity is taking place in Asia Pacific, the Middle East and, despite the budget challenges, the US.
However, we face a fundamental dilemma in 2019: how does one take limited resources for compliance and allocate them to the greatest effect?
The toys in the RegTech sandboxes look great and would be nice to have, but are they developed enough to prioritise this year? How can RegTech projects attract funding from boards faced with all the demands for remediation and new regulatory-change projects? What criteria will the ESG factors consider and what measures will be tallied?
As any good COO will tell you, the answers to these questions are driven from a number: ‘show me the benefits and savings from RegTech.’ Ok, so where do you find it? Simple, even the regulator is declaring that “If data is King, then automating processes which previously required mindless and error-prone human effort is the critical work of the King’s Court”.
Making the business case is not hard, the challenge is resetting the objectives at the top. For the regulators this means moving away from thematic technical projects (e.g., Techsprints, Science Prizes) and establishing official change programmes that will help the industry institutionalise new methods like regulatory reporting. It means getting serious about the way in which rules are published and handbooks are made accessible to machines in language that they can understand. Perhaps most importantly, it means getting serious with each and every policy effort underway in 2019 about how it incorporates good RegTech principles – even if this means inviting the techies into the early policy debates (shock, horror).
5. ‘compliance’ as a verb
For the financial institutions, objective setting should be easier, but will not be without pain.
The key is a fundamental change in mindset at the top for the accountability and management of regulatory change as an ‘end to end’ process. In other words, rather than relegate compliance to an organisational function (or noun with a capital C), make it part of everyone’s job – i.e., compliance as a verb.
To accomplish this, the C-suite needs a mechanism to filter the regulatory noise and turn it into actionable insight. This mechanism, like anything in banking will be part people, part process, and a part new technology. Just like straight through processing (STP) in the 90s, Regulatory STP will drive big benefits through automation and AI.
On 7 June at our annual conference in London we will have discussions about all three sets of board priorities: the supervisors’, the firms’ and the technology companies’.
We are very pleased to have three leading regulators from the UK and Germany discussing what impact a digital regulator will have on the industry. We will cover the new approach to regulatory oversight implied by the shift from analogue to digital methods and what lessons can be learnt from exploring these changes thus far.
The next panel will feature market experts from leading firms and suppliers discussing what resetting the bar for compliance across the enterprise means to their shareholders. We look forward to hearing what the experts have to say and framing an excellent debate about RegTech priorities for 20201.