Effectively managing the rising cost of compliance
Compliance costs are rocketing, with some firms spending as much as $1bn a year to fight financial crime. John O’Hara, CEO and co-founder of Taskize, explains the challenges and why, back-office staff must have the tools to function as a well-drilled pit crew to manage manual interventions caused by compliance alerts.
When it comes to identifying the cause of banks’ rising operating costs, fingers are pointed in many directions. Capital constraints imposed by Basel III are often blamed for tighter budgets and withdrawal from business lines, while the cost of adapting legacy systems to the increasingly real-time and digital expectations of end-users is a major consideration for any bank’s c-suite executives.
There is a strong argument, however, for placing financial crime compliance high on the list of capital- and resource-intensive challenges for banks. For well over a decade, governments have obliged banks and other financial institutions to introduce a broadening array of know-your-customer (KYC) and anti-money laundering (AML) checks to prevent criminal use of the global financial system. Over time, what started as the imposition of more paperwork at the account opening stage has rapidly ballooned to become almost an industry in its own right.
While few would doubt the correctness of their intentions, governments have gradually co-opted banks into playing a key role in their intensifying battle against rogue states, terrorist organisations and other criminal groups. The cost impact of increased AML/KYC due diligence, fraud prevention, sanctions screening requirements, to name a few of the compliance requirements facing banks, is threefold.
First is the sheer cost of implementing new policies and processes, which necessarily start off as highly manual, but often remain so through a mixture of internal inertia and complex, evolving external requirements. British Bankers’ Association research suggests most major international banks are spending between £700m and £1bn annually on financial crime compliance. Second is the fines imposed by governments for breaching sanctions or AML/KYC rules, which have reached into the billions for individual banks. According to the US Government Accountability Office, financial institutions were fined $12bn between 2009-2015 for violations of US AML and sanctions laws. Third is the incalculable cost of business foregone, as banks ‘de-risk’ their businesses – notably their correspondent banking relationships – to be certain of meeting compliance obligations.
Add to these the cost of keeping abreast of the cyber-security arms race and the need to closely monitor front-office information flows in light of growing conduct and transparency requirements and it’s easy to see why compliance budgets are rocketing. Moreover, there is every reason to expect financial crime compliance requirements to continue to grow and evolve further in the coming decades. Speaking at the Sibos banking conference in Geneva recently, HSBC chief legal officer Stuart Levey asserted that financial sanctions had proved their worth as a tool of diplomacy via the deal brokered between Iran and leading global powers on the former’s nuclear programme.
This means sanctions are here to stay, according to Levey, previously first under-secretary for terrorism and financial intelligence at the US Department of Treasury under Presidents Bush and Obama. For the foreseeable future, banks must get used to ensuring their clients do not inadvertently breach sanctions, and will need to work closely with governments to improve their efficiency and efficacy, said Levey.
Sanctions screening, like most aspects of financial crime compliance, gets more complicated the closer you examine the underlying practices required to meet regulatory obligations. Most banks work in multiple jurisdictions and as such must comply with the sanctions requirements of multiple governments, which will never be consistent and may even conflict. Similarly, there are numerous AML/KYC requirements imposed by national regulators, providing numerous reasons for transactions to be flagged and checked, delaying processing by an average of three hours. Again, this complexity lends itself to highly manual – and inefficient – processes within banks.
No wonder many of the other discussions at Sibos – which reflect the intensity of debate within the industry a whole – focused on cutting the cost of financial crime compliance. Some debates centred on the use of industry utilities to centralise flows, other considered the merits of closer cooperation between AML and fraud silos within compliance teams; still others mulled the increased use of artificial intelligence and machine learning to further automate compliance checks. All participants, however, understood the urgency of the need for greater efficiency by banks in meeting compliance requirements, implicitly or explicitly acknowledging that both skilled human and tailored technology resources would be required well into the future.
In many respects, the challenges of financial crime compliance bear comparison with banks’ other middle- and back-office headaches. Neither are regarded as significant sources of competitive advantage, but both can represent significant operational and reputational costs if executed incorrectly. Moreover, large-scale solutions like those discussed at Sibos may play a key role in lifting the compliance burden, but smaller, quicker steps can also make a big difference.
For example, enabling compliance staff to collaborate on key tasks via a transparent, secure and auditable platform can improve speed and efficiency when dealing with transactions that raise compliance flags. Many alerts thrown out by sanctions screening systems or KYC/AML applications are false alarms, but many are borderline cases that may require discussion between team members and even between departments and organisations.
This can lead to delays of days if not weeks as discussions are held across multiple parties and communications channels, with briefings and updates required at every level of escalation. Such alerts can be resolved far more quickly and efficiently if all authorised parties – including clients if appropriate – can engage across a single customisable application that guarantees security through robust onboarding processes and encryption of interactions, and provides real-time visibility on the status of individual transactions or cases. With the right tools, middle- and back-office staff can tackle compliance alerts and other transaction breaks or fails with the speed and accuracy of a pit crew – but at substantially lower cost.
In the compliance sphere, banks are caught between the twin imperatives of facilitating client transactions and meeting regulatory requirements to combat financial crime. In the current business environment, they are under pressure to achieve these objectives with the maximum efficiency. Those that harness today’s technology innovations to empower the middle and back office will be well placed to keep regulators and customers satisfied.