Why is regulatory compliance so painful?
Regulation places the greatest burden on those who comply. The impact of KYC (know your customer) and AML (anti-money laundering) regulations is a good example. We’ve all experienced the frustration of having to repeatedly prove our identity to institutions we’ve dealt with for years.
We generally accept this burden with good humour because we understand the rules are there to help fight financial crime. But, here’s the rub, less then 1% of illicit money flows worldwide are ever identified and investigated.
It’s a similar story with almost all regulation. The individuals and organisations that play by the rules carry the lion’s share of the regulatory burden. A disproportionate share of the time, effort and cost of compliance is born by the most compliant, while only a small percentage of the machinery of regulation bears down on the miscreants, who often operate completely outside the regulatory framework.
Of course, this isn’t an argument against regulation. It’s a plea for more efficient and effective compliance. It’s in everyone’s interests to design systems and processes so the vast majority are compliant and easily demonstrated to be so, while the minority of non-compliance is prevented (the best-case scenario) or identified and addressed quickly and accurately (i.e. no false positives).
In essence, the challenge facing both the regulatory authorities and the companies being regulated, is to ensure the regulation does what it is intended to do – improve consumer protection, improve market stability, prevent fraud and criminal activity etc. – and not simply create a monitoring and reporting industry. In other words, focus on the intentions of regulation and the outcomes of regulatory compliance.
What is the remedy?
The good news is we now have the tools to do precisely this. AI and robotic process automation, data science and machine learning technologies are increasingly being used to ensure and demonstrate regulatory compliance. These “regtech” innovations are driving huge improvements in the efficiency, accuracy and effectiveness of compliance programmes across all affected industries, especially in financial services but also in pharma, food production, energy, transport, telecoms, etc.
As a consequence, there is a second wave of compliance transformation sweeping across these industries, as companies make use of these new technologies. This transformation is characterised by three unifying themes:
- Companies are increasingly standardising and systematising their approach to regulatory compliance, to avoid the duplication and inefficiency that would otherwise arise from the never-ending stream of regulations.
- One key part of this is the process of horizon scanning to ensure upcoming regulatory changes, be they new regulations or changes to existing regulations, are anticipated and assimilated efficiently and effectively.
- Another vital aspect is the use of automated content management and workflow tools to systematise and standardise the implementation of regulatory changes. The objective here is to ensure a single, golden version of the truth, and automate its adoption globally, regionally and locally, while accounting for differences between jurisdictions with the minimum of additional effort.
Integration of compliance and operations:
- Companies are increasingly focusing on compliance risk management in conjunction with their broader approach to operational risk management. This has the twin benefits of bringing compliance more into the mainstream of operations (rather than being seen as a separate activity) and of ensuring an integrated, top-down view of operational risk that includes compliance risk.
- This approach also enables compliance requirements to be integrated into customer journeys that are optimised for the benefit of the customer and the organisation, rather than bolted on (to the detriment of both as is so often the case today).
Focus on outcomes:
- Companies, and regulators, are increasingly focusing on measuring the intended outcomes of regulation and compliance (rather than just the act of compliance itself) – e.g. not just “are we compliant with AML regulations?” but “what impact are we having on money laundering?”
- This is where the use of advanced data analytics and AI can play a major role. Enabling the efficient identification of non-compliance events proactively, in near real time, rather than reactively, after the event, and with a laser focus rather than relying on random sampling.
So, in an ideal world…
If companies and regulators work together to fully exploit these new technologies, the burden of compliance could be radically shifted.
In an ideal world, the only people who would be inconvenienced by compliance processes would be the non-compliant; 100% of the time and money spent on compliance would be focused on the bad-actors; and banks wouldn’t ask for original paper copies of bank statements to open paperless bank accounts.
In the meantime, I will keep to hand my passport and two recent utility bills.
Andrew Simmonds is Consulting Director at Clustre – the innovation brokers – www.clustre.net