From Penalties to Best Practices: The True Cost of Compliance

Over the past two decades, the banking industry has faced staggering penalties for non-compliance, totaling an astonishing $387,559,149,283 (source: Violation Tracker). This colossal sum underscores a pressing issue: despite numerous efforts, the financial sector continues to grapple with compliance, with no signs of the penalties decreasing. Every day, new reports surface of financial institutions being fined by regulators worldwide.

The challenge of achieving compliance in the financial sector cannot be overstated. Regulations are inherently complex, often ambiguous, and vary significantly across different countries and regions. This complexity is compounded by the rapid pace at which new regulations are introduced. For instance, the European Union has recently implemented or is defining several new regulations such as the Digital Operational Resilience Act (DORA), Payment Services Directive 2/3 (PSD2/3), Markets in Crypto-Assets (MiCA), Central Electronic System of Payment Information (CESOP), General Data Protection Regulation (GDPR), European Accessibility Act (EAA), and the EU Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) package. Each of these regulations demands meticulous attention and adaptation from financial institutions.

Furthermore, the financial industry operates in a delicate balance between being compliant, customer-oriented, and profitability-driven. Achieving full compliance can sometimes impede the ability to serve customers effectively and maintain profitability. As a result, banks often take calculated compliance risks to ensure business continuity and customer satisfaction. This precarious balance creates a scenario where financial institutions are "damned if they do and damned if they don’t."

However, it is important not to cast Compliance in a too negative light. Compliance ultimately serves to protect customers, ensuring they receive financial services and products that are in their best interests and that their money is secure. Additionally, every regulatory change offers banks an opportunity to optimize their systems and processes, enhancing customer service. High compliance standards and the associated banking licenses also create barriers for new entrants, providing incumbent banks with protection from new competitors. While this may not be so positive for society, it is extremely valuable for banks (cfr. an "economic moat" as popularized by Warren Buffett).

At the rise of the Fintech boom, it was predicted that modern Fintech companies (neo-banks) would disrupt the market and outcompete incumbent banks. A decade later, Fintechs have indeed pushed the digitalization and user experience agenda at major financial institutions, but few incumbent banks have been threatened by neo-banks. Compliance is a significant reason for this. Many neo-banks still struggle to obtain necessary banking licenses (e.g. Revolut still operates without a banking license in the UK). Additionally, these neo-banks are under increased scrutiny from regulators, resulting in several significant fines for compliance breaches in recent months. This demonstrates that technology alone is insufficient to resolve the complexities of regulatory compliance.

Compliance is a complex puzzle involving:

• Correctly understanding and interpreting all regulations (deep regulatory expertise)

• A robust risk framework to identify, analyze, quantify, and mitigate risks

• Implementing robust processes

• Ensuring adequate training of all employees

• Maintaining accessible and high-quality data

• Investing in technology to support all compliance processes (such as regulatory reporting tools, AML/KYC engines, and fraud engines)

• Building good relationships with regulators

• …​

Each piece of this puzzle is crucial, as compliance is only as strong as its weakest link. Even with a comprehensive focus on these elements, banks will struggle if they tackle this challenge in isolation. Collaboration between financial institutions is crucial to reduce costs and find synergies. By working together, banks can share best practices, pool resources, and leverage collective expertise to tackle compliance more effectively.

RegTech (Regulatory Technology) companies play a vital role in this collaborative approach. By offering Business as a Service (BaaS) models, RegTech firms help banks leverage the efforts and expertise of their peers. This not only reduces the burden on individual banks but also fosters a more cohesive and efficient compliance ecosystem.

Ultimately, collaboration in compliance offers significant benefits, reducing costs and improving the quality of outcomes considerably.