Financial Services firms continue to see regulatory obligations as a cost of doing business and rely on short term fixes to meet them. This approach will be inadequate when faced with complex regulations, nested organizational structures and sophisticated fraud patterns. Compliance organizations are currently spending 90% of their time collecting and massaging information and only 10% reacting to events and crafting policies.
Compliance, as a proactive business capability, can deliver a huge strategic advantage for organizations, making them more risk aware, more transparent to regulators and capable of reducing the structural costs of operations. This will result in greater financial stability and superior market performance. Companies with greater risk maturity levels have significantly outperformed their peers.
Source: HBR.org How Mature Is Your Risk Management?
Organizations will need to adopt strategies that scale and amplify the compliance organization’s impact. Human skills and knowledge complemented by a data driven culture and modern engineering techniques can help meet these objectives and accelerate your competitive advantage in the market.
A fundamental rethink is required
Albeit counterintuitive, compliance and regulatory demands are highly aligned to a Financial Services firm’s objectives. By taking a holistic view, firms can benefit by maximizing their compliance investments to meet multiple organizational goals.
Regulatory reporting obligations can be repurposed to provide an enterprise-wide risk view
Know Your Customer obligations can be leveraged to develop a single view of the customer
Continuous repricing of risks can drive sustainable margin
Fostering a transparent and accountable culture can lead to improved morale for employees
Strong managerial oversight and controls can help organizations achieve better corporate governance
Organizations can drive business value beyond defense objectives by making opportunistic Compliance as a Platform investments. Treating compliance obligations as opportunities can help you move away from tactical and non-repeatable activities.
In order to rethink their investments in defensive functions, organizations need to adopt the following principles to transform their capabilities and approach.
Simplified customer journeys: A simple, customer-centric approach can help identify gaps or friction points in organizational services. Reduced friction in the customer journey enables verifiable data collection that can help in due diligence, monitoring as well as new revenue generation opportunities.Digital banks have started using geotagged photos of customers at home during onboarding process to validate home address, reducing the possibility of fraudulent applications. Similarly, enabling payments using smartphones with biometric security also reduces the possibility of fraudulent transactions. Intelligently designed trading systems can highlight non-compliant trades early for corrective action.
Risk-aware decision making policy: Organizations may deliver lower growth with a defensive mindset. The cost of getting enhanced due diligence wrong is increased fines and scrutiny that banks are keen to avoid. A business partnership approach to identify, reprice and manage different risks can deliver improved returns per unit of risk.
A mayor of a small town and a princeling of a country are both politically exposed persons (PEPs) as banking customers. However, one has to assess the likelihood of anti-money laundering (AML) violation risk, which can be greater in one case versus another. One jurisdiction may be more transparent than the other, improving the likelihood of enhanced due diligence. Banks need to develop a decision framework that can consider all the additional factors regarding client retention rights.
Data as a decision accelerator: A data-driven approach leads to focus on the right problems and deeper analysis. Network effects of data can deliver insightful connections and pattern identification. This can reduce false positives for compliance professionals, and therefore, allow them to focus on the areas of greatest opportunity.
The LIBOR scandal was predicted by university students who observed bunching behavior on quotes around rate-setting period. Combined with the observations around the cost of borrowing, they were able to conclude that banks were incentivized and likely engaged in rate manipulation.Similarly, compliance professionals should be able to make connections with different sources of data such as transaction history, price movements, chat and voice transcripts to get alerted to the possible fraudulent behavior of participants. Augmented intelligence for pattern identification on vast amounts of data can help uncover new patterns that normally escape the scrutiny.
Aligned and transparent organizational practices: Leaders need to set the tone for the importance of compliance outcomes. They need to commit the right level of resources, craft policies and design incentives that create a culture of compliance, consistently. Organizations can enjoy reduced scrutiny and a ‘goodwill’ cushion for future lapses by building regulatory and customer confidence. Transparency and consistency of information will help bridge the existing trust gap.
Through the adoption of these principles and an evolutionary platform approach, Compliance & Risk can change their traditional paradigm, their traditional ecosystem within the bank and become a predictive enabler of business growth.
Intelligent Risk & Compliance: a tech-driven compliance platform
Inevitably, compliance organizations will need to become technology driven to fully embrace these principles. Technology enables automated processes and data-driven decision making, that in turn delivers transparency and improves collaboration. Strategic use of technology allows compliance to become an outcome of business activities.
Where does one start
The starting point of becoming a tech-driven compliance organization is to identify goals based on customer outcomes. Anyone who consumes the services of compliance is a customer, including end customers, regulators, and internal employees.
Examples of such goals include:
Proactively understand and manage regulatory changes
Identify and assess different level of risks ahead of key decisions
Fulfill regulatory obligations in a timely manner
Improve supervisory controls
Reduce exposure to financial crime
Support business growth initiatives
For each goal, consider the whole value stream of activities and pain points of stakeholders. As an example, consider the goal of reducing financial crime for a credit card company. A short-sighted solution is to decline any transactions that are deemed suspicious. However, this reduces the revenue opportunity for the firm as well as creates a poor customer experience. A better solution is to have clients validate all suspicious transactions through non-intrusive methods like text messages. The solution can be further improved by using machine learning and trained with past data to reduce false positives for suspicious transactions.
Capabilities can be grown in a step-by-step, incremental manner. Capabilities can also be repurposed for other activities. For example, one can use the learnings from suspicious transactions to better understand customer creditworthiness and thus, filter out bad actors amongst new applicants.
Growing individual capabilities and reusing them for other purposes is possible through the platform thinking and approach. Banks need to select their biggest goal to tackle and begin building the ecosystem of capabilities one by one to reach that objective. The end goal is to create an evolutionary compliance platform that embeds a digital platform strategy.
An ambitious mission like this is often intimidating for change fatigued organizations. We, therefore, recommend “Think big, start small and move fast”.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.