INTRODUCTION
There is no question that there are costs associated with complying with the myriad rules and regulations under which financial services firms must operate. That cost can be quite high, depending in part on what types of products and services a firm offers and how its distribution network is structured. In some firms, particularly those which have not experienced significant regulatory issues, there can be reluctance or even resistance to funding the compliance program from senior leaders who see the CCO’s efforts as a drain on firm profits.
That attitude is short-sighted, however. As experienced compliance professionals know, a lack of regulatory violations does not mean the firm and its personnel are managing compliance risk effectively. In fact, there can be significant issues that simply have not been detected yet, issues that left unaddressed could end up costing the firm much more than it would have cost to prevent them or, at least, detect them in their earliest stages.
While financial services compliance efforts cost money, those expenditures pale in comparison to the cost of non-compliance. A December 2017 study by Ponemon Institute and Globalscape (“Ponemon Study”) revealed that the costs associated with business disruption, productivity losses, lost revenue, fines, penalties, and settlement costs that come part and parcel with regulatory issues add up to 2.71 times the cost of compliance.i In this paper, we will explore the costs of compliance – and non-compliance – in more detail, identifying factors that are leading to increased costs and outlining ways firms can be cost conscious without sacrificing compliance.
REGULATORY RISK COMES WITH A PRICE TAG
Compliance officers and senior leaders in financial services firms often focus on headlinegrabbing regulatory fines and sanctions when considering the cost of compliance. They are not wrong to do so. However, it would be a mistake to assume that those industry fines represent the only, or even the largest potential cost of noncompliance.
As reported in its 2018 Annual Report, the SEC returned $794 million to investors who were wronged by non-compliant firms and associated persons, and obtained judgments and orders against wrongdoers, with those penalties totaling more than $3.945 billion. FINRA also issued its share of regulatory fines in 2018: $61 million.
While these numbers are staggering, they do not come close to representing the full financial nightmare a non-compliant firm can realize when it self-identifies a problem or lands in the regulator’s crosshairs.
The cost of business disruption, including lost productivity, lost revenue, lost customer trust, and operational expenses related to “cleanup” efforts, can far exceed regulatory fines and penalties. Considering these added costs, the Ponemon Reports put the average total cost of non-compliance at $14.82 million, compared to a $5.47 million cost of compliance.
Beware the risk of complacency!
The ever-changing regulatory landscape means that firms cannot afford to become complacent about their compliance efforts. Although a firm may have approved a one-time resource expenditure years ago to update its compliance program, risks are rapidly evolving. Firms that simply adhere to the status quo because the status quo was once sufficient may regret that decision when problems ultimately arise.
FACTORS IMPACTING THE COST OF REGULATORY COMPLIANCE
Several factors influence compliance costs, not the least of which is personnel costs. As the rules become more complex, experienced compliance staffers are increasingly in demand.
At the same time, the complexity of the regulatory framework means it can be nearly impossible for firms to keep pace with growth goals while staying on top of applicable requirements – even with a team of knowledgeable compliance staffers on the payroll.
Another problem is that financial Services firms’ compliance efforts may not be as streamlined as firm leaders would like to believe. When team members don’t have efficient means of monitoring and managing existing compliance programs, for example when review or certification tasks are handled manually or when staff has to waste time searching for information in emails and saved files on their hard drives, the firm may have an efficiency problem. This also creates a greater risk that compliance issues are present but undetected by a staff that is not operating at peak capacity.
Costs and Benefits of RegTech
In some firms, compliance costs have gone up because the firms have recognized the need to implement regulatory technology tools to make compliance efforts more efficient and effective. The regulators’ increased reliance on FinTech solutions to identify and address problems has also led to a race among firms to keep pace, to avoid becoming the next firm called out for not having adequate compliance policies and procedures in place. Make no mistake, while there is a cost associated with implementing a compliance technology platform, RegTech can help firms increase compliance while keeping costs in check. RegTech is most effective when staff across all levels of the organization are well-trained and are committed to using the resources at their disposal.
BEST PRACTICES FOR LOWERING THE COST OF COMPLIANCE
The Ponemon Study identified the following twelve best practices that can lower the cost of compliance, and the savings that each best practice can bring:
Centralizing the compliance function, or at least standardizing the way people in different divisions or departments comply, can yield the biggest rewards for firms, in terms of lowering compliance expenses and making the idea of “non-compliance” even less attractive.
Similarly, standardizing the audit function, and making audits more an ongoing affair than a once-a-year drill, can reduce risks and costs. When firms have the tools they need to conduct effective internal audits, they can identify potential problems before those issues can grow and morph into more significant and costly issues.
Effective compliance training can also result in cost-savings for firms. It’s important that everyone, at all levels of the company, understands their obligations and understands expectations for compliance. When firms use enterprise-wide compliance systems and provide training for all staffers, they’re likely to have higher adoption and usage, which in turn should result in reduced risk and increased compliance.
Finally, achieving buy-in and creating a strong culture of compliance throughout the firm should also mean lower risk of non-compliance, helping firms avoid unnecessary expenses when otherwise-preventable issues are raised. Although “compliance culture” is a somewhat nebulous term and is arguably difficult to measure or quantify, it can be bolstered by making the CCO a member of the firm’s senior leadership team and through dedication to a strong tone from the top.
DON’T RISK PAYING THE PRICE FOR NON-COMPLIANCE
With the cost of non-compliance nearly three times the average cost of complying with industry rules and regulations, there shouldn’t be any question about the value of having a strong internal compliance program.
The cornerstones of that program should include strong leadership, thorough initial and ongoing training programs, and regulatory technology designed to enable the monitoring of vast amounts of information, streamline oversight and reporting functions, and lower the risk of costly rule violations.
Read “The True Costof Non-Compliance” for some eye-opening statistics and a more in-depth lookas what the other costs of business are due to disruptions caused bynon-compliance and what you can do to mitigate risk at your firm.