2020 was a landmark year for fraud across industries, not least because an unprecedented pandemic shook global economies.
The UK saw a 32% increase in investment scam cases, and impersonation scams nearly doubled. In a Global Fraud Survey, EY found that across developed markets on all continents, the number of respondents who view corruption as widespread is on the rise.
At first blush, these numbers are disheartening, particularly in light of the staggering amounts of money firms already spend on their compliance efforts, from training programmes and hotlines to complex systems designed to prevent violations of laws, regulations, and organisational policy.
All told, an average multinational financial services company spends tens or even hundreds of millions of pounds on compliance each year.
It’s no surprise that executives are increasingly frustrated at the enormous (and growing) cost of compliance, without a clear return on investment. They continue to invest, not necessarily because they believe in the benefits, but because they fear liability if they should fail to spend enough.
But what if you could make compliance more efficient and effective? Even without directly reducing spend, improving ROI on compliance systems has a direct impact on the P&L—not to mention the global reputation—of financial firms.
Here are the top 5 reasons we see compliance systems fail—and what to do about it.
#1: Lacklustre compliance culture
Compliance programmes will not succeed over the long term without organisational buy-in.
It isn’t enough to facilitate trainings with a 10-question quiz at the end, as recent scandals have demonstrated. If the corporate culture around those requirements lacks substance, employees won’t take them seriously.
Statistics around corporate fraud bear this out. The average organisation loses 5% of their revenue to fraud each year, listing corruption as the most common cause. And a shocking 42% of CFOs worldwide could justify unethical behaviour to meet financial targets.
The fight against internal and external fraud requires more than training employees and asking them to report unethical behaviour. It requires a stronger stance, backed by corporate culture.
Organise your company culture around the benefits of regulatory compliance, rather than viewing it as a burden or a box to be ticked for the sake of avoiding liability. Rally your team around the ultimate goal, and leverage your compliance protocol to make major decisions that affect the future of the firm.
Compliance protocols can be expensive, so put that investment to good use and orient your culture and strategy around them.
#2: Failure to track data over time
How effective are your compliance systems?
At most firms, this question is difficult—if not impossible— to answer. That’s because only 70% of firms even attempt to measure compliance programme effectiveness. Of those that do, only one-third are even confident that they’re using the proper tracking criteria in the first place.
Very often, businesses can offer evidence that regulatory protocols exist, but cannot provide evidence of having ever tested them. In general, they are not tracking the number of breaches they experience, or how frequently internal whistle-blower programmes are utilised.
Without tracking the number of failures or the volume of protocol usage over time, there is no way to quantify your programme’s effectiveness.
And there’s another benefit to keeping a careful record. Tracking past breaches helps to proactively identify future areas of highest risk. A key component of any successful compliance programme is leveraging compliance data to make strategic decisions, and taking proactive steps to manage these areas of predicted risk can make your protocols particularly effective.
#3: Spending without strategy
It’s no secret that compliance programmes are a massive expense for financial institutions, and that cost is only expected to rise over the next five years. According to the Financial Conduct Authority, average compliance costs in the UK hover between £3.2 and £4.1 million each year.
No firm should spend this kind of money without an overarching strategy, and compliance is no exception. If you aren’t leveraging compliance protocols as part of a larger organisational strategy (see #1 above), you aren’t maximising your investment.
A robust compliance strategy will keep you focused on what is truly important, even as regulations change and grow more complex.
In high-performing companies, compliance management protocols are closely aligned with the strategic vision and goals of the vision at large. They aren’t an afterthought—they’re an integration.
#4: Overly rigid protocols
In the world of regulatory compliance, the only constant is change. If your systems aren’t built to be flexible, it’s only a matter of time before they fail.
Between changing regulations, developing technology, and uncertain markets, your compliance programmes must anticipate rapid change—and have infrastructure in place to accommodate it—to succeed over the long term.
One key consideration in this vein is a deceptively simple one: make sure that your data infrastructure is easy to download, digest, and migrate. That way, you won’t be trapped in an outdated or unwieldy system if updated regulations or new technology require you to make a change in your record-keeping or AML/KYC protocols.
A well-organized database stored in a user-friendly format (with attention to data security, of course) goes a long way toward increasing the flexibility of your compliance systems, even if you can’t yet know what will change next.
#5: Outdated technology
Investing in the latest financial regulatory technology (or “FinTech” and “RegTech”) at a time when budgets are already under strain might seem counterintuitive, but firms simply cannot afford to cut corners when it comes to compliance.
Investing in up-to-date technology now pays exponential dividends in the future by helping firms to avoid catastrophic failures and mitigate risk.
The right technology increases efficiency, reduces the risk of human error or fraud, and ensures long-term programme viability.
Of course, even the most disruptive technology is only as effective as a firm’s ability to use it, and many companies stable at the change management step. Effective implementation and adoption is key—but don’t let fear of change prevent your organisation from taking the necessary steps to stay current.
Most G-SIFIs surveyed by Thomson Reuters in 2020 said they considered RegTech to be “important to operational management,” but only 9% consider the data central to strategic decision making. In our view, this is akin to leaving money on the table.
If your technology systems aren’t leveraging AI, machine learning, and predictive analytics to help inform the way you interact with customers and make decisions, you aren’t making the most of the data you’ve already invested time and labour into collecting.