Waves of new regulations have rolled through during the past few administrations and swept through the financial services industry since the financial crisis. This should not come as a surprise given that banking is one of the most highly regulated industries. Every day, a Chief Compliance Officer must review and react to about 200 new regulatory changes, according to a Boston Consulting Group report. In the United States, that velocity of change continues to rise, putting organizations increasingly on edge.
Fines have approached nearly $1.3 billion since 2019 in the US, according to CSO Online. Companies such as Equifax, Home Depot, and Uber have been hit with penalties of hundreds of millions of dollars for data breaches that exposed consumer data. Additionally, since 2018, EU authorities have issued a total of 841 fines totaling over $1.28 billion, according to Privacy Affairs.
In contrast, regulations, such as those placed upon credit cards and mortgages, came to be so overbearing at one point, the pendulum shifted. Thus, the Economic Growth, Regulatory Relief, and Consumer Protection Act was passed in 2018 to place fewer restrictions on smaller banks.
Chief Compliance Officers are constantly on the front line trying to manage risks, avoid fines, and preserve their organizations reputation. Following are three things CCOs should consider as they look ahead and consider how to tackle what’s next in compliance.
Banish the manual and automate
With constant fluctuations in regulatory requirements, it’s shocking that organizations still attempt to track them using manual tools. In fact, 63 percent of organizations still use inadequate productivity and knowledge management software, such as spreadsheets, to manage compliance, according to MetricStream’s latest State of Compliance survey.
It’s time to banish manual processes and replace them with automation. The use of manual processes and tools have a greater margin for error and are not efficient. It’s also expensive to engage expert resources in tedious tasks. In contrast, automated tools, including the implementation of AI and ML technology, allows for the monitoring and controlling of compliance issues with greater ease and accuracy than ever before.
Tools that enable you to proactively identify regulatory changes and assess their impact on business processes, policies, risks, and controls are key to moving from the manual state to automated. This includes a centralized framework that aggregates regulatory content from multiple trusted sources, including both subscription and publicly available data sources.
Balance the strategic with the tactical
It’s also important to strike the right balance between the roles of employees and the use of technology. People are primarily needed for the “smart decisions” – the choices that require judgement. On the other hand, smart tools, whether AI or advanced software, are better suited to handle more remedial, repetitive tasks.
For example, consider the critical and timely issue of third-party risk. Whether customers, vendors, or suppliers, third parties represent a tremendous risk to banks, from data breaches to the threat of compliance and legal issues. Manually assessing questionnaires and security attestations from thousands of third parties isn’t reasonable – or even possible. Solutions that leverage artificial intelligence and machine learning can read data, spot patterns, and make recommendations, while analysts spend their time developing the right strategy to resolve issues – instead of manually assessing thousands of pages of text.
Engage the frontline
Staying current and compliant isn’t a one-time event – it’s a process. Strategic compliance officers need a 360-degree view of potential issues. Engaging frontline teams to report potential issues or violations as issues occur will be critical to your success.
In essence, frontline workers are the eyes and ears of an organization. They are the first to deal with others outside the business, and they are the first to interact with internal co-workers and contractors. This unique position enables frontline workers to be an ideal source of intelligence. To address frontline-level risks, organizations should take proactive steps that address policy, tools, and culture. The future of empowering frontline workers to combat threats comes from an ability to allow the frontline (employees, vendors, franchisees and even customers) to provide “observations” instantly and easily through a mobile interface.
Although the banking industry has been addressing compliance for years, the sheer velocity of regulatory changes today makes it essential for automation and technology to be at the top of any organization’s priority list. If you truly want to move from a posture of fear to a position of power, I suggest you consider automating your processes to manage the rate of change faster, empowering your people to focus on strategic initiatives, and engaging your frontline.
The bottom line is the rate of regulatory change will continue to fluctuate. Your risk strategy needs to be nimble and needs to ebb and flow with the rate of change, no matter which way the pendulum shifts.