Risk & Compliance

Machine-Driven Enforcement and Wrestling with Clouds

Are ever-growing compliance costs just the price of admission to the global economy?

It was supposed to get easier. In 2017, with the crush of post-financial crisis regulatory reforms largely behind them, most big businesses were expecting a lighter-handed approach to regulation.

They were encouraged by President Donald Trump’s executive order on “reducing regulation and controlling regulatory costs,” and hopeful that the European Union’s commitment to “better regulation” might remove some of the complexities of modern multinational business operations. Many compliance and risk professionals surveyed in 2017 said they thought runaway growth in compliance costs would start to slow.

A Better Way to Do Ecommerce

A Better Way to Do Ecommerce

Learn how Precision Medical leveraged OneWorld to cut the cost of billing in half and added $2.5M in annual revenue.

Instead, they got a messy, prolonged Brexit, the General Data Protection Regulation, and a U.S. trade war with China.

It should have come as little surprise, then, when Thomson Reuters took the temperature of compliance and risk professionals again in 2018, the feeling was strong that compliance costs would stay elevated. Two-thirds of respondents said they expected the cost of senior compliance staff to continue to increase, and 61% expected their total compliance budgets to rise.

The findings echoed those from PwC, in its newly released 2019 State of Compliance Study. The PwC study noted that businesses spent roughly between $1 million and $5 million on compliance per $1 billion in revenue.

So, is that it? Are ever-growing compliance costs just the price of admission to the global economy? Or is there something business leaders can do to stanch them without leaving their businesses and themselves vulnerable?

Activity among regulators suggests two areas where business leaders will want to focus their attention if they hope to start controlling compliance costs.

The first is technology. We are in the midst of the RegTech revolution — a sharp increase in the use of technologies such as cloud computing, robotic process automation, and machine learning to automate regulatory reporting, increase efficiency, and reduce human error. Getting a handle on these technologies will be critical for businesses that need to manage risk and control costs.

On the other end of the skill-set spectrum is a push to regulate corporate culture. This is a nebulous task that lawyers from the global firm Clyde & Co. LLP have likened to “wrestling with clouds or herding sheep.” It involves a softer set of management skills but is no less important to master.

Digital Reporting

On the tech side, there has been no shortage of ink spilled on the growth of new products to address everything from AI-powered vendor screening to cloud-based data management and reporting. The latest estimates suggest that the market for these kinds of tools will reach $12.3 billion by 2023.

But that’s just half the equation. Regulators are also experimenting with RegTech solutions that may soon become a part of everyday life for large corporations.  So far, the UK Financial Conduct Authority (FCA) is leading that charge with a focus on digital regulatory reporting. Along with the Bank of England and the banking industry, the FCA is testing whether machine-executable rules can effectively manage the automatic submission of data from firms to regulators. It’s an ambitious venture, and early results are intriguing.

During hackathon events dubbed TechSprints in 2016 and 2017, the FCA and the Bank of England showed that “a small set of reporting instructions could be converted into machine‐executable code. Machines then used the code to automatically carry out the instructions, pulling the required information directly from a firm’s systems.”

In the second phase of feasibility testing, the FCA collaborated with Barclays, Credit Suisse, Lloyds, Nationwide, NatWest, and Santander in 2018. The pilot converted regulations into code, defined standardized firm data, and developed a system to use this raw material to automate the creation of regulatory reports. In a second pilot this year, regulators and banks are striving to ascertain which regulatory reports are right for machine reporting; how valuable such a program would be; how to best generate machine-executable regulations; and how to efficiently standardize firm data.

It’s a staggering task, but success will certainly breed imitators – so executives responsible for compliance need to assess whether their teams have the technical capabilities, resources, and savvy to play in this kind of electronic reporting environment.

The Human Side

Tech alone is not enough, though. A great deal of regulatory compliance these days is wrapped up in the notion of corporate culture. Regulators across the United States, Europe, and Asia have become increasingly active in taking enforcement actions against corporations that have shown a cultural pattern of regulatory malfeasance.

According to the Thomson Reuters State of Regulatory Reform 2019, the common bond is a  flagrant disregard for an institution’s controls and policies, and behavior that puts profit ahead of the risks created for the organization.

That’s bigger than any single RegTech product can hope to address. It requires a top-down commitment to creating a culture of compliance that can be challenging to operationalize.

For companies, navigating those murky waters starts with engendering trust in leadership. That trust stems from rigorous board oversight of corporate culture; from elevating culture, conduct, and ethics programs; from executives clearly stating the firm’s position on risk-taking; and from a focus on personal responsibility.

As we speed toward a new decade, corporate finance and compliance leaders are expected to harness the potential of advanced technology to revolutionize regulatory reporting while ensuring their companies are fostering cultures of integrity and fair play.

Achieving these goals to ensure their companies follow the rules will require a diverse set of technical and interpersonal skills, but there is a silver lining. The increased efficiency and adaptability that comes from incorporating new technologies and building management structures rooted in corporate responsibility and trust will – over the long run – strengthen businesses. But don’t expect the path to get there to be easy or inexpensive.

Brian Peccarelli is co-chief operating officer of Thomson Reuters.