tiero - Fotolia

Firms face 'regulatory fatigue,' higher cost of compliance

Firms worldwide are experiencing 'regulatory fatigue' due to rapidly increasing compliance mandates. In Thomson Reuters' latest Cost of Compliance survey, see how GRC teams can manage these regulatory changes.

Compliance practitioners worldwide are experiencing "regulatory fatigue" and overload as a result of the sheer volume and scope of regulatory change, a recent survey by Thomson Reuters found. The survey's authors expect this regulatory strain, along with resource and staffing challenges, to increase throughout 2015 as firms navigate snowballing international and domestic rules.

Thomson Reuters, a media and information company, published the findings of its sixth annual Cost of Compliance survey earlier this year. The survey polled 600 compliance practitioners from financial services firms around the world. The report highlighted some examples of this increasing compliance burden, including new regulatory approaches like Australia's Financial System Inquiry report and legislation such as the Dodd-Frank Act in the U.S.

The biggest challenge for compliance officers is managing this escalating regulatory change. For instance, more than a third of companies and their compliance teams are spending at least a day a week tracking and analyzing regulatory developments, said Stacey English, head of Regulatory Intelligence at Thomson Reuters and the report's co-author, in an interview for Reuters Insider. "For the much larger firms, this can run into hundreds of hours a week. This is before they can actually start working with the business, advising the business or implementing that change," she added.

The survey also found that global systemically important financial institutions, or G-SFIs, which were asked to self-identify, were better equipped to manage compliance challenges as opposed to smaller, non-G-SFI firms, which reported being stretched more thinly. G-SFIs, which are defined as large financial institutions whose distress or disorderly failure would cause major disruptions to the wider financial system, are able to spend relatively more time on essential compliance tasks because they have larger operations and a greater pool of resources. As a case in point, the authors reported a decrease in the number of non-G-SFI firms spending more than 10 hours on compliance activities, with many leveling out at seven to 10 hours a week.

Speed and breadth of regulatory change

The rise in compliance leaders expressing regulatory fatigue can be directly attributed to increased accountability, the pressures of being expected to be knowledgeable on complicated regulatory matters and the possibility of record fines for noncompliance, according to Phil Cotter, managing director for Risk at Thomson Reuters. Seventy percent of these compliance leaders expect regulators to publish more regulatory information in 2016, with 28% expecting this increase to be significant.

"Understanding regulators’ expectations and requirements and being able to interpret and apply them is as great a challenge as keeping abreast of the changes," Cotter said.

Approximately 75% of these firms expect regulators' risk management focus to rise throughout 2015. This is due to a greater focus on companies' compliance culture and conduct risk, or what Thomson Reuters defines as the risks associated with company and staff conduct. "The overriding focus on conduct risk from regulators … is a much broader concept that permeates every part of the business," English said.

Resource and staffing challenges

Sixty-nine percent of firms expect compliance staffing costs to continue to rise, which co-author English said was not surprising, because these costs have risen steadily year over year since Thompson Reuters started conducting the Cost of Compliance survey. Instead, "the trend now is not only the cost of staff; it's actually finding skilled staff. That's the challenge: a real lack of compliance officers with deep, practical expertise in the market," she said.

Furthermore, 69% of compliance professionals felt increasing pressure regarding their budgets, with another 19% expecting significantly more pressure on their compliance budgets in the future.

Regulatory issues and the board

The report's authors found that regulatory matters -- which include correcting noncompliance, preventing more sanctions and implementing structural changes to observe new rules -- are taking up "disproportionate amounts" of board agendas.

Understanding regulators' expectations and requirements and being able to interpret and apply them is as great a challenge as keeping abreast of the changes.
Phil Cottermanaging director, Risk, Thomson Reuters

The survey also uncovered a lack of coordination in how control functions interact and are aligned. For instance, almost half of compliance personnel spend less than an hour with legal, internal audit and risk functions to discuss compliance issues.

One way to address these problems lies with the board, which must continue to support compliance teams and senior leadership with the budget and resources to help foster a culture of transparency and trust, the authors advised.

"The pendulum needs to begin to swing back at least in part toward the business itself to allow for business improvement and development, rather than having all change capacity and capability taken up by regulatory issues," the authors wrote.

They added that this doesn't mean boards should cease to focus on regulatory compliance issues, but rather to balance those matters with managing the business.

IT risks, cybercrime and resilience

Another area impacting the compliance sphere is technology -- particularly IT risks, cybercrime and resilience. Cyber-risks are multilayered and should not be relegated only to the IT function, the authors advised.

"Compliance functions need to be engaged in the consideration of risks to the business (and by association the potential effect on their customers) from an attack on the wider financial services infrastructure, as well as the implications of a direct attack on the firms themselves," they wrote.

Cost of compliance: Outlook

English does not expect pullback from the rising regulatory overload that compliance practitioners are experiencing. "We've seen year on year increase," she said.

Last year, Thomson Reuters tracked 40,000 major regulatory alerts that firms need to be aware of, which includes big consultation papers, policy statements and speeches.

"It's no surprise that there's this fatigue, but I think it is a concern, and it's perhaps reached a point where [firms] can't do anymore," English said.

Next Steps

How GRC tools can help firms meet regulatory compliance needs
Two descoping methods that can help reduce regulatory compliance burdens
Security compliance is still a corporate burden -- but can be alleviated

This was last published in September 2015

Dig Deeper on Managing governance and compliance

Join the conversation

5 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is your firm experiencing regulatory fatigue or rising costs of compliance? If so, what aspect of regulatory compliance is most overwhelming and why?
Cancel
Yes, absolutely. We are in the U.S. and our compliance obligations come mostly from HIPAA regulations and government CAHPS programs. 

The constantly changing requirements keep my entire team employed, and extremely busy. 
Cancel
The pressures of regulatory change across the industry post-recession, such as Dodd Frank, Mifid, and BCBS 239 to name a few, have been monumental. This has resulted in stretching compliance, IT and other support functions to the breaking point, as they all scramble to meet with the demanding deadlines. The message from the regulators is clear however, that firms need to show good progress towards meeting the deadlines, and should have at a minimum tactical processes in place to meet the requirements backed up by robust planning for the strategic solutions.
Cancel
If only industry leaders had a positive record of regulating themselves, there would be fewer government-imposed regulations. Sadly, they don't. When business has been left to itself, it becomes entirely focused on profit with products and consumers be damned. Consumers NEED the protection of oversight.
Cancel
Thanks for the insight, annalisa and ncberns. What tactics are your orgs using to be able to keep abreast of all these regulator requirements? And do you think govt-imposed regulations are actually shifting the internal cultures of these orgs to be more transparent? How much more of a part should other departments in a company play in compliance?
Cancel

-ADS BY GOOGLE

SearchCIO

SearchHealthIT

SearchCloudComputing

SearchDataCenter

SearchDataManagement

SearchSecurity

Close