Boards of directors are increasingly seeing the value of regulatory compliance, as the past year has seen a worldwide spike in compliance spending and the hiring of skilled compliance staff, according to data collected by intelligence firm Thomson Reuters.
In North America, 60% of firms report that they expect a “significant increase” in compliance investments from 2015 to 2016. For instance, one of these firms, HSBC, expects year-over-year spending on compliance to increase by 300%, to $750 million.
Firms also expect to dedicate a considerable amount of time and staff to compliance processes and procedures. Twenty percent anticipate committing between four to seven hours on compliance per week (up 1% from 2013), and 21% expect more than seven hours (up from 18% in 2013).
Where is the pressure is coming from?
One driver that’s increasing demand for compliance specialists is pressure from the influx of new regulatory initiatives created after the 2008 financial crash, according to Roger Miles, behavioral risk lead at Thomson Reuters. Regulators are looking beyond transaction data organizations produce internally and instead define violations based on human behavior.
“A key feature of this revolutionary approach … is that it looks beyond the dry theory of economic utility toward a real-life, empirical view of human interactions, the ‘what actually happens’ view of financial markets,” wrote Miles in a whitepaper titled “What’s Compliance Worth?”
Regulators that follow this behavior-based regulation approach examine firms’ processes, decision making and how they design systems for employees. Moreover, they look at how these organizations behave in financial markets and how they interact with their customers in real time.
This regulatory approach has not only increased compliance costs, but regulatory fines as well. According to research by Thomson Reuters, cumulative fines for conduct-related offenses are projected to surpass $20 billion globally — and will continue to grow.
Another factor is that regulators are expanding their powers. Local agencies, for example, are extending their reach beyond their jurisdiction and target sector. Additionally, there has been an increase in regulatory initiatives that impact multiple sectors or territories. Some examples are Basel III, Foreign Account Tax Compliance Act and the Foreign Corrupt Practices Act.
Furthermore, there’s been a rise in local regulatory schemes that are subsequently copied by agencies in other jurisdictions, such as “clawbacks,” or recovery of inappropriate compensation and bonuses, and examining senior managers’ personal responsibility for criminal behavior. In the U.S., for example, “the SEC is currently staffing up with behaviorally aware enforcers headhunted from other jurisdictions,” Miles said over email.
In response to this increase in enforcement actions, compliance staffs’ dockets are getting longer. Their tasks must now include, at the very least, the following:
- Protecting senior management against regulatory risk and managing regulatory relationships;
- Providing evidence to management and the board on appropriate compliance actions and developing reporting mechanisms;
- Managing the convergence of compliance, internal audit and risk functions; and
- Keeping abreast of new requirements of conduct risk regulations and create their firm’s own definition of what “good conduct” is.
In part two of this blog post, find out how compliance practitioners should take the lead in transforming their organization into one that is conduct-risk-aware.