tiero - Fotolia
Compliance practitioners worldwide are experiencing "regulatory fatigue" and overload as a result of the sheer volume and scope of regulatory change, a recent survey by Thomson Reuters found. The survey's authors expect this regulatory strain, along with resource and staffing challenges, to increase throughout 2015 as firms navigate snowballing international and domestic rules.
Thomson Reuters, a media and information company, published the findings of its sixth annual Cost of Compliance survey earlier this year. The survey polled 600 compliance practitioners from financial services firms around the world. The report highlighted some examples of this increasing compliance burden, including new regulatory approaches like Australia's Financial System Inquiry report and legislation such as the Dodd-Frank Act in the U.S.
The biggest challenge for compliance officers is managing this escalating regulatory change. For instance, more than a third of companies and their compliance teams are spending at least a day a week tracking and analyzing regulatory developments, said Stacey English, head of Regulatory Intelligence at Thomson Reuters and the report's co-author, in an interview for Reuters Insider. "For the much larger firms, this can run into hundreds of hours a week. This is before they can actually start working with the business, advising the business or implementing that change," she added.
The survey also found that global systemically important financial institutions, or G-SFIs, which were asked to self-identify, were better equipped to manage compliance challenges as opposed to smaller, non-G-SFI firms, which reported being stretched more thinly. G-SFIs, which are defined as large financial institutions whose distress or disorderly failure would cause major disruptions to the wider financial system, are able to spend relatively more time on essential compliance tasks because they have larger operations and a greater pool of resources. As a case in point, the authors reported a decrease in the number of non-G-SFI firms spending more than 10 hours on compliance activities, with many leveling out at seven to 10 hours a week.
Speed and breadth of regulatory change
The rise in compliance leaders expressing regulatory fatigue can be directly attributed to increased accountability, the pressures of being expected to be knowledgeable on complicated regulatory matters and the possibility of record fines for noncompliance, according to Phil Cotter, managing director for Risk at Thomson Reuters. Seventy percent of these compliance leaders expect regulators to publish more regulatory information in 2016, with 28% expecting this increase to be significant.
"Understanding regulators’ expectations and requirements and being able to interpret and apply them is as great a challenge as keeping abreast of the changes," Cotter said.
Approximately 75% of these firms expect regulators' risk management focus to rise throughout 2015. This is due to a greater focus on companies' compliance culture and conduct risk, or what Thomson Reuters defines as the risks associated with company and staff conduct. "The overriding focus on conduct risk from regulators … is a much broader concept that permeates every part of the business," English said.
Resource and staffing challenges
Sixty-nine percent of firms expect compliance staffing costs to continue to rise, which co-author English said was not surprising, because these costs have risen steadily year over year since Thompson Reuters started conducting the Cost of Compliance survey. Instead, "the trend now is not only the cost of staff; it's actually finding skilled staff. That's the challenge: a real lack of compliance officers with deep, practical expertise in the market," she said.
Furthermore, 69% of compliance professionals felt increasing pressure regarding their budgets, with another 19% expecting significantly more pressure on their compliance budgets in the future.
Regulatory issues and the board
The report's authors found that regulatory matters -- which include correcting noncompliance, preventing more sanctions and implementing structural changes to observe new rules -- are taking up "disproportionate amounts" of board agendas.
Phil Cottermanaging director, Risk, Thomson Reuters
The survey also uncovered a lack of coordination in how control functions interact and are aligned. For instance, almost half of compliance personnel spend less than an hour with legal, internal audit and risk functions to discuss compliance issues.
One way to address these problems lies with the board, which must continue to support compliance teams and senior leadership with the budget and resources to help foster a culture of transparency and trust, the authors advised.
"The pendulum needs to begin to swing back at least in part toward the business itself to allow for business improvement and development, rather than having all change capacity and capability taken up by regulatory issues," the authors wrote.
They added that this doesn't mean boards should cease to focus on regulatory compliance issues, but rather to balance those matters with managing the business.
IT risks, cybercrime and resilience
Another area impacting the compliance sphere is technology -- particularly IT risks, cybercrime and resilience. Cyber-risks are multilayered and should not be relegated only to the IT function, the authors advised.
"Compliance functions need to be engaged in the consideration of risks to the business (and by association the potential effect on their customers) from an attack on the wider financial services infrastructure, as well as the implications of a direct attack on the firms themselves," they wrote.
Cost of compliance: Outlook
English does not expect pullback from the rising regulatory overload that compliance practitioners are experiencing. "We've seen year on year increase," she said.
Last year, Thomson Reuters tracked 40,000 major regulatory alerts that firms need to be aware of, which includes big consultation papers, policy statements and speeches.
"It's no surprise that there's this fatigue, but I think it is a concern, and it's perhaps reached a point where [firms] can't do anymore," English said.
How GRC tools can help firms meet regulatory compliance needs
Two descoping methods that can help reduce regulatory compliance burdens
Security compliance is still a corporate burden -- but can be alleviated