Over the past decade, compliance has moved centre stage and been elevated to key strategic status. One of the contributory causes of the 2008 financial crisis was, supposedly, lacklustre regulation and a spirit of free-for-all that spiralled out of control. The reaction to economic turmoil was a full-blooded response that has made regulation and compliance issues part of almost every discussion that takes place in financial institutions worldwide, regarding transactions, products and initiatives. The updated Markets in Financial Instruments Directive (MiFID II), the Packaged Retail and Insurance-based Investment Products Regulation (PRIIPs) and the Senior Managers and Certification Regime (SMCR), not to mention the Global Data Protection Regulation (GDPR), are just some of the large-scale regulations that companies in the sector are getting to grips with simultaneously.
At a conference in February 2018 called ‘Preparing for the inevitable’, wealth management benchmarking company Compeer and wealth management fintech firm JHC ran an anonymous survey gauging reaction to the amount of regulation over the period 2016–17, its impact on business and the cost of implementing new directives, as well as some predictions for 2018–19. Heads of compliance from 30 wealth managers were asked about their own operations and how they have adapted to the new business climate of heightened regulation, as well as how they are preparing for future demands. “As a service provider, we know that wealth management firms value guidance and support from any informed quarter,” says JHC’s Andrew Watson. “Through our Figaro user groups, whenever new guidance is issued, we bring financial institutions together to debate the changes, establish a consensus and assess the likely impact on operations. Given our large and diverse client base, we get to hear a wide range of observations and opinions.”
The key findings reveal that the pace and volume of compliance activity have increased in intensity and firms are recruiting more compliance staff to cope with this. Many are appointing a compliance director, signalling the growing importance of the function within firms. When it comes to complying with individual pieces of regulation, having a dedicated team in place and a senior-level project sponsor are vital to successful implementation.
“This has been the busiest two or three years of regulatory change that the sector has ever had,” says one compliance officer. “At the moment, it is extreme, but this might well be the new normal,” says another. The anticipation is that 2018–19 will also be intense, with 82% predicting it will, at the very least, be at a high level.
Almost 80% say their firms have hired more staff, with 37% increasing their workforce by more than 100% over the past five years. This rise has been dovetailed by a surge in risk management headcount. Around 90% of respondents say they would set aside at least the same hiring budget to recruit risk staff in 2018. Surprisingly, more than 40% say they do not have dedicated risk management staff.
According to the survey, 48% of participants feel there has been little change over the past five years to the importance that organisations assign to compliance, but there has been a shift towards the installation of a dedicated compliance director, which 39% say has taken place at their firm.
In 2017, Expand Research, a Boston Consulting Group company, predicted the cost to companies of implementing MiFID II could run to around US$2.1bn. But participants in the Compeer survey say regulation is difficult to plan and budget for, because of ill-timed guidance releases. That said, complying with MiFID and GDPR has run up more expenses than anticipated, according to respondents, although almost a third hinted that compliance had no formal budget for the process.
There are mixed reviews of the support regulatory bodies have offered financial services firms. “We’ve heard very little from the FCA since the [July 2017 MiFID II implementation] policy statement and it has not offered much support. We have received no readiness surveys,” says one compliance officer. Others point out that the FCA “has done as much as it can, given that MiFID II is European regulation”.
Regulation has, to a large degree, prompted a move to implement better technology – 78% confirm their technology system has changed due to regulation, and 86% say they have introduced technology to deal specifically with new or ongoing projects. Although good technology service providers understand the regulatory issues, compliance heads are not convinced that this understanding is consistent across the technology industry.
Regardless of increased regulation and some concerns about providers, 35% say their compliance processes have adapted and become more efficient over the past five years, thanks to improved or new technology that is enhancing efforts around the automation of ID verification processes for financial crime, monitoring and management information systems.
Almost 70% of participants had the foresight to prepare for MiFID II at least two years in advance, but what would they do differently today? “We would be better at documenting decisions along the way. MiFID II was such a long project and people preparing for it have forgotten why they made earlier decisions,” says one officer. Others say that MiFID and GDPR demand more spending on resources and people, and need an earlier buy-in from front office segment heads.
In fact, when asked to outline the necessary steps for each new regulatory project, 43% cite the appointment of a senior level sponsor. Almost half of respondents (48%) say that putting a dedicated team in place is an essential step, while other major landmarks include an impact assessment (57%), preparation of a plan (43%), the affect on business strategy (39%) and establishing a formal budget (43%).
With 80% of firms hiring more compliance staff and 37% increasing their compliance workforce by more than 100% over the past five years, human resources are on the frontline of tackling unprecedented workloads imposed on the financial services sector by regulatory bodies. The upside is that compliance has gone from being largely a box-ticking exercise five years ago to now having a much more strategic focus in the vast majority of firms. This is likely to result in better decisions being made in the business, including in regard to investment in technology. Indeed, as technology becomes more sophisticated and fintechs create utility-type functions that can be adapted for compliance use, the future of the compliance discipline rests as much in technological advances, such as artificial intelligence and distributed ledger technology, as it does with human judgement. In five years’ time, the regulatory landscape and its tools are sure to look very different.
In the second of this two-part feature, due to be published in the Q2 print edition of The Review
, we speak in depth to financial services practitioners about the challenges they are facing in complying with multiple pieces of regulation at the same time, and the solutions they are coming up with to tackle these challenges. We also take a look at the results from the poll questions embedded in this article.