COST OF COMPLIANCE 2018: Executive summary and regulatory developments

NEW YORK (Thomson Reuters Regulatory Intelligence) - Thomson Reuters has undertaken its annual survey(here) on the cost of compliance and the challenges financial services firms expect to face in the year ahead.

A man looks at lightbulbs filled with water as part of the exhibition "Lagrimas de Sao Pedro" (Tears of Saint Peter) by Brazilian artist Vinicius Silva, at a cultural center in Rio de Janeiro, March 21, 2013.

The survey, now in its ninth year, generated responses from more than 800 senior compliance practitioners worldwide, representing global systemically important financial institutions (G-SIFIs), banks, insurers, broker-dealers and asset managers. As with all previous years, the report builds on annual surveys of similar respondents and, where relevant, highlights year-on-year and regional trends.

The cost of compliance survey report has become the trusted voice for risk and compliance practitioners. Last year's report(here) was read by nearly 9,000 entities including firms, G-SIFIs, regulators, law firms, domestic governments and consultancies. The insight it provides into the concerns and worries shared by practitioners have, once again, drawn out the main challenges faced across all industry sectors. Thomson Reuters thanks all respondents, along with a continued assurance that the responses will remain confidential.

The survey findings aim to help regulated firms with planning and resourcing, while allowing them to benchmark their own practices and experiences to determine whether their strategy and expectations are in line with the wider industry. The experiences of G-SIFIs are analysed where these can provide a sense of the approach taken by the world’s largest financial services firms.

In the last couple of years, the cost of compliance survey reports have highlighted emerging resource constraints which, combined with continuing regulatory uncertainty, suggested something of a pivot point for firms and their approach to risk and compliance. This year, in addition to firms seeking more creative solutions to risk and compliance challenges, a sense of increasing pressure on senior managers to deal with evolving regulatory expectations is beginning to emerge.


- Biggest compliance challenges: Compliance practitioners continue to identify the management of continuing regulatory change as their biggest challenge. For 2018, data privacy and the global ramifications of the implementation of the European General Data Protection Regulation (GDPR) are specifically highlighted as a concern; a distinct shift from the challenges highlighted for 2017.

- Compliance budgets continue to increase Sixty-one percent of firms are expecting an increase in their total compliance budget in 2018 (53 percent in 2017). This is somewhat moderated in the G-SIFI population, where 49 percent reported that their total compliance team budget would increase in the year ahead. This is in part reflected in the marginal rise in the expectations regarding the cost of senior compliance staff, with 66 percent of firms expecting an increase in the next 12 months compared with 60 percent in 2017.

- Evolving compliance resources Alongside increasing budgets for 2018, 52 percent of firms expect the size of their compliance team to remain the same in 2018 while 43 percent expect it to grow. In the G-SIFI population, 43 percent expect the size of their compliance team to stay the same, 46 percent expect the team to grow and 11 percent expect the team size to reduce in 2018.

G-SIFIs can perhaps be seen as leading indicators for future compliance trends. The changing picture presented by the largest firms suggests they are beginning to reconsider the shape, size and skill set of compliance as some teams grow and others are reduced when particular regulatory projects come to an end.

- Personal liability Personal liability continues to be an important concern for compliance professionals with 54 percent (48 percent in 2017) expecting personal liability to increase in the next 12 months (18 percent expecting a significant increase). This is likely to reflect the implementation of individual accountability regimes around the world together with the unrelenting focus on regulatory risk. Seventy-four percent of firms report an increase in the focus on managing regulatory risk in the next 12 months (24 percent expect a significant increase).

- Board challenges The biggest challenges facing boards this year have again been highlighted as continuing regulatory change and the intensity of supervisory scrutiny. In line with compliance challenges, data privacy and the GDPR have been specifically highlighted as challenges for 2018.

- Impact of technology Technology is having a major impact on compliance. On the one hand, the anticipated benefits of new technology are strengthening the compliance function’s involvement in considering solutions, with 41 percent (33 percent in 2017) expecting to spend more time assessing fintech and regtech solutions in the next 12 months, rising to 55 percent in the G-SIFI population. Balanced against the potential benefits of technology are the heightened regulatory risks associated with cyber resilience, data privacy and IT infrastructure.

- Increased regulatory liaison Most firms (58 percent) are expecting to spend more time in the next 12 months liaising and communicating with regulators and exchanges with 16 percent expecting significantly more contact. There were regional variations with the Middle East (66 percent), the United Kingdom (63 percent), Asia (63 percent) and Australasia (62 percent) expecting to spend the most time liaising with regulators. This, in part, reflects the need for continued personal relationship management and dialogue on regulatory expectations, ranging from culture and conduct to the implementation of personal accountability regimes.

- Outsourcing remains a major factor in compliance strategy. Almost a quarter (24 percent) of firms continue to outsource all or part of their compliance functionality (28 percent in 2017, 24 percent in 2016). The reasons for compliance outsourcing include the need for additional assurance on compliance processes, a lack of in-house compliance skills and cost. Among the specific compliance activities outsourced were annual policy reviews and email reviews.

- Total compliance spending Accurately benchmarking total compliance spending is almost impossible, particularly for larger firms, given the wide variations in scope, activities and definition of what is covered by compliance, ranging from cyber resilience and data security to conduct matters. Of those who responded, more than half of firms (54 percent) allocate up to 25 percent of their total spending on maintaining continuing compliant business operations. This gives some indication of the level of investment needed to meet evolving risk and compliance regulatory requirements.

(Stacey English is head of regulatory intelligence and Susannah Hammond is senior intelligence expert at Thomson Reuters Regulatory Intelligence.)