COST OF COMPLIANCE 2018: Alignment with other risk and control functions, liaison with regulators

LONDON/NEW YORK(Thomson Reuters Regulatory Intelligence) - Seventy-four percent of firms expected the focus on managing regulatory risk to increase in the coming year, with 24 percent expecting a significant increase, according to a Thomson Reuters survey. The Cost of Compliance annual survey reviewed the challenges financial services firms expect to face in the year ahead.

A man is reflected on the glass facade of the Bonn Post Tower as he enters the headquarters of German postal and logistics group Deutsche Post DHL in Bonn March 8, 2012.

The survey, now in its ninth year, generated responses from more than 800 senior compliance practitioners worldwide, representing global systemically important financial institutions (G-SIFIs), banks, insurers, broker-dealers and asset managers. As with all previous years, the report builds on annual surveys of similar respondents and, where relevant, highlights year-on-year and regional trends.


FIGURE14:In an average week, how much time does your compliance team spend with legal, internal audit and risk functions on compliance issues, in hours (

The alignment in terms of the interaction between the compliance function and legal, internal audit and risk has been mixed, with the number of compliance teams who spend less than an hour a week with other control functions a potential concern. The control functions in a firm all have distinct roles and remits but firms should be aware of the potential benefits which greater liaison and cooperation may bring.

The scarcity and value of skilled compliance resources has been highlighted by both the expected increase in the cost of senior compliance staff and the continued use of outsourcing to gain the compliance skills needed.

Firms can seek to make the best use of in-house skills by optimising the alignment, cooperation and coordination between the risk and control functions to ensure there is coverage of the main risks to the organisation and that all associated reporting is consistent, particularly when covering culture and conduct risk.


Regulatory developments, expectations of good firm culture, conduct risk, increasing personal liability and growing scrutiny mean that both firms and individuals are more in need of appropriate in-house compliance expertise, skills and experience than ever.

Liaising and communicating with regulators and exchanges is one area where technology is unlikely to be of significant assistance. Building and maintaining a strong working relationship with regulators requires skilled senior in-house compliance officers to interact on a personal basis with all relevant supervisors.

During the years the survey has been conducted, there has been a gradual shift in the time compliance practitioners expect to spend liaising and communicating with regulators and exchanges. In 2018, 58 percent of firms expect to spend more time liaising with regulators and exchanges, with 16 percent expecting to spend significantly more time.

The expected increase is higher among the G-SIFI population, at 66 percent. The top three reasons given as to why firms expect more time to be spent liaising and communicating with regulators were:

- more onerous regulatory and reporting requirements;

- more information requests from regulators; and

- the need to understand changing regulatory expectations.

Those firms which expect significantly more time to be spent liaising and communicating with regulators are based in Canada (25 percent); the Middle East (25 percent); Australasia (18 percent); and Continental Europe (16 percent). For these regions, more onerous regulatory and reporting requirements, and more intensive supervision, were among the priority areas driving expectations.

FIGURE15:Over the next 12 months I expect the time spend liaising and communicating with regulators and exchanges to be....(

FIGURE16:Over the next 12 months I expect the time spent liaising and communicating with regulators and exchanges to be..(


The expected focus on the need to manage regulatory risk is unrelenting. Seventy-four percent of firms expected the regulatory focus on managing regulatory risk to increase in the coming year, with 24 percent expecting a significant increase. In the G-SIFI population, 76 percent expected an increase, with 28 percent expecting a significant increase (up from 15 percent in 2017).

A third (33 percent) of firms in Australasia, and more than a quarter of firms in Asia and Canada (27 percent) expect managing regulatory risk to increase significantly in the next 12 months. This may be attributed to various regulatory efforts to hone in on poor culture and misconduct, including Australia’s banking inquiry, the Banking Executive Accountability Regime (BEAR), and the Manager-in-Charge (MIC) regime introduced by the Hong Kong Securities and Futures Commission.

The areas where compliance teams are expecting to have more involvement have shown relative consistency year on year, apart from the assessment of fintech/regtech solutions, which has increased from 33 percent to 41 percent. This increases further for G-SIFIs, where more than half (55 percent) of practitioners expect more compliance involvement in assessing fintech and regtech solutions.

FIGURE17:Expectation that the regulatory focus on managing regulatory risk will increase over the next 12 months (

FIGURE18:Over the next 12 months I expect more compliance involvement in.. (

Practitioners provided specific details on other areas in which they expect to have more compliance involvement over the next 12 months. These include:

- improving surveillance;

- General Data Protection Regulation (GDPR) readiness(here);

- assessing privacy and data protection regulations;

- conduct risk management;

- liquidity risk management;

- know-your-client (KYC) processes;

- training;

- facilitating a process to spread knowledge of regulations in the first line;

- greater focus on behavioural matters;

- embedding an appropriate compliance culture;

- policy management;

- hotline compliance;

- increased participation in product development;

- new regulations;

- burdensome regulatory reporting;

- assisting with the development of self-testing protocols for business line staff;

- assisting business line staff in identifying risks and creating effective controls in all system (computerised) solutions;

- assessing regulatory change and the impact on the business;

- local and international tax obligations, e.g., Common Reporting Standard (CRS) and the U.S. Foreign Account Tax Compliance Act (FATCA)[here].

To download the full report click (here).

(Stacey English is head of regulatory intelligence and Susannah Hammond is senior intelligence expert at Thomson Reuters Regulatory Intelligence.)