“Regulatory excellence” may sound like an oxymoron but is actually – counterintuitively – the key to cutting compliance costs (and risks).
My former colleague Lyn Farrell has shared the secret formula for curing most bank regulatory challenges in her new American Banker article.
Banks are grappling with skyrocketing regulatory risks, and most, not surprisingly, are therefore hiring more people and spending more money on compliance – many thousands of new hires throughout the financial industry. My own recent ABA Banking Journal article chronicled this phenomenon, which is destabilizing and remaking the compliance profession itself. These investments are necessary up to a point, but they miss the more important change banks must make to contain the escalation in both risks and costs: namely, to shift the lead compliance responsibility from the “compliance” function into the business line, and make it a core component of quality.
As Lyn notes, other industries do this, using zero-defect and LEAN methodologies to be sure their products contain no errors. Banks, of course, spend tremendous sums on technology and systems to avoid compliance mistakes, but virtually every bank still makes them in their business functions, and then catches and corrects them through their compliance function. The mistakes are inherently hard to avoid because both the products and regulations are complicated and constantly changing, and also because many banks still use old technology that is not geared to preventing rather than detecting errors.
Most banks will say that their business lines “own” compliance, but few have actually created sufficiently robust systems and cultures in their business units to produce zero compliance defects. It was not uncommon, a few years back, to hear bankers say they would not want their compliance performance to deserve an A+ rating, because that might mean they were spending too much. A solid B might suffice. Accompanying that logic was the assumption that the business line leaders should focus on financial performance metrics and rely on the compliance and legal staffs to manage the regulatory challenges.
That thinking is backwards, because in reality, it’s much more expensive to find and fix errors after-the-fact than to prevent their happening at all. This is always true about quality – doing things right the first time is by far the cheapest approach. The banks that truly begin to reverse this old old pattern -- those whose business lines fully internalize compliance accountability, whose business leaders spend time personally thinking deeply about it, and whose technology strategies transform around preventing problems (including meeting the regulators’ evolving standards on “fairness”) – those banks will gain huge competitive advantage. They will both contain costs and become positioned for growth with minimal regulatory headwinds.
The regulators have a key role too. They have traditionally set expectations for the “three lines of defense,” with the business unit as the first line, the compliance/risk group as second, and audit as third – by emphasizing the need for independent (and thus) redundant reviewing by all three to assure correct regulatory outcomes. They want to see very robust second and third lines because, as Lyn rightly notes, they don’t much trust the first lines. They worry that the business units want to skimp on compliance.
What if banks’ business units could actually win the regulators’ trust? It would take a lot to overcome skepticism, but embracing “regulatory excellence” is the pathway to lean, clean, low-cost, low-risk regulatory performance.
Lyn’s article maps out how to get there. As with all of today’s critical compliance challenges, the keys are culture and technology.
As I work on my book, I’m looking for input from both business and compliance people at financial companies on the difficulties of compliance. I’m especially interested in hearing about costs, and areas where costs are high and benefit to consumers is low – or where consumers are actually harmed by regulatory efforts to help them. I’ll be interviewing people as well. I’ll welcome hearing perspectives and stories.