2015 banking outlook: Controlling costs through compliance optimization

Banking outlookDownload the full report (PDF).


  • The compliance function has taken its place at the heart of the banking organization, a much more prominent position for what had in the past often been more of a check-the-box function.
  • A host of new regulations means that compliance must take on added prominence in organizations and be approached in a more strategic fashion. Indeed, the once-sleepy compliance function now frequently reports into banks’ highest levels.
  • In addition to simply trying to keep up with new regulations and addressing any gaps in their compliance, banks must try to address the added costs posed by heightened regulatory requirements, often doing so in the need to control costs created by a low-return environment.

2014 trends/developments

In remarks before a conference in September, James A. Forese, co-president of Citigroup Inc., said bank regulatory costs could reach $10 billion industry-wide in the near future.

Banks face additional compliance challenges in gathering and assembling the data necessary to meet many new regulatory requirements. Institutions designated as systemically important financial institutions are under additional pressure to implement the Basel Committee on Banking Supervision’s Principles for Effective Risk Data Aggregation and Risk Reporting by 2016.

Heightened governance standards in the form of final guidelines published in September by the Office of the Comptroller of the Currency (OCC) dictate that covered large financial institutions establish and adhere to a written risk governance framework to manage and control their risk-taking activities.1 The guidelines apply to insured national banks, insured federal savings associations, and federal branches of foreign banks with $50 billion or more in average total consolidated assets, as well as OCC-regulated institutions with less than $50 billion in average total consolidated assets if that institution’s parent controls at least one other covered institution.

The task of generating some regulatory reports is one of collaborative disclosure management, with multiple participants in different departments often working together to assemble all the inputs necessary to create the report. Often those requirements involve discrete sources of data generated by separate systems never intended to integrate with one another or report in the manner sought by regulators.

Performing stress testing, either with the Comprehensive Capital Analysis and Review (CCAR) models required by the Federal Reserve, or as part of Dodd-Frank Act Stress Testing (DFAST), is revealing opportunities to strengthen the banks’ risk management functions and implement sounder ERM frameworks and processes. Stress testing provides a much-needed supplement to the traditional capital risk-adjusted management infrastructure. For example, stress testing demands vast data inputs from across the bank and, often, extensive data cleanup efforts as well. Furthermore, meeting Know Your Customer requirements may see a bank pulling together customer history data, analysis on transaction tendencies, information from an anti-money laundering database, financial data from various sources, and information from settlement and trade platforms.

Reporting requirements based on various types of unstructured data — information in document or text form — such as verifying that policies or procedures are being followed, present their own compliance challenges.

An additional compliance challenge facing banks as they look to deal with new regulatory requirements is adding — and paying — the additional staff required to meet expanded compliance demands. As banks look to expand their rosters of risk and compliance personnel, those in some markets are finding the pool of qualified candidates to be a shallow one, with the demand vs. supply equation predictably driving up the cost of acquiring and retaining necessary staff. Banks can mitigate staff shortfalls by relying on a fully integrated project management office to establish a rigorous and systematic approach to compliance efforts.

Suggested actions

Banks must optimize their compliance efforts in order to remain competitive despite ongoing regulatory pressures.

Process improvement is a key element of banks’ efforts to build more structure and governance in moving toward compliance optimization. Ideally, the solution to near-term regulatory gaps can be achieved within the bank’s existing infrastructure without the need to invent new technology.

Banks should take a broad view in making compliance improvements so that the infrastructure and reporting improvements made to address the immediate regulatory issue ultimately support multiple regulatory requirements as well as other important business decisions. Such an approach also will help the organization minimize expenses and maximize profits.

Co-sourcing arrangements with subject matter experts who can assist during preparations for examinations or prior to regulators’ visits can address staffing issues associated with increasing regulatory requirements.

Effective use of advanced analytics can enable banks to gain added benefit from the data they’re gathering and assembling as they comply with new regulations. Using advanced analytics, banks can leverage those data assets to anticipate emerging risks and make more appropriate risk mitigation decisions. To do so, a bank’s leaders must take a strong position advocating the use of data in new ways to allow banks to formalize and incorporate the use of enterprise data to drive informed decisions on future risks and outcomes.

A strategic and sustainable approach to the compliance mission can provide the additional benefit of helping banks address some of the staffing considerations around the increasing regulatory compliance requirements. By going beyond fixing immediate regulatory gaps to take a longer-term approach to transforming the compliance mission — involving the chief risk officer and the chief compliance officer in the process — banks can demonstrate to regulators a strategic multiyear regulatory program. Such strategies for building a compliance transformation and enterprise risk management program will inherently follow a timeline that should allow banks to address adding needed compliance staff over time.

Integrating compliance more closely with product development can also help banks with their compliance optimization efforts. With banks increasingly looking to new or modified products as a way of increasing revenue, they also face the risks associated with new products, among them the compliance risks from products that violate laws, rules or regulations, or fail to comply with internal policies or ethical standards.

Robust governance and sound new product and service risk management processes can reduce those compliance risk exposures. Such moves require strong leadership involvement in the new product governance framework, comprehensive policies and procedures, a formal product approval process, centralized tracking and identification of new products, regular discussions after the new product launch, and a formal reporting process that tracks and retains correspondence to the relevant regulatory body.

It’s important that the compliance optimization improvements be achieved in a fashion that makes them sustainable over the long term. The greatest successes in compliance optimization efforts occur when organizations view risk management and compliance effectiveness as a strategic necessity for the business rather than an additional cost or burden.


<< Back to The current state of the industry      Forward to Essential ERM: Manage risk or risk disaster >>

<< Back to main Hedge funds 101 page                                                   Forward to Sustaining profitability >>

- See more at:

<< Back to main Hedge funds 101 page                                                   Forward to Sustaining profitability >>

- See more at:

1 Federal Register, Volume 79, Number 176, Office of the Comptroller of the Currency, Sept. 11, 2014.