Ten compliance trends in financial institutions

1 November 2019 Security Services & Risk Management, Retail (Industry)


Steyn Basson

Having been involved in the compliance space for more than a decade in some form or another, we have identified ten key compliance characteristics and trends in the majority of South African (and African) financial institutions.

1. Increased load – Whereas a number of years ago compliance was a process that required a small team of people (as a percentage of IT staff) to manage, we have seen a steady increase in the proportion of staff assigned to compliance as opposed to revenue-generating activities. This is due to a steady increase in the number of compliance checks and reports required by regulators, and an increase in the coverage of the reports (i.e., inclusion of more clients and reporting records), as well as an increase in the detail required (i.e., more detail on each client and/or reporting record).

2. Keyman dependency and burnout – A number of organisations make use of a few key staff members to run critical reporting processes. In many cases, this leads to burnout due to the significant levels of stress during reporting periods, or serious issues in cases where staff members actually resign or move on.

3. Reporting deadline pressure – Most organisations still treat reporting season(s) as an event rather than a process, i.e., once (annual) submissions have been completed, everything goes on ice till a month or two before the next report is due. This leads to immense pressure and lots of late nights for the staff entrusted with the reporting process, as well as a lot of (often nasty) surprises and at times missed deadlines and cutting corners when it comes to data quality. Treating reporting as a process leads to early insight into data quality and a huge reduction in pressure during submission season.

4. Lack of repeatability – In a number of cases the activities that are performed to enable reporting for one season have to be started from scratch for the next reporting season. Although some level of rework is to be expected at times, all too often client corrections are made on the final submitted reports, meaning there is almost no re-use of hours and hours of work for the next submission season.

5. Lack of responsibility – In many cases, there are many ‘grey areas’ when it comes to responsibility. Should reporting form part of the IT process, or should business take ownership? In the scenario where it becomes an IT responsibility, we tend to see many cases where business sends inaccurate data to IT, leaving IT with a very difficult task to ensure reporting occurs as expected.

Similarly, if it becomes a business-focused task, often business does not have the appropriate tools to help them clean or prepare their data. The technical nature of the issues that occur during submission means that business is highly reliant on IT for a task that IT does not consider part of their key responsibilities. The answer lies somewhere in between, but we have seen very few organisations that have managed to strike the correct balance.

6. Lack of automation – In a few cases, the reporting process is manual, from the sourcing of data to clean-up processes to the creating and validating (and submitting) of the final file.

7. Data quality issues – Data quality issues plague the majority of financial institutions. Most organisations have legacy data that predates the current stricter compliance landscape, meaning that data that was more than sufficient when it was originally captured now falls well short of minimum requirements. However, this problem extends to newer financial institutions as well (as well as newer data at older financial institutions). In a large number of cases, internal bank systems just can't keep up with the broadening scope of regulation and the resultant data quality requirements, meaning that despite the best training and guidance in this regard, low-quality data still makes a regular appearance in financial systems.

8. Tactical rather than strategic solutions – Due to the nature of how compliance has evolved over the years, a large number of financial institutions make use of tactical rather than strategic solutions today. When compliance requirements were first introduced, it was sufficient to do the bare minimum and repurpose other reports and/or systems/processes to achieve compliance. This was since the scope of the requirements was low, and didn't require much complexity to achieve. In many cases, financial institutions also took a ‘wait and see’ stance to understand where the bar would be set.

As each subsequent year has introduced more requirements, the previous year's solution would be taken out of retirement and tweaked to achieve the new requirements. After a few years of this, the reporting solutions at a number of institutions started resembling a massive snowball rolling down a hill, invariably collapsing and leaving financial institutions with (almost) no solution at all. Additionally, the snowball (tactical) solution almost invariably does not address issues in the most optimal way possible, and there are lots of holes. Being able to take a strategic stance to reporting means considering all of the pitfalls and other aspects upfront.

9. Distraction – Compliance is often seen as a grudge activity inside financial institutions. It is an activity that generates very little real value to most organisations, and in the vast majority of cases, the preference would be to redeploy the team working on compliance reporting to activities that are more closely aligned with the vision/mission of the organisation. Indeed, in the most extreme cases, compliance teams are seen as a nuisance that needs to be tolerated rather than valuable members of the team.

10. Lack of leverage – Too often the results of compliance processes are not used for anything other than reporting. However, since a massive amount of data needs to flow through compliance systems, there is often an opportunity to unlock additional value. Whether it is due to additional analytics that can be performed on data due to having better-structured, cleaner data, or alternative metrics and insights that can be gained due to the data being structured and collated in one area. In our experience, very few financial institutions leverage this feature.

For these reasons, Synthesis' belief is that looking at strategic rather than tactical solutions can help set financial institutions up for long-term success and lower the risk of non-compliance events.




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Risk management and compliance enforcement
Security Services & Risk Management
Having a risk management and compliance programme (RMCP) is not just a procedural formality; it is a legal requirement under Section 42 of the Financial Intelligence Centre Act (FICA).

Read more...
The dangers of poor-quality solar cables
Security Services & Risk Management Smart Home Automation
Reports indicate that one in six fires attended by South African firefighters is linked to substandard solar installations, often due to faulty wiring or incompatible components.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it is a gamble.

Read more...
Chubbsafes celebrates 190 years
Gunnebo Safe Storage Africa News & Events Security Services & Risk Management
Chubbsafes marks its 190th anniversary in 2025 and as a highlight of the anniversary celebrations it is launching the Chubbsafes 1835, a limited edition 190th-anniversary collector’s safe.

Read more...
New law enforcement request portal
News & Events Security Services & Risk Management
inDrive launches law enforcement request portal in South Africa to support safety investigations. New portal allows authorised South African law enforcement officials to securely request user data related to safety incidents.

Read more...
Continuous AML risk monitoring
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
AU10TIX, launched continuous risk monitoring as part of its advanced anti-money laundering (AML) solution, empowering businesses to detect behavioural anomalies and emerging threats as they arise.

Read more...
Growing risks for employers
Security Services & Risk Management
With South Africa’s unemployment rate exceeding 32% and expected to rise beyond 33% this year, desperation is fuelling deception in the job market. Trust is no longer a given, it’s a gamble.

Read more...
Axis secures the Waterfront
Surveillance Entertainment and Hospitality (Industry) Retail (Industry)
Axis Communications shares insight into its longstanding partnership with the V&A Waterfront, one of Africa’s premier retail and mixed-use precincts, through its latest, updated customer success story.

Read more...
Managing mining physical security risks
Zulu Consulting Security Services & Risk Management Mining (Industry) Facilities & Building Management
[Sponsored] Risk-IO, a web app from Zulu Consulting, is designed to assist risk managers in automating and streamlining enterprise risk management processes, ensuring no steps are skipped and everything is securely documented.

Read more...
SAFPS issues SAPS impersonation scam warning
News & Events Security Services & Risk Management
The Southern African Fraud Prevention Service (SAFPS) is warning the public against a scam in which scammers pose as members of the South African Police Service (SAPS) and trick and intimidate individuals into handing over personal and financial information.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.