Ten compliance trends in financial institutions

1 November 2019 Security Services & Risk Management, Retail (Industry)

Steyn Basson

Having been involved in the compliance space for more than a decade in some form or another, we have identified ten key compliance characteristics and trends in the majority of South African (and African) financial institutions.

1. Increased load – Whereas a number of years ago compliance was a process that required a small team of people (as a percentage of IT staff) to manage, we have seen a steady increase in the proportion of staff assigned to compliance as opposed to revenue-generating activities. This is due to a steady increase in the number of compliance checks and reports required by regulators, and an increase in the coverage of the reports (i.e., inclusion of more clients and reporting records), as well as an increase in the detail required (i.e., more detail on each client and/or reporting record).

2. Keyman dependency and burnout – A number of organisations make use of a few key staff members to run critical reporting processes. In many cases, this leads to burnout due to the significant levels of stress during reporting periods, or serious issues in cases where staff members actually resign or move on.

3. Reporting deadline pressure – Most organisations still treat reporting season(s) as an event rather than a process, i.e., once (annual) submissions have been completed, everything goes on ice till a month or two before the next report is due. This leads to immense pressure and lots of late nights for the staff entrusted with the reporting process, as well as a lot of (often nasty) surprises and at times missed deadlines and cutting corners when it comes to data quality. Treating reporting as a process leads to early insight into data quality and a huge reduction in pressure during submission season.

4. Lack of repeatability – In a number of cases the activities that are performed to enable reporting for one season have to be started from scratch for the next reporting season. Although some level of rework is to be expected at times, all too often client corrections are made on the final submitted reports, meaning there is almost no re-use of hours and hours of work for the next submission season.

5. Lack of responsibility – In many cases, there are many ‘grey areas’ when it comes to responsibility. Should reporting form part of the IT process, or should business take ownership? In the scenario where it becomes an IT responsibility, we tend to see many cases where business sends inaccurate data to IT, leaving IT with a very difficult task to ensure reporting occurs as expected.

Similarly, if it becomes a business-focused task, often business does not have the appropriate tools to help them clean or prepare their data. The technical nature of the issues that occur during submission means that business is highly reliant on IT for a task that IT does not consider part of their key responsibilities. The answer lies somewhere in between, but we have seen very few organisations that have managed to strike the correct balance.

6. Lack of automation – In a few cases, the reporting process is manual, from the sourcing of data to clean-up processes to the creating and validating (and submitting) of the final file.

7. Data quality issues – Data quality issues plague the majority of financial institutions. Most organisations have legacy data that predates the current stricter compliance landscape, meaning that data that was more than sufficient when it was originally captured now falls well short of minimum requirements. However, this problem extends to newer financial institutions as well (as well as newer data at older financial institutions). In a large number of cases, internal bank systems just can't keep up with the broadening scope of regulation and the resultant data quality requirements, meaning that despite the best training and guidance in this regard, low-quality data still makes a regular appearance in financial systems.

8. Tactical rather than strategic solutions – Due to the nature of how compliance has evolved over the years, a large number of financial institutions make use of tactical rather than strategic solutions today. When compliance requirements were first introduced, it was sufficient to do the bare minimum and repurpose other reports and/or systems/processes to achieve compliance. This was since the scope of the requirements was low, and didn't require much complexity to achieve. In many cases, financial institutions also took a ‘wait and see’ stance to understand where the bar would be set.

As each subsequent year has introduced more requirements, the previous year's solution would be taken out of retirement and tweaked to achieve the new requirements. After a few years of this, the reporting solutions at a number of institutions started resembling a massive snowball rolling down a hill, invariably collapsing and leaving financial institutions with (almost) no solution at all. Additionally, the snowball (tactical) solution almost invariably does not address issues in the most optimal way possible, and there are lots of holes. Being able to take a strategic stance to reporting means considering all of the pitfalls and other aspects upfront.

9. Distraction – Compliance is often seen as a grudge activity inside financial institutions. It is an activity that generates very little real value to most organisations, and in the vast majority of cases, the preference would be to redeploy the team working on compliance reporting to activities that are more closely aligned with the vision/mission of the organisation. Indeed, in the most extreme cases, compliance teams are seen as a nuisance that needs to be tolerated rather than valuable members of the team.

10. Lack of leverage – Too often the results of compliance processes are not used for anything other than reporting. However, since a massive amount of data needs to flow through compliance systems, there is often an opportunity to unlock additional value. Whether it is due to additional analytics that can be performed on data due to having better-structured, cleaner data, or alternative metrics and insights that can be gained due to the data being structured and collated in one area. In our experience, very few financial institutions leverage this feature.

For these reasons, Synthesis' belief is that looking at strategic rather than tactical solutions can help set financial institutions up for long-term success and lower the risk of non-compliance events.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Obscure Technologies adds OneTrust to portfolio
Security Services & Risk Management
Cybersecurity specialist Obscure Technologies has announced the formation of a strategic alliance with OneTrust, a provider of Trust Intelligence.

Three ways to prevent non-delivery
Security Services & Risk Management
By using an escrow platform, you can pay for the item, but the funds are held in a trust account until you receive the item and are happy it’s what you ordered.

Look before you leap into a back-up power solution
Editor's Choice Security Services & Risk Management
Before you rush into purchasing a back-up power solution, you need to take a considered and long-term view of how to get yourself as close to grid independence as possible.

All-mobile people management solution with facial recognition
Editor's Choice Integrated Solutions Security Services & Risk Management Products
The new mobile Incident Desk People Management platform with facial recognition combines identification data on suppliers, staff, sub-contractors and even people on watch lists, for less than the cost of traditional service management tools.

Passion, drive and hard work
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
Colleen Glaeser is a leader in the security market, having made her mark in the male-dominated security industry through determination and hard work, along with a vision of making the world a safer place.

Are you your insider threat?
Technews Publishing Editor's Choice Security Services & Risk Management Commercial (Industry)
Insider threats are a critical aspect of risk management today, but what happens when it is the owner of the company acting fraudulently and making sure none of his staff can catch him?

Trackforce Valiant acquires TrackTik Software
News Integrated Solutions Security Services & Risk Management
Trackforce Valiant, a provider of security workforce management solutions, announced the acquisition of TrackTik Software, a cloud-based security workforce management provider.

Minimise the cost and impact of protest activity
Thorburn Security Solutions Security Services & Risk Management Industrial (Industry)
Strikes and protest actions are common in South Africa and businesses need to prepare for the worst while working for the best outcome that benefits all parties.

SA Security becomes a part of Fidelity ADT
Fidelity Services Group Security Services & Risk Management
Fidelity ADT has announced that it has concluded an agreement with SA Security Alarms & CCTV and has taken over the monitoring and armed response contract from 1 July 2022.

Risk reduction and cybersecurity
Security Services & Risk Management Cyber Security
How should risk managers think about cyber risk? What are the main considerations and red herrings? How do you know you’re mitigating cyber risk?