Ten compliance trends in financial institutions

1 November 2019 Security Services & Risk Management, Retail (Industry)

Steyn Basson

Having been involved in the compliance space for more than a decade in some form or another, we have identified ten key compliance characteristics and trends in the majority of South African (and African) financial institutions.

1. Increased load – Whereas a number of years ago compliance was a process that required a small team of people (as a percentage of IT staff) to manage, we have seen a steady increase in the proportion of staff assigned to compliance as opposed to revenue-generating activities. This is due to a steady increase in the number of compliance checks and reports required by regulators, and an increase in the coverage of the reports (i.e., inclusion of more clients and reporting records), as well as an increase in the detail required (i.e., more detail on each client and/or reporting record).

2. Keyman dependency and burnout – A number of organisations make use of a few key staff members to run critical reporting processes. In many cases, this leads to burnout due to the significant levels of stress during reporting periods, or serious issues in cases where staff members actually resign or move on.

3. Reporting deadline pressure – Most organisations still treat reporting season(s) as an event rather than a process, i.e., once (annual) submissions have been completed, everything goes on ice till a month or two before the next report is due. This leads to immense pressure and lots of late nights for the staff entrusted with the reporting process, as well as a lot of (often nasty) surprises and at times missed deadlines and cutting corners when it comes to data quality. Treating reporting as a process leads to early insight into data quality and a huge reduction in pressure during submission season.

4. Lack of repeatability – In a number of cases the activities that are performed to enable reporting for one season have to be started from scratch for the next reporting season. Although some level of rework is to be expected at times, all too often client corrections are made on the final submitted reports, meaning there is almost no re-use of hours and hours of work for the next submission season.

5. Lack of responsibility – In many cases, there are many ‘grey areas’ when it comes to responsibility. Should reporting form part of the IT process, or should business take ownership? In the scenario where it becomes an IT responsibility, we tend to see many cases where business sends inaccurate data to IT, leaving IT with a very difficult task to ensure reporting occurs as expected.

Similarly, if it becomes a business-focused task, often business does not have the appropriate tools to help them clean or prepare their data. The technical nature of the issues that occur during submission means that business is highly reliant on IT for a task that IT does not consider part of their key responsibilities. The answer lies somewhere in between, but we have seen very few organisations that have managed to strike the correct balance.

6. Lack of automation – In a few cases, the reporting process is manual, from the sourcing of data to clean-up processes to the creating and validating (and submitting) of the final file.

7. Data quality issues – Data quality issues plague the majority of financial institutions. Most organisations have legacy data that predates the current stricter compliance landscape, meaning that data that was more than sufficient when it was originally captured now falls well short of minimum requirements. However, this problem extends to newer financial institutions as well (as well as newer data at older financial institutions). In a large number of cases, internal bank systems just can't keep up with the broadening scope of regulation and the resultant data quality requirements, meaning that despite the best training and guidance in this regard, low-quality data still makes a regular appearance in financial systems.

8. Tactical rather than strategic solutions – Due to the nature of how compliance has evolved over the years, a large number of financial institutions make use of tactical rather than strategic solutions today. When compliance requirements were first introduced, it was sufficient to do the bare minimum and repurpose other reports and/or systems/processes to achieve compliance. This was since the scope of the requirements was low, and didn't require much complexity to achieve. In many cases, financial institutions also took a ‘wait and see’ stance to understand where the bar would be set.

As each subsequent year has introduced more requirements, the previous year's solution would be taken out of retirement and tweaked to achieve the new requirements. After a few years of this, the reporting solutions at a number of institutions started resembling a massive snowball rolling down a hill, invariably collapsing and leaving financial institutions with (almost) no solution at all. Additionally, the snowball (tactical) solution almost invariably does not address issues in the most optimal way possible, and there are lots of holes. Being able to take a strategic stance to reporting means considering all of the pitfalls and other aspects upfront.

9. Distraction – Compliance is often seen as a grudge activity inside financial institutions. It is an activity that generates very little real value to most organisations, and in the vast majority of cases, the preference would be to redeploy the team working on compliance reporting to activities that are more closely aligned with the vision/mission of the organisation. Indeed, in the most extreme cases, compliance teams are seen as a nuisance that needs to be tolerated rather than valuable members of the team.

10. Lack of leverage – Too often the results of compliance processes are not used for anything other than reporting. However, since a massive amount of data needs to flow through compliance systems, there is often an opportunity to unlock additional value. Whether it is due to additional analytics that can be performed on data due to having better-structured, cleaner data, or alternative metrics and insights that can be gained due to the data being structured and collated in one area. In our experience, very few financial institutions leverage this feature.

For these reasons, Synthesis' belief is that looking at strategic rather than tactical solutions can help set financial institutions up for long-term success and lower the risk of non-compliance events.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

The components of and need for cyber resilience
Cyber Security Security Services & Risk Management
Organisations need to implement a comprehensive cyber resilience solution with data protection, backup, disaster recovery and business continuity to protect against ever-more complex and rising cyberthreats.

Enabling safety in communities
Security Services & Risk Management Products
Many Hytera devices are equipped with personal safety features, including emergency calling, Man Down and Lone Worker alerts, and GPS to enable users to be monitored and tracked.

Is the smoke beginning to clear for password security?
Access Control & Identity Management Security Services & Risk Management
The password problem is the result of bad habits, and they can be hard to break. But ask anyone that has done it and they will not tire of telling you the benefits.

IoT provides assurance in ESG initiatives
Security Services & Risk Management
Environmental, social and governance (ESG) metrics can be used effectively to measure and define the impact an organisation has, the trust it engenders, and the value it takes beyond the shareholder and into the ecosystem.

The benefits of investing in whole-house surge protection
Smart Home Automation Security Services & Risk Management Residential Estate (Industry)
When you consider that the potential for equipment damage can run well into the hundreds of thousands of rands, whole-house surge protection is a worthwhile expense.

Are you your insider threat?
Technews Publishing Editor's Choice Security Services & Risk Management Commercial (Industry)
Insider threats are a critical aspect of risk management today, but what happens when it is the owner of the company acting fraudulently and making sure none of his staff can catch him?

Minimise the cost and impact of protest activity
Thorburn Security Solutions Security Services & Risk Management Industrial (Industry)
Strikes and protest actions are common in South Africa and businesses need to prepare for the worst while working for the best outcome that benefits all parties.

How to make data governance practical
Security Services & Risk Management Commercial (Industry)
For many businesses, data governance is not well received because governance programmes are often driven by supporting functions like compliance or IT, with a focus on the needs of these functions.

Passion, drive and hard work
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring Security Services & Risk Management
Colleen Glaeser is a leader in the security market, having made her mark in the male-dominated security industry through determination and hard work, along with a vision of making the world a safer place.

How to react in an armed robbery or home invasion
Fidelity Services Group Security Services & Risk Management News
How you react when faced with a nervous, gun-toting criminal can save your life, or cost you your life; all family members need to know what to do in such circumstances.