Viewing risk and compliance functions as hindrances is a common and, some would argue, valid interpretation. More nuanced, is the interpretation that risk-management and compliance are hurdles that help to keep the industry healthy. But here at Aveni, we think it can be even more than that – an opportunity to use risk and compliance as a tool to enhance the firm’s success rather than seeing it as a drag on a business’ ability to innovate and serve.
The finance sector is a barometer for an ever-changing world. The whole point of regulation in this sector is to ensure firms serve their customers fairly and competently, benefiting the economy and society at large. In the face of ever-changing regulation, increasing fines, consumer vulnerability in a pandemic, and a growing workload for risk teams, two key issues for financial services firms are risk-management and compliance.
In order for financial services to better fulfil the serve function for the global economy, the sector has to
be clever about what tools it decides to use, ensuring it delivers maximum value and offers them longer term benefits.
Here are 5 reasons to start thinking about risk and compliance as an opportunity to add value to your firm rather than a function that drains resources…
1. The basics of risk & compliance
For financial services firms, the benefits of risk management and compliance are basically avoiding fines and litigation, and… that’s it. Risk and compliance cost the businesses money because you have to pay people to fulfil that function. But they don’t directly and identifiably contribute to capital inflows. Still, it’s important to acknowledge that avoiding fines, regulatory litigation, and reputational damage is a way of creating value (or preventing its destruction).
2. Enhancing basic efficacy – proactive vs. reactive
Reactive Strategy (Structure of Risk-Management and Compliance)
The set-up of risk and compliance in financial services firms is a review of the business’ activities after the fact, done by a separate department, which is usually outside of the main business line. Post analysis of actions that have already been taken means that if risk managers and compliance experts need (for example) to lower the firm’s risk exposure before a regulatory deadline, the only power they have is to constrain future behaviour; and because the risk is already out of hand, they need to constrain the main business’ activities a lot in order to get risk back under control.
If risk and compliance could spread out constraints over the entire regulatory period, they wouldn’t have to interfere as strongly. Minor interventions would help risk-management and compliance be a part of the decision-making process in advance. By changing the approach to being more preventative, firms could get ahead of problems rather than frantically trying to fix them at the end, which increases the chances of meeting regulatory requirements, and in turn lowers the chances of fines, other penalties, or litigation costs. Basically, it would make risk-management better at contributing to value by making it better at preventing losses.
3. Regulation and business – building a compliance culture
The current set-up of risk and compliance as a tick box rather than a prerequisite faces another barrier. It doesn’t just hamper the functions’ effectiveness. Fundamentally, it doesn’t set-up risk and compliance to be welcomed by the rest of the firm. It inherently pits them against each other. This means the main business is unlikely to prioritise risk and compliance in their daily activities and means that when the compliance function comes to bear, it tends to face a lot of resistance.
This interpersonal conflict between the two lines is bad for business. It makes internal oversight even less effective and can create real problems for ‘compliance culture’, which has been a concern for regulators since Basel I and has escalated in importance in Basels II and III (with IV mostly focusing on changing the regulatory standards that implement Basel III).
Clearly, there’s a further benefit to seeing risk and compliance as part of the process of business rather than a separate process that interferes. By cooperating with the business side during the decision-making process rather than fighting against it afterwards, risk and compliance functions can build a team mindset within the firm, and help create that elusive compliance culture. Reportedly, ‘73% of practitioners think that the regulatory focus on culture and conduct risk will increase the personal liability of senior managers’ – and this escalates to 91% of firms when examining the UK. But by lowering the likelihood of conflict, and increasing the odds of cooperation, solving problems that seemed impossible due to interpersonal conflict becomes easier, and the pressure is less overwhelming.
4. Not opportunity costs, but creating opportunities and optimising costs
Risk-management is viewed as a function that costs the firm money not just because it itself is a cost, but also because it costs the firm opportunities in the short-term by not permitting it to take on risk. 34% of firms admitted to discarding ‘a potentially profitable business proposition due to culture- or conduct-risk concerns’. So let’s discuss opportunity costs for businesses created by risk and compliance concerns, not to mention the advances in Natural Language Processing (NLP) solutions for risk and compliance mitigates the risk of conduct issues as it helps agents to perform better as well as addresses issues in real-time.
Risk and compliance functions are, in essence, detailed monitoring by the company of things the company is already doing. Even though their current purpose is mostly regulatory, risk and compliance actually provide greater opportunities to improve pre-decision-making of firms and optimise risk-taking to the firm’s specific goals, which will help achieve higher profit margins. Even better, the information gleaned in monitoring can also be used to evaluate efficiency, best practice, customer experience and targeting, and innovation, not just compliance and risk. Deeper insight means the ability to treat customers better, reduce costs, reciprocate customer loyalty, and increase customer lifetime value. This being said, NLP solutions are the way forward to ensure consumers’ needs are met with improved solutions.
Companies, such as ourselves, use speech analytics to monitor calls. Firms can now monitor 100% of all calls, not just the 1% they currently do. This increase also helps them to better understand their customers and their agents, leading to better clients outcomes and provides better support for agents in the long term.
5. Risk and compliance innovations actively benefit business
Data Quality and Procedure Issues
The final barrier to viewing risk and compliance as a way to create value rather is the very real issue of controlling the data quality for calculations and procedures. For example, many banks know that the data used in their Risk-weighted asset (RWA) calculations are imperfect, and that means that while banks run many different methods of calculations to try and see an issue from as many angles as possible, they can never fully trust the answer that they get. As we saw in 2007, trusting a model that is blind to novel risks is incredibly dangerous.
Additionally, regulators and supervisors are constantly updating their assessment methods and models to keep pace with new information and technological breakthroughs, meaning there’s always a chance that a firm may think they are compliant using an old model of analysis, but actually not be considered compliant under a new assessment procedure. This is a constant risk that grows if a firm fails to keep up with the latest breakthroughs in risk-assessment and compliance technology because regulators always prefer to use the most advanced FinTech and RegTech.
Fortunately, the risk and compliance functions are not bereft of creative minds ready to innovate. A whole new area of FinTech, called RegTech, has opened up, and regulatory functions are being built into the latest Distributed Ledger Technologies. Even more advanced is AI technology that can automate analysis for risk and compliance concerns in real-time, and provide advice to employees in financial services to help them optimise risk and be compliant throughout the activity cycle. This technology can basically help make the risk and compliance functions in the first instance and build them into the decision-making process of day-to-day business at the same time.
Also, without an appropriate budget for the compliance function, firms will begin to lack the skill sets required for the future regarding the ramifications of COVID-19, climate risk, data science and technology. Budgets need to be sufficient for firms to invest in day-to-day compliance activities, to update essential skills and be able to deploy technology to improve compliance efficiency.
What’s next for Risk and Compliance?
Risk-management, governance, and compliance functions are said to account for about 1/7th of the financial services workforce. Over the next decade, the biggest innovations in Financial services are expected to be in FinTech, RegTech, AI, and DLT. The budgets for these innovations are expanding, and regulators expect financial institutions to remain compliant even in a world they might not perfectly understand. If firms don’t invest in the technical and technological advancement of risk and compliance functions apace with those of the main business lines, they face a real risk of not being able to know when they don’t comply, opening them to penal and litigious action. And firms know this, with 69% of UK firms reporting that, in the next 12 months, they expect the time and resources dedicated to conducting risk to rise.
Financial Services firms that are serious about transforming the way they manage risks, can become more dynamic and better able to respond quickly to new developments. This will give them the opportunity to play a greater role in decision making as well as leverage emerging technologies to create a new digital environment which will reduce cost as well as improve the ability to identify and manage risks, making it a win-win for everyone.
Written by Riva Bagully-Hawley
To learn more about what we do, visit Aveni Detect