In recent years, there has been a substantial increase in the cost of compliance across the globe. This is supported by credible statistics which indicate that the total projected cost of financial crime compliance, across all global financial institutions, reached $213.9 billion in 2021. This surpassed the $180.9 billion recorded in 2020.
We spoke to Rolf van der Pol, Director at Lysis Singapore, to find out why the global cost of compliance has increased so drastically and how this can be managed.
Compliance by design
He explained that compliance is generally spread across three lines of defence and grouped together according to specific functions and the various levels of risk linked to this. The first line of defence includes the “front end” of the company where products and services are created and sold. This line of defence is also responsible for managing the risk associated with theses activities and can include operational departments, customer service departments etc.
The second line of defence consists of the compliance function itself and hosts compliance and risk focussed activities. This line of defence is therefore responsible for providing guidance and oversight to the first line of defence. The third line of defence comprises of the external and internal auditors. This is where the company’s overall compliance and levels of risk are controlled and evaluated independently, by focusing on the first two lines of defence and advising on corrective actions, where necessary.
Calculating the actual cost of compliance
Rolf pointed out that the cost of compliance is often measured by counting the number of employees that are actively working in a compliance function or compliance-related function. These employees form part of the second line of defence and normally have a dedicated cost code/centre allocated to them, meaning their actual cost to the company can be calculated quite easily.
However, the indirect cost of compliance is sometimes hidden and often overlooked. For example, during the onboarding process of a client, some of the operational employees might be asked to assist with the process which becomes an indirect cost of compliance. Usually, the onboarding process also includes interaction with the client and this function is often referred to the customer service department, as another indirect cost of compliance, which is seldom considered.
Over and above the additional manpower, as an added cost of compliance, one must also consider the use of systems and processes for compliance purposes, which are often located in the first line of defence and therefore also have an indirect cost that must be taken into account when calculating the true cost of compliance. Then, one of the more obvious cost components of compliance includes fines that are issued by regulators for non-compliance and during 2021, this increased to a staggering $5.4 billion on a global scale; a clear indication that regulators are becoming more stringent in their requirements.
Rolf further added that the overall cost of compliance is increasing over time and one of the main reasons could be the sophisticated nature of systems and processes used by companies, compared to a few years ago. Artificial intelligence seems to play a much bigger role in companies’ KYC processes due to the volume of data and additional scrutiny from regulators, in a push to improve compliance.
The global financial industry has also experienced ongoing diversification with various new payment service provides entering the financial realm. They too, must comply with regulatory requirements, in their various jurisdictions, and often proceed without a clear understanding of possible risks and without implementing effective financial controls. This could result in hefty fines and having to implement effective controls in line with regulatory requirements – all increasing the cost of compliance.
Following a risk-based approach
Rolf highlighted that one of the key components in managing the cost of compliance is to follow a risk-based approach. This includes a bespoke approach that is aimed at a company’s specific risk levels and the controls needed to navigate these risks effectively. The process includes the implementation of a granular risk matrix which focuses on clients and entities that are associated with higher levels of risk.
Cooperation between jurisdictions can also reduce the cost of compliance and is something that is emerging strongly on a global level. Collaboration efforts can identify risk trends much quicker and track high risk clients and entities more accurately. This must occur in a responsible manner with the permission of regulators, due to privacy aspects and data protection, but can play an important role in reducing duplication and therefore lowering the cost of compliance.
In closing remarks, Rolf stated that “Emerging risks should be addressed through quick, yet effective interventions, and companies must continue to carefully plan and implement sustainable financial crime frameworks. This will ensure that companies remain effective in managing known and emerging risks, and at the same time, keep the cost of compliance under control. Lysis Group can provide the right blend of skills, expertise, and resources to help firms achieve just that”.