cost of compliance

8/2/2019 Cost of Compliance

http://slidepdf.com/reader/full/cost-of-compliance 1/8

COST OF COMPLIANCE

SURVEY 2012Stacey English and Susannah Hammond

REUTERS/ TORU HANAI



Thomson Reuters GRC surveyed more than 500 compliance

practitioners rom nancial services rms around the world between

November 2011 and January 2012 to canvass their views on the costs

o compliance and their greatest challenges or the year ahead. The

results refect the continued ocus on regulation and compliance in

the atermath o the global nancial crisis and the ever-increasing

complexity and volume o requirements. Similar research was

undertaken in prior years and comparable results are included where

applicable.

The responses received covered Europe, the Americas, Australasia, Asia,

Arica and the Middle East. They represented rms rom across the

nancial services sector, including banks, insurers and und managers.

Feedback came rom nancial services rms o all sizes, ranging rom

those whose compliance departments comprised just one person to

global conglomerates with much greater resources.

It is clear rom both the number o respondents and the rankness o the

detailed comments received that compliance ocers rom all regulated

rms are, more than ever, under severe pressure. It is evident rom the

responses that many compliance ocers have now reached saturation

point.

Firms’ executive management and regulators alike need to understand

and address the increasing strain on compliance. A vital actor in easing

the pressure on the compliance unction is the provision o adequate

skilled resources to meet the growing demands and challenges. The

oten under-valued task o compliance can be made substantially

easier where senior managers visibly and vocally demonstrate

support or the compliance unction and promote a compliant culture.

Similarly regulators around the world must start to take account o the

relentless pressure on compliance unctions to assimilate and drive the

implementation o the ever-increasing burden o regulatory change, i

that change is to be eective.

“A Chie Compliance Ocer who

does not have the ull support and

engagement o senior management

and the board is not going to be

eective.”

Carlo V. di Florio, Director, Ofce o Compliance Inspections and

Examinations, U.S. Securities and Exchange Commission, January 2012.

The majority o the respondents had ewer than ve people in their

team to manage the ever-growing compliance obligations or their

organisation. The survey asked about the proportion o time spent on

key compliance activities and the chart above provides a snapshot o

the average compliance week based on the most popular responses.

While this illustration covers core activities, it is only a proportion o

compliance obligations. When other crucial value-added roles and

activities are also actored into the working week – activities such as

dealing with queries rom the business, undertaking investigations or

past business reviews, and managing regulatory visits and relationships

– it is clear why compliance teams are so stretched. On average, halo the typical compliance ocer’s working week is taken up with the

bare non-optional basics. This result again leads to the conclusion that

many compliance ocers are reaching breaking point.

Typical week o a compliance ocer

TRACKING, ANALYSING AND INFLUENCING REGULATORY CHANGE

Tracking potential and actual change is essential to ensure that the rm

is aware o and prepared to meet regulatory requirements. Compliance

ocers around the world are under no illusions that 2012 will bring

even more regulatory inormation rom both regulators and exchanges.

Almost hal o respondents thought that the level o regulatory

inormation would be signicantly higher over the next year.

Overall, 84 percent o compliance ocers surveyed believed the fow o

regulatory inormation would increase in 2012. These expectations have

steadily risen over the past ew years and are supported by nearly a 16

percent increase in the number o regulatory alerts tracked by Thomson

Reuters GRC year on year.

Over the next 12 months, I expect the amount o regulatory

inormation published by regulators and exchanges to be:

SIGNIFICANTLY LESS THAN TODAY

SLIGHTLY LESS THAN TODAY

THE SAME AS TODAY

1%1%

14%

39%

45%

SLIGHTLY MORE THAN TODAY

SIGNIFICANTLY MORE

THAN TODAY

2 COST OF COMPLIANCE SURVEY 2012

TRACKING AND ANALYSING

REGULATORY DEVELOPMENTS

BOARD REPORTING

AMENDING POLICIES

AND PROCEDURES

LIAISON WITH CONTROL

FUNCTIONS

OTHER COMPLIANCE TASKS INCLUDING:

COMPLIANCE RISK ASSESSMENT

REGULATORY LIAISON AND EXAMINATION

MONITORING AND TESTING

INVESTIGATIONS

TRAINING

PROVIDING ADVICE TO THE BUSINESS

RESPONDING TO PROPOSED LEGISLATION

REGULATORY REPORTING



The change in 2012 will not just be in terms o volume and speed o

developments but most crucially in the undamental nature o many

o the expected publications and announcements that will aect both

regulators and rms. For regulators the biggest changes include the

splitting apart o the UK Financial Services Authority, an increase in the

direct regulatory power o the European Supervisory Authorities and the

expansion o several new and existing regulatory agencies in the U.S. as

a result o the Dodd-Frank Act. For rms, undamental changes range

rom the proposed shit o the regulatory perimeter to include shadow

banking to the orcible separation o wholesale and retail business or

many banks and the increasingly global reach o regulations such as the

UK Bribery Act and the U.S. Foreign Account Tax Compliance Act.

Compliance unctions devote extensive skilled resources to track and

assess the impact o regulatory change. This continues to be an onerous

task. More than a third o respondents spend more than an entire

working day each week considering the changes and one th spend

in excess o 10 hours during an average week. This level o activity is

consistent with ndings or the previous year. Despite the increasing

volume o regulatory change, compliance teams do not appear to

have the capacity to devote the extra resources needed to adequately

consider these additional developments. While there are slight

geographic variations in the results it is clear that the sheer volume oongoing regulatory change is a global issue. The ndings show that the

issue is particularly acute in Asia, where a third o compliance ocers

are devoting more than 10 hours a week to tracking and analysing

regulatory change. This is ollowed closely by the UK where 25 percent

o rms devote in excess o 10 hours to this activity.

In an average week, how much time does your compliance team

spend tracking and analysing regulatory developments? (in hours)

In an average week, compliance teams spending more than 10 hours

tracking and analysing regulatory developments (by region)

Compliance ocers not only need to track and analyse actual and

proposed regulatory change but must also stay up to date with where

that change is coming rom and how best to infuence proposals on

behal o their rm. This, again, creates urther demands on resources.

A third o respondents anticipate that there will be a greater need

to devote resources to infuencing and lobbying the shape o utureregulation this year. Two thirds o respondents, however, anticipate

they will not have the capacity to infuence regulatory developments –

another indicator that compliance unctions have reached saturation

point.

“It is vitally important that the industry

continues to invest time to engage. Well

articulated pan-European industry input is

careully listened to and can infuence policy-

making. It is vital that the sector organises

itsel to contribute ully to such initiatives.”

David Lawton, Acting Director, Markets, UK FSA, January 2012.

UPDATING POLICIES AND PROCEDURES

To coincide with changes resulting rom the implementation o new

rules, the compliance unction is responsible or ensuring that the

necessary updates are made to all relevant internal policies and

procedures. The results o the survey show that 40 percent o all

compliance unctions spend at least hal a working day every week

on the burdensome, but important, task o updating and amending

policies and procedures. This is to refect the latest regulatory

requirements as well as new business activities and actions arising rom

monitoring work and reviews. These policy and procedural changes

generate a stream o other necessary activities, including the associated

communication and training, the inclusion in all relevant monitoring

plans, and the need to maintain an audit trail o changes. Consistent

with previous years, the resources devoted to the ongoing maintenance

o up-to-date policies and procedures remains high across the world.

There are some regional variations. The results show that Asian rms in

particular are devoting relatively more resources to keeping policies and

procedures up to date, with nearly a third spending in excess o a ull

working day every week.

0%

5%

10%

15%

20%

25%

30%

35%

UK US ASIA MIDDLE

EAST

REST OF

WORLD

32%

27%

4%

15%

22%

LESS THAN 1

1 TO 3

4 TO 7

7 TO 10

MORE THAN 10

accelus.thomsonreuters.com 3



In an average week, how much time does your compliance team

spend consulting with the legal, internal audit and risk unctions on

compliance issues? (in hours)

The need or rms to be aware o emerging risks and to use limited

resources as eciently and eectively as possible should encourage

compliance unctions towards close and continuous liaison with

colleagues in the wider risk-management ramework. Regulators

expect regulatory risks to shape internal audit’s monitoring plans, so it

is important that there is a consistent and joined up approach within the

rm. For those rms where the relationship between compliance and

internal audit continues to be limited, urgent reassessment is required.

It could be considered a sign o senior management’s ailure to engage

with risk and compliance i the control unctions are not expected, nor

indeed required, to work in close alignment.

“The SEC will ocus most intently on rmswhere we sense that senior management

and the board are not setting the appropriate

tone and are ailing to support key risk and

control unctions with adequate resources,

independence, standing and authority.”

Carlo V. di Florio, Director, Ofce o Compliance Inspections and

Examinations, U.S. Securities and Exchange Commission, January 2012.

LIAISON WITH REGULATORSIt is unsurprising, given the strength o opinion that the volume o

regulatory change will increase in the next year, that compliance ocers

and their rms expect to spend more time liaising and communicating

with regulators. Predominantly this involves the resources at the most

senior levels o compliance. Overall, nearly 70 percent o respondents

oresee an increase, and more than a quarter expect the amount o

time spent interacting with regulators and exchanges to increase

signicantly in 2012. These views are driven largely by anticipation o

more onerous regulatory and reporting requirements, closely ollowed

by recognition o the increased intensity o supervision.

Compliance ocers’ expectations or the year ahead are remarkably

similar to their expectations or 2011 and, having seen a steady increase

in expectations since 2008, this reinorces the reality o intensiyingsupervision and interaction. O those practitioners that expected a

signicant increase in the levels o interaction, over hal attributed it

to the need to lobby and infuence uture regulation and to liaise with

multiple global regulators.

This year’s survey shows regional dierences in expectations. Asian

rms anticipate the greatest increase in interaction with their regulators,

with 89 percent o compliance ocers expecting a rise. Notably nearly

hal o rms in the Middle East expect this regulatory interaction to

increase signicantly this year.

The increase in the complexities o dealing with regulators is no

surprise. Regulators themselves are under greater pressure to

implement national and international changes to regulation and deliver

better regulation while acing their own internal organisation and

stang challenges. In the UK, or example, the regulator has to deal

with both national supervision and the implementation o EU policy

while undergoing its own internal reorganisation.

Over the next 12 months, I expect the time spent liaising and

communicating with regulators and exchanges to be:

MANAGING REGULATORY RISK

There has been no relie rom the pressure o managing regulatory risk.

Respondents’ expectations remain consistently high and in line with

expectations or the previous year. Overall, 82 percent o compliance

ocers surveyed are expecting increased ocus on regulatory risks in

2012. Hal o these expect signicantly more ocus, particularly those in

Asia and the Middle East.

Compliance ocers have attributed the anticipated heightened ocus

on risk to the scrutiny and criticism o the previous global regulatory

approach which was held, at least in part, responsible or the depth othe recent nancial crisis.

Over the next 12 months, I expect the regulatory ocus on managing

regulatory risk to be:

LESS THAN 1

1 TO 3

4 TO 7

7 TO 10

MORE THAN 10

TIME SPENT LEGAL INTERNAL AUDIT RISK

30% 52% 30%

37% 28% 36%

18% 12% 19%

7% 4% 7%

8% 4% 8%

41%

28%

28%

1%2%



THE SAME AS TODAY


SIGNIFICANTLY MORE THAN

TODAY

44%

38%

16%

1%1%



THE SAME AS TODAY



TODAY




FINANCIAL COSTS AND BUDGET

Regulators will continue to expect sucient resources and expertise

to be given to the compliance unction. The survey identied that, in

practice, the vast majority (93 percent) o respondents expect their

total compliance team budget to at least remain the same as or the

previous year or to increase. It is a matter o potential concern that

only 11 percent are expecting a signicant increase in budget. This is

despite the acknowledged rise in demand or experienced compliance

resources. Firms and regulators will continue to compete or limited

compliance expertise in the marketplace and it remains to be seen

whether or not these budget levels are sucient to cover the expected

signicant increase in the scope and volume o regulatory change.

Over the next 12 months, I expect the total compliance team budget

to be:

Over the next 12 months, I expect the cost o senior compliance sta

to be:

“… this new approach will require greater

resources and expertise and thus costs more

than the old reactive model which existed

prior to the crisis”

Hector Sants, Chie Executive, UK FSA, February 2012.

The majority o rms expect the cost o compliance resources to

increase in 2012. Compliance ocers in Asia and the Middle East expect

to see the most signicant rises in these costs and, correspondingly,also expect the biggest increases in their compliance budgets. It may

be a side eect o the nancial crisis that rms in these regions that

aced relatively less troubled times are now able and willing to devote

more resources to compliance. It will be a matter o continuing concern

or any rm i it is unable to allocate resources and increase its costs

suciently to attract and retain the required additional compliance

expertise or the ollowing year.

“Adequate resources also include the

allocation o an appropriate budget or the

compliance unction. The compliance ocer

should be consulted beore the budget isdetermined. All decisions or signicant

cuts in the budget should be documented in

writing and contain detailed explanations”.

ESMA consultation on certain aspects o the MiFID compliance unction

requirements December 2011

THE CHALLENGES COMPLIANCE OFFICERS ANTICIPATE IN 2012

Compliance ocers were asked about the greatest challenges

they ace in the coming year. The sheer range and volume o issues

highlighted demonstrates the everyday challenge that compliance

teams ace in managing and responding to competing priorities and

stakeholders. The issues most oten highlighted by rms or 2012 were,

overwhelmingly, keeping on top o regulatory change and the perennial

issue o resources. Specic regulatory challenges highlighted include:

•Foreign Account Tax Compliance Act

•Markets in Financial Instruments Regulation and Directive II

•Anti-money laundering

•UK Retail Distribution Review

•Dodd-Frank Wall Street Reorm and Consumer Protection Act

•Basel III

•Sanctions

•Solvency II

•Data protection

•Undertakings or Collective Investments in Transerable Securities IV

Directive

•European Market Inrastructure Regulation

•Remuneration

•Conficts o interest

•Suitability

•Alternative Investment Fund Managers Directive

•Bribery and corruption

28%

5%

11%

2%

54%



THE SAME AS TODAY



TODAY

27%

1%

17%

2%

53%



THE SAME AS TODAY



TODAY

6 COST OF COMPLIANCE SURVEY 2012



A DECADE OF CHANGE TO COME

There is no doubting the depth and breadth o the challenge acing

compliance ocers and their rms in 2012. The sheer sweep o

regulatory change is reshaping the world o nancial services with

potentially a decade o change still to come. Senior managers should be

under no illusions as to the extra dimension these challenges bring to

the successul management o regulatory risk. Good compliance ocers

are an increasingly valuable commodity and i their current rm does

not take seriously the need to devote sucient resources to compliance

then it is all too likely that they will move on to another rm or regulator

with more understanding o the importance o compliance.

All nancial services rms are under pressure and there are many

unctions which contribute to the ongoing success o a rm. But, as

has been proven time and again, a rm will only thrive in the medium-

and long-term i it builds a strong compliance culture and invests in

compliance. Firms whose compliance ocer has reached saturation

point ace a rat o unpleasant consequences. These range rom a lack

o capacity to track and implement regulatory change to the inability

to infuence developments, with a potentially detrimental eect on

business plans.

They also ace the threat o regulatory enorcement action arising

rom senior managers’ ailure to engage with compliance. Another

consequence could easily be that not only does the compliance ocer

leave but that other, good quality, compliance ocers are unwilling to

join.

Regulators have a major part to play in helping to achieve the

implementation o eective regulatory change. To ease the burden on

compliance ocers, regulators themselves must ensure that they are

coordinated and coherent in agreeing international regulatory policy

and its implementation.

Firms have to make critical decisions about where to allocate scarce

resources. Risk-aware rms will understand the need to invest in both

people and technology to allow them to get the most rom their in-

house compliance expertise. An eective compliance risk assessment

which takes account o trends, changing regulatory expectations and

benchmarks regulatory approach with peers is vital to help rms ocus

their limited compliance resources and achieve more with less.

Sanctions

MiFID II

UK regulator changes

Tracking regulatory change

Implementation of regulatory change

Resources

Basel

Dodd Frank

RDR

Compliance riskMore intensive supervision

FATCA

Corporate governance

AML

Extraterritoriality

MAS

HFT


COMPLIANCE CHALLENGES IN 2012


http://slidepdf.com/reader/full/cost-of-compliance 8/8© 2012 Th R 03 12

Thomson Reuters Governance, Risk & Compliance (GRC) business unit provides comprehensivesolutions that connect our customers’ business to the ever-changing regulatory environment.

GRC serves audit, compliance, fnance, legal, and risk proessionals in fnancial services, law frms,

insurance, and other industries impacted by regulatory change.

The Accelus suite o products provides powerul tools and inormation that enable proactive

insights, dynamic connections, and inormed choices that drive overall business perormance.

Accelus is the combination o the market-leading solutions provided by the heritage businesses

o Complinet, IntegraScreen, Northland Solutions, Oden®, Paisley®, West’s Capitol Watch®,

Westlaw® Business, Westlaw Compliance Advisor® and World-Check®.

THOMSON REUTERS ACCELUS

For more information, visit accelus.thomsonreuters.com

ACCELUS COMPLIANCE MANAGERAccelus Compliance Manager is a connected solution that provides purpose-built

unctionality that enables users to join up the ever changing regulatory inormation and

connect it to their internal compliance business process workfow. As a comprehensive

solution, the system is designed to serve as a regulatory intelligence portal, enable users

to track and communicate regulatory change to organisational risks, document associated

policies and controls and manage business processes with connecting workfow. Through a

shared taxonomy ocused on regulations and risks, the solution enables a common language

o compliance, shared methodology, and increased visibility, transparency and insight.

cost of compliance

Documents