close

Welcome to Synpulse’s digital reading experience – Please choose your region of interest

The Magazine
Management. Expertise. Inspiration.

Date: 20/03/2017

Title: Reconciling the Conflicting Interests of Compliance, Business, and IT

Teaser: Constructive collaboration between the business, IT, and compliance can help banks achieve their business objectives faster and more efficiently. This, however, means adopting new approaches to cooperation and breaking down the technical barriers.

Button: Read more

Image:

Reconciling the Conflicting Interests of Compliance, Business, and IT

Constructive collaboration between the business, IT, and compliance can help banks achieve their business objectives faster and more efficiently. This, however, means adopting new approaches to cooperation and breaking down the technical barriers.

Authors: Eric Stehli | Nadine Riera


The banking sector has repeatedly attracted attention in recent decades with crises and cases of fraud ranging from false incentive systems and the concealment of business relationships to full-blown scandals such as Libor. In the US real estate crisis, the business practices of some banks even almost led to a collapse of the entire financial system.

Governments and their regulatory authorities have come under increasing pressure. They have tried to better manage the behavior of banks with regulations such as Basel II and MiFID, and to make the financial market generally more stable and secure. The tax authorities have also used this opportunity to achieve greater tax transparency with regulations such as FATCA and AIA, putting an effective stop to tax evasion and avoidance.

As a direct consequence, banks have been spending more and more on implementing regulations, and these days spend a substantial chunk of their operating budget on  keeping track of compliance. For banks to continue doing successful business, they have to understand and reconcile the demands and interests of their different departments and functions.

In most cases, the implementation of new regulations leads to conflicting objectives between compliance, the business, and IT. In line with its mandate, compliance insists on implementing and sticking to the rules as strictly as possible. The business, by contrast, wants as much freedom as it can get to deal with clients straightforwardly. IT, for its part, will do everything in its power to simplify and standardize processes and products to increase efficiency and reduce costs.

However, closer examination of these conflicting goals also reveals significant commonalities that unite all the stakeholders. These can be harnessed positively to enable these three areas to achieve profitable cooperation in which compliance is regarded as an enabler of business change (fig. 1). In this article we’d like to explain how to reverse the traditional view of compliance as a perceived obstacle to business.

Conflicting objectives and commonalities between compliance and business

Compliance traditionally has the hardest time with the business, which often perceives it as a burden. Not only this, but compliance lacks the business understanding to pick up on the essentials and show the company legally compliant ways of conducting its business. Compliance is primed to say what’s not allowed, and in most cases doesn’t have any incentive to facilitate the development of feasible business solutions.

For this reason it makes sense for a bank to cultivate a high level of business understanding, particularly in its compliance department. This can be achieved, for example, by giving compliance people the opportunity to do work placements in the front office or attend internal business training courses. Incentives should also be created for compliance to develop (pro)active solutions in collaboration with the business. It doesn’t help a bank move forward if product and process developments are rejected out of hand on grounds of caution.

On the contrary, compliance should also be given an interest in actively shaping products and businesses. It should get actively involved in the challenges prevailing in the current business environment and make suggestions of its own as to how to get things done viably and compliantly. This, in turn, is only possible if compliance thoroughly understands the business.

graphic graphic
fig..1: Collaboration between Compliance, Business, and IT

Conflicting objectives and commonalities between compliance and IT

New regulations often mean having to aggregate, structure, and harmonize data across the entire bank and all processes, or extending and implementing controls on the basis of highly complex business rules (rule engines). This presents IT with major challenges, and older system landscapes in particular are finally reaching their limits. Due to resource and budget restrictions, MIS and control systems are then usually introduced in isolation, and new, isolated solutions are built. Integration is often seen as too expensive, and many manual process steps are transferred to the business or back office because automation simply becomes too complex. In recent years most banks have thus created an inscrutable patchwork of applications and rule-based systems, while operating and maintenance costs rise inexorably.

But what commonalities between IT and compliance can you draw on? Controls, reporting, and data quality are important elements of the work compliance does, and IT can provide efficient support with their implementation. Compliance requires banks to monitor and manage their business and products in accordance with the rules. This pressure makes it possible, for example, to work with IT to integrate distributed systems and simplify the system landscape. Mandatory compliance requirements can also be used as an opportunity to free up budget to replace older systems that no longer make the grade. Overall, we have found that by skillfully applying compliance requirements, IT can simplify and modernize the application landscape and thus better manage operating costs.

Conflicting objectives and commonalities between the business and IT

Compliance also has a significant influence on the interface and collaboration between business and IT. This is because any requirements that can’t be implemented in time by IT means have to be taken care of manually by the business. This can create a lot of additional work for the front office and the need to expand various operating units to handle non-value-adding tasks.

Every new employee can easily cost a bank over CHF 200,000 per year (full costs). If control processes for a regulation such as FATCA require ten additional employees at an international bank, this increases operating costs by at least CHF 2 to 3 million a year. In this situation, any business case for increasing the efficiency of processes looks very good indeed.

It’s important to work toward this common goal of increasing efficiency by means of user-friendly, digitalized, and automated IT processes. However, this involves working out estimates of future operating costs, and when deciding on projects considering whether a bigger investment in IT processes might be more worthwhile in the long term. The trouble is that at many banks, project budgets are under extreme pressure, and solutions are implemented that lead to unnecessary increases in operating expenses for years to come.

Exploiting the common ground

Compliance, business, and IT often lack a common language to identify and exploit their common interests. Compliance employees know the regulation down to the last detail and are aware of exactly what’s not allowed, but they usually have little knowledge of how the business functions and how processes work in detail. In most cases they have no grasp of how a regulation is to be implemented in IT. In this situation, it goes without saying that compliance will not be in a position to proactively help with finding a solution.

Compliance people build a very precise understanding of the use of certain words and semantic subtleties, and know exactly how these should affect use cases. IT, however, needs specifications, rule sets, data models, status diagrams, and workflows. This usually doesn’t leave room for linguistic subtleties, and each party ends up accusing the other of a lack of understanding. The business wants simple user interfaces, processes, and forms that can be understood without 50 pages of instructions. For IT and compliance, however, “simplicity” often isn’t a relevant consideration. All this means that the implementation of regulations in processes and procedures shouldn’t be left to compliance or IT alone.

Current developments in technology and automation – commonly described as fintech or regtech – are also opening up new possibilities. Fintech and regtech providers endeavor to leverage the common potential of compliance, business, and IT we’ve been talking about by combining new technologies with new ideas in process management to enable efficient and more straightforward implementation.

For example, robotic process automation (RPA) can prevent inefficient manual process steps from having to be performed by the business or back office, and usually also enables dramatic cuts in lead times as well as improvements in process quality. Particularly interesting are the first applications featuring learning systems and so-called real-time compliance. It’s important to combine the various technologies and approaches to achieving the jointly formulated goals of compliance, business, and IT in such a way that these goals are actually achieved – enabling you to put efficient and simplified regulatory management in place.

We have had very good experience with interdisciplinary teams consisting of representatives of the business, IT, and compliance plus a business analyst. This brings all three worlds together to build on the common ground.

Compliance people are involved in the business process for designing products and processes at an early stage. In collaboration with the business, and with the support of the business analyst, they translate the hard-to-understand requirements of the regulations into tangible use cases. Together with the IT people, the requirements relating to controls, reporting, and data quality are structured along the relevant processes to enable their effective implementation. At the same time, the representatives of the business help ensure that these processes are implemented in a user-friendly form, as far as possible end to end and on an automated basis.

By building on common ground, this interdisciplinary approach enables you to develop a solution that is efficient in implementation and operation and yet meets all the relevant compliance requirements – with compliance in the role of enabler.

Contact

graphic

Eric Stehli

Cookies help us deliver our services. By using our services, you agree to our use of cookies. Find out more.
OK