Compliance has always been a challenge, but that challenge is becoming greater than ever for many financial institutions. The sheer number of employees with access to material nonpublic information (MNPI) is growing, and these individuals are highly dispersed due to the pandemic. At the same time, they’ve been handed new software and collaboration tools that add numerous channels for internal and external communication. Add in a growing number of transactions and deals, with a concurrent increase in MNPI, and it’s easy to see how quickly compliance risk is proliferating in the financial services industry.
It’s simple math, really: The number of employees with access to MNPI x the number of communication tools x the number of deals = a lot that could go wrong. And it’s unrealistic to expect compliance teams to manage it all on their own.
Recent trends expose gaps in compliance
The above trends are exposing gaps in the compliance posture of many financial firms, one of which lies in self-reporting. In many cases, compliance officers don’t know when employees gain access to MNPI. If a banker has a conversation with a CFO at a publicly traded company and shares a confidential piece of information, for example, the banker must then report that occurrence to her institution. If she fails to report, compliance remains in the dark.
This brings us to a second compliance gap many financial institutions are now discovering: They don’t have the proper mechanisms in place to go beyond relying on self-reporting to logically determine whether bankers may have come into contact with MNPI. Even if compliance is not positive that they did, they need the capability to triangulate the fact that it’s probable in the absence of self-disclosure. That comes with data research capabilities and systems capable of logically connecting people to deals and clients.
The third gap is a simple one, although it’s not quite as simple to overcome if you don’t have the right tools: disparate data. Most firms have robust databases of employee-related activity and deal information. When investigating a deal, however, there is other information to consider that may fall outside a firm’s primary systems living in Excel sheets or department folders, for example. Compliance officers must manually search firm systems and all other sources for relevant information that will paint the most complete picture of potential risk. Ultimately, however, it’s simply unrealistic to expect them to manually uncover every piece of pertinent information from every pertinent source, thus resulting in an incomplete view and potentially a wrong decision that could put the firm in hot water down the road.
As firms expand and the flow of MNPI grows increasingly complex, compliance officers cannot assess 100% of the risk on their own. It’s time to combine human intellect with digital tools to fill in the gaps.
Why these gaps persist in financial services today
After the 2008 financial crash, many financial firms looked to reduce their costs by investing in automation to replace expensive front-office positions. While the focus was on the front office, back-end functions such as compliance suffered as firms cobbled together more people and manual processes to quickly plug holes created by an onslaught of new regulation. As these initiatives have carried on for more than a decade, compliance gaps persist as organizations focus their technology investments on other departments.
Unfortunately, public trust in financial firms was in short supply after 2008, and in the years since the financial crisis, we’ve seen a significant increase in the number of regulations. Many compliance officers today are struggling to stay abreast of them all. In 2018 alone, 980 regulatory bodies issued 57,364 new alerts,1 and the amount of new data being created every day is too much for compliance professionals to handle manually. Failing to invest in more tools and resources for compliance departments is no longer an option for banks that want to stay out of regulatory hot water.
Firms need a tech-enabled human approach to compliance
To close compliance gaps, it’s necessary to bring together people and technology to achieve greater oversight. However, many compliance departments are largely composed of non-digital natives who have served for decades in a conservative industry surrounded by heavy regulation. Technology resistance is common — usually not out of fear of losing jobs to automation, but rather out of strong belief in the value of human judgment.
And compliance officers aren’t wrong about that. Machine learning and artificial intelligence are advancing all the time, but the tech still lacks the ability to make every connection and judgment call that a human compliance officer could. The goal should not be to replace the human element, but rather supplement it and free up more time for decisive action by handing off the more tedious tasks to compliance automation software.
To turn things around and implement the right solutions in your organization, focus on evolution over revolution and look to implement technology slowly but purposefully. Not sure where to start? The following steps will help direct your efforts.
- Streamline self-reporting processes
Making reporting as easy as possible for employees to do can help firms close the compliance gap that comes with a heavy reliance on self-reporting. Reduce the number of hoops employees must jump through to report and disclose information. If you remove barriers and frustrations and make disclosure a frictionless process, you’ve already set the stage for creating a culture of compliance that helps your entire organization achieve its goals.
Rely on technology to help, and implement solutions that remind, facilitate, encourage, and incentivize employees to report and disclose their access to MNPI as soon as they’re able, whether they’re in the office, at a client’s location, or on the go. Any time you can simplify the self-reporting process, you’re making it likelier that employees do the right thing concerning their access to MNPI — and reduce the burden on your compliance professionals to seek out that information.
- Organize compliance activities — then automate
Compliance has a lot of moving parts, but departments should be organized around a few key functions: information aggregation and organization, communication, process tracking and research, and risk assessment. You don’t have to automate all of these components right away, but you should start to identify your biggest pain points and explore where technology could facilitate the process.
Some of the work involved in the compliance process is time-consuming, and you should automate these tasks and direct your compliance officers to higher-value work whenever possible. These individuals should be using their powers of assessment, their years of experience, and their knowledge of policies to help your organization achieve compliance goals — not performing repetitive tasks that are better suited for automation.
- Open your mind to further tech and data investment
All organizations must carefully consider how they allocate time, money, and resources to achieve the best outcomes for their business. Because compliance is considered a non-revenue-generating part of business, leaders don’t often see room to allocate much of their budgets toward it. That attitude, however, ignores that compliance is meant to protect the revenue-generating side by reducing firm risk. Since the 2008 financial crisis, banks have paid more than $36 billion in fines2 — penalties that may have been avoided with the right investments in compliance solutions. Start viewing compliance through a different lens and consider the ROI these investments in compliance could yield.
It’s true that trends are converging to make compliance more challenging than ever. Employees are working from all over the world using more digital tools to connect, and the number of deals and projects they’re involved in is also on the rise. In this environment, firms need to tackle compliance head-on and arm compliance officers with the tools and technologies they need in order to reduce risk. By following the steps above, you can begin to create a culture of compliance that sets up your organization to thrive in an increasingly complex and interconnected world.