A June 2021 study from data provider LexisNexis projected that global financial crime compliance (FCC) spending would hit $213.9 billion by year's end.
The study also noted that FCC spend also increased the most in the US and Europe. This increase may be correlated to new compliance mandates specified by the recently enacted Anti-Money-Laundering Act of 2020 and the Sixth Anti-Money-Laundering Directive (6AMLD) in those respective jurisdictions.
Beyond new regulations, however, there are other factors driving rising compliance expenses. The questions that emerge, then, are: Why is this happening, and what can financial organizations do to balance the cost between compliance and innovation?
In this piece, we’ll explore the unsuitability of legacy transaction monitoring systems and highlight the enhanced cost efficiencies and overall value proposition presented by modern-day Regtech solutions.
Let’s get to it.
Why Financial Crime Compliance Costs Are Rising
The driving forces behind compliance cost increases are a combination of rising wages, inflation, accelerating regulatory change, and the rapidly evolving fraud and money laundering threats that began to coincide during the pandemic.
However, according to the study, there appears to be less consensus among financial institutions (FIs) regarding specific compliance processes driving up costs.
In the survey of over 1,000 institutional FCC decision-makers, it was found that the following were all ranked similarly by respondents in terms of being their most problematic cost center:
- customer risk profiling,
- sanctions screening,
- regulatory reporting,
- the identification of politically exposed persons (PEPs),
- Know Your Customer onboarding, and
- the efficient resolution of alerts
Regardless, in the wake of Russia's invasion of Ukraine and the West's unprecedented wave of sanctions against the Kremlin and its private sector proxies, the resulting regulatory disruption and de-risking stemming from this conflict are bound to impact FCC costs for the foreseeable future.
Also, the sweeping digital paradigm shift propelled by the pandemic, which pushed the vast majority of consumers to transition to mobile banking, online payments, and even financial technology (Fintech) lenders seemingly overnight, has forced FIs to innovate new products and services at a similarly frenetic pace.
As noted in our previous article about the neobanking industry, if banks neglect to innovate the types of digital offerings desired by their customers, they risk the threat of customer flight, reduced business, and shrinking revenues.
A 2019 report from consultants Accenture, for example, found that North American banks were at risk of losing 15% of their payments revenue, or $88 billion, to Fintech upstarts if they failed to innovate accordingly.
The problem with rapid innovation, however, is that compliance is often sacrificed at the expense of 'speed-to-market.'
Unfortunately, compliance is a challenge that cannot be ignored.
Balancing Innovation with Compliance
In today's world of advanced and infinitely persistent cyber-enabled fraudsters and money launderers, Fintech products and services, many rapidly deployed solutions, are viewed by threat actors as easily exploitable targets.
When it comes to launching new Fintech offerings that meet current regulations, deploying resilient FCC systems and processes while keeping costs manageable is a must. And unfortunately, legacy institutional technology will not suffice.
For example, legacy transaction monitoring systems are not cloud-native. Historically, these technologies have been manually deployed and tuned 'on-premise,' which is always a costly, cumbersome, and inefficient proposition.
Additionally, these legacy systems apply a static rules-based approach that requires heavy engineering support and are no match for the rapidly emerging hybrid fraud and money laundering threats perpetrated by increasingly cyber-savvy actors.
As non-native cloud architectures, legacy systems are inherently incompatible across open-banking repositories. This limits old tech stacks' ability to integrate with the broad universe of customer and risk-related API feeds that have made high-dimensional big data more reliable, portable, granular, insightful, and actionable.
Therefore, critical customer data becomes siloed, stagnant, and ultimately useless. If resolving the deluge of false positives in suspicious activity alert batches doesn't aggravate cost centers, then potential FCC regulatory fines threaten business growth.
The key for FIs to overcome the three obstacles of responsible Fintech innovation, mitigating AML risk, and optimizing cost, hinges on innovating an internal platform for holistic and secure FCC data exchange.
But, to achieve a 360-degree view of customer data across the firm, FIs must be willing to embrace and invest in the new generation of regulatory technology (Regtech).
Why Legacy Transaction Monitoring Systems Fail
According to a study conducted by CAST (a software market intelligence provider), before the pandemic, some 47% of financial services organizations operated 26-to-50% of their business on legacy systems.
Those figures surpass every other sector's dependence on legacy technologies.
However, there are several issues with legacy compliance systems, preventing organizations that use them from stopping financial crime effectively.
The following are reasons why legacy systems fail.
They are Siloed and Outdated.
As managing high-dimensional big data assets becomes increasingly complex for institutions, FIs have witnessed the unsustainable fragmentation of customer data across hundreds of different silos.
From in-house repositories to those housed across hybrid cloud environments and beyond, the retrievability and portability of critical risk data is significantly challenged by the architectural chaos that hinders many incumbents.
The net result is that customers execute transactions and make other account modifications across a wide array of disparate legacy systems. Moreover, these old-school tech stacks must then integrate with customer and reporting systems that are similarly disintegrated.
When it comes to compliance management systems specifically, the underlying problems of legacy technologies are magnified.
These outdated systems are largely clunky iterations over monolithic, closed-source tech stacks designed in the 80s. Moreover, the people who created these systems envisioned their exclusive utility within a broad horizontal market – a far cry from the open, all-source data ecosystem that defines the modern consumer-facing enterprise.
As such, legacy compliance management systems are marked by lengthy, problematic, and expensive deployments, which are further aggravated by difficulties onboarding and upgrading subsequent platform enhancements.
Internal Builds are Inflexible and Drain Resources.
Internally built legacy systems are overwhelmingly based on inflexible preconditioned rules that are difficult to retune without disrupting other system functionalities. In most cases, it's better to buy a risk and compliance solution than it is to build one.
In fact, the inability to update and deploy new rules on the fly is one of the main reasons why our customers have left their legacy systems behind and made the switch to Unit21.
This static framework renders these systems unable to harness advanced analytic tools like artificial intelligence (AI) and machine learning, which would otherwise enable systems to identify new financial crime patterns and incorporate them into their monitoring, escalation, and reporting templates.
When it comes to updating legacy compliance management architectures, their exogeneity from the cloud means that all follow-on updates and iterations must be performed on-site. This places a significant burden on internal IT staff – and occasionally expensive external consultants – who must shoulder the duty of patching, monitoring, and administering those technologies.
To illustrate the cost burden of legacy systems, a 2017 study by professional services firm Boston Consulting Group found that financial organizations spent an estimated $320 million tracking enforcement actions alone from 2008 – 2016.
Beyond IT personnel's actual administration of the technology, legacy compliance technologies have proven notoriously ineffective. Circling back to the fragmentation of customer data, this has a paralyzing effect on the ability of compliance professionals to achieve a consolidated view of KYC, AML, customer risk profiling, know your business (KYB), negative news, and other data streams that are crucial to assessing the suitability of client relationships.
The lack of a unified view of customer data makes it difficult for FIs to identify and triage the correct information when it is needed most.
In addition, the inaccuracy, staleness, or irretrievability of critical risk data places an additional burden on compliance units, forcing them to exhaust time and precious company resources manually collecting, verifying, and remediating the available data, so it can then be reported appropriately.
The Power of Modern Regtech in Reducing AML Costs
Cost savings was one of the top five anticipated benefits of Regtech adoption cited in TRRI's "Fintech, Regtech and the Role of Compliance in 2022" survey.
"As the digital transformation of financial services continues apace," argued the survey report, "those who opt not to adopt technological solutions may well find themselves at a strategic and economic disadvantage," said the report.
At a firm level, Regtech is being used for compliance monitoring and AML/sanctions screening, said TRRI. At a compliance function level, TRRI said "applications were being used for compliance monitoring, regulatory reporting, financial crime (including AML/counterterrorism financing (CTF) and sanctions), as well as onboarding" and KYC.
According to TRRI's 2022 "Cost of Compliance" survey, implementing the volume of regulatory change presents one of the top five challenges for compliance and risk practitioners this year.
The TRRI report said, "a sign that regulatory technology may be coming into its own is the shift in the time spent tracking regulatory developments – a key area where Regtech solutions can be deployed."
The TRRI survey also found that the "percentage of compliance teams spending more than 10 hours in an average week tracking and analyzing regulatory developments has fallen significantly, from 10% in 2021, to zero in 2022."
Thanks to evolutions in Regtech, compliance teams are now, on average, spending only one-to-three hours per week tracking and analyzing regulatory developments, according to the TRRI survey.
A third of institutional respondents in this survey also said that Regtech will enhance “the implementation of regulatory change, the way it is captured and the way regulations and their impact are interpreted."
This heightened efficiency will invariably reduce compliance costs, as regulatory change management becomes more automated, timely, and accurate.
How to Cut Costs on AML Compliance: Wrap Up
Despite the promise of Regtech, properly integrating these solutions still hinges on the ability of firms' existing IT infrastructures to support these technologies. But these types of firms constitute a significant minority of the financial services ecosystem, according to the TRRI ‘Fintech and Regtech’ survey.
A more common concern among decision-makers is the cost of onboarding and implementing a new Regtech solution, along with the follow-on expenses associated with training staff in how to use the new system. But in the age of highly composable, cloud-native technology, those apprehensions are overblown.
A next-generation Regtech application doesn’t need to be expensive. With today’s seamless and easy-to-integrate, cloud-native delivery channels, even a seed startup can purchase case management solutions within a sustainable budget. Making the most of this purchase comes down to adopting a risk and compliance solution at the right time.
Fortunately, Unit21 offers a cost-effective solution that helps risk and compliance teams automate fraud and AML detection using a flexible no-code rules engine. Deploying Unit21's capabilities can help Regtech-hesitant FIs save time and money maintaining and remediating issues with their in-house IT stacks.
Integrated with a universe of leading-edge risk data partners, Unit21's Regtech stack also promotes increased operational efficiencies, reducing the time compliance personnel spend manually resolving false positives and other regulatory tracking and reporting errors. With a consortium of shared data with other FIs, it's easier and faster to identity fraudsters. Compliance software can be easily integrated with your existing tech stack to make sure you're always following the most current guidelines.
If you’d like to see how the platform compares to your current solution, get in touch to schedule a demo today.