This week’s news that Commerzbank is being fined £37.8 million by the UK regulator for various anti-money laundering and know your customer (KYC) compliance failings is just another example of how far behind the industry is in addressing its compliance culture shortcomings. Reading through the Financial Conduct Authority’s (FCA) comprehensive document, one thing is clear to me—this incident is not an isolated one. Chronic understaffing, poor governance, ageing and not fit for purpose RegTech…more than one firm is guilty of this approach to compliance.
I’m surprising no one, I’m sure, when I say the majority of firms’ approach to compliance is a box ticking exercise. It doesn’t generate revenue—in fact, many of the revenue-generating functions view it solely as a hindrance to doing business. KYC slows down the process of onboarding—well, it should a little if processes are properly adhered to—and that’s time to revenue in the eyes of sales and the front-office. If your firm has a proper client lifecycle management and onboarding tool and proper governance in place, it shouldn’t slow the process down too much though. But that requires investment in something that no firm really wants to invest in, let’s be honest.
Most RegTech purchases are driven by an incident such as a regulatory fine or negative press that results in a fall in share price or client complaints. It’s often reactive, not proactive.
Let’s turn back to the Commerzbank example for a second. One of the findings of the FCA was that the compliance team was struggling to get a particular business line to cooperate in gathering the necessary KYC documentation to meet its compliance obligations. The reticence on the part of the sales team was that it would prove an annoyance for clients in being asked multiple times for the same data. Now this is a valid point, I did some research a few years ago that involved talking to buy-siders about their onboarding and KYC experiences. Those experiences, I’m sad to say, were generally quite negative and yes, being asked repeatedly for the same documentation is viewed by those clients as a pain point (relayed to me in rather more colourful tones, I must admit). But there are other options out there.
Now, I am not a fan of the term “utility” as many of you might know and I don’t want to push anyone down any particular FinTech route, but managed services that act as an insulator between clients and their service providers for compliance documentation are a valid option out there to avoid some of these issues. Yes, you might lose a touchpoint with a client but if that touchpoint is one that isn’t value-generating, what’s the danger?
Anyway, back to my tale of conflict and woe. There are valid reasons why the sales and front office teams resent compliance obligations, but for the sake of the business, these teams and compliance teams need to work better together. Any resistance needs to be stamped out—after all, the compliance requirements are there to protect the business in the case of KYC and AML. Identifying whether an individual is a potentially risky client and preventing them from doing financial harm to the bank or industry at large is an important task—we just often lose sight of that goal as we chase the revenue-generating opportunities those individuals represent.
There are all kinds of compliance courses that front office individuals have to go through to gain and maintain their relevant certification, but if these are viewed as box-ticking exercises, they fail to make the right impact. Another approach needs to be adopted. Compliance goals and targets need to be embedded within individuals’ goals and objectives—not just for compliance teams but for the business side of the equation.
The process also needs to be made easier for compliance teams, especially if they are bare bones teams in today’s current circumstances—and this involves automating processes and subscribing to relevant data feeds. It’s hard enough working in compliance where you are treated with fear and/or loathing by your colleagues from other functions, just give them the right tools to do their jobs. It’ll keep your firm out of the spotlight and the regulator away from your door.