“Why did the compliance officers laugh three times at the joke? Once when it was told, once when it was explained, and once when they understood it.”
No Laughing Matter
The ‘hot’, trendy sector is supposedly FinTech, but the high growth financial services sector since 2008 has actually been compliance. Compliance is gargantuan. Firms such as JP Morgan speak of multi-billions in fines, billions in legal fees, thousands of lawyers, tens of regulators. Not having done a sterling job before 2008, the Big 4 accounting firms continue to milk it afterwards. To take one example, from 2008 to 2014 Deloitte Worldwide has grown from 160,000 people to 210,000 people. 30% growth, nearly 5% compound growth, during one of the worst periods for the oversight of financial services? Compliance as a pandemic overwhelms corporate defences. Compliance officers now have board positions, and bonuses.
And it’s not working. How do you calculate the bonus for a compliance officer? Clearly not in fines avoided. Fines for western banks since 2009 amounted to US$232 billion by the end of 2014. Analysts’ best estimates assume the total shall exceed US$300 billion soon. We have Soviet style management (that’s probably the best translation of oligopoly regulation) with capitalist levels of extraction. Frightening for shareholders, consumers, and business.
People used to complain about iniquitous tax rules which interpretation softened – “taxed by statute, relieved by guidance”. Of course that then left the door open for corruption. In compliance we now have “regulated by future rules, relieved by tomorrow’s fines”. That leaves the door open for more Soviet management, and possibly corruption, though we already have numerous out-of-court settlements where regulators and litigators assess fines and allocate monies behind-the-scenes, yet without admissions of guilt.
In light of all this, the recent Bank of England “Fair And Effective Markets Review” (10 June 2015) is interesting. While claiming much has been done, a careful reading establishes that most claims of accomplishment are only raw beginnings. For example, the report talks about more internal firm surveillance using automated systems; similar talk over a decade ago on MiFID equally led nowhere. The report stresses individual accountability for senior persons, but is enormously vague some seven years on about what that means. The report mentions ‘certification regimes’, yet seems to ignore how voluntary standards markets are made effective in other industries by not being under the direct control of the regulator. Nobody seems to know where they are going with additional regulation. Whatever the direction, we will have to ingest more complexity. More complexity stokes more danger, and fires up costs.
Regulate Yourself Into Economic Success?
Even better, the UK government now claims that new regulatory technology, RegTech, could be a significant growth area. A report from the Government Office For Science by the UK Government Chief Scientific Adviser, Sir Mark Walport, “FinTech Futures: The UK As A World Leader In Financial Technologies” (March 2015), devotes a chapter to RegTech, “RegTech: The Future Of Financial Regulation”. It’s a fairly obvious chapter relating ‘big data’ and ‘data visualisation’ hype to reporting, modelling, and compliance, but it contains a not-so-obvious implication, in future regulators expect to see into the very fibres of every financial institution they monitor.
In 1970, in the Quarterly Journal Of Economics, George Akerlof published a paper, “The Market for ‘Lemons’: Quality Uncertainty and the Market Mechanism”. It was followed by Michael Spence’s “Job Market Signalling” (1973) and other influential papers. Economists were delving into information asymmetry. In short when a buyer and seller both have good information, we have ‘efficient goods’. If the seller knows more than the buyer, we have ‘lemons’, such as used cars. If the buyer knows more than the seller, we have ‘limes’, such as insurance. If both the buyer and seller are ignorant, we believe in ‘silver bullets’. In regulation, both buyer and seller are ignorant and want to believe that some silver bullet, any silver bullet, big data, Bayesian inference, ethical training, will solve the problem. What can governments and regulators reasonably expect to see inside each financial services institution? If both sides are ignorant, probably not what they think.
Firstly, the firms themselves don’t know what they are looking for. The firms don’t even no their costs of compliance. Everyone seems to assume that everyone else bears similar regulatory costs. At the moment, there seems to be ‘no fault in numbers’. Regulators expect to see similar inputs of people and costs across firms, not recognising that some compliance functions can be several-fold more effective than others. Shareholders seem complacent about rising costs, so far. CEOs seem to brag about the number of lawyers they’ve hired or the amount they’ve spent controlling their own excesses. Such bragging is classic economic ‘signalling’, don’t join the sharks in this swimming pool if you can’t afford the compliance costs. Therein lies a great opportunity for challengers to the status quo - set hard targets for success in compliance, then use technology to drive down costs and compete against other banks.
Measuring Up To Success
You can’t manage what you don’t measure. Few financial institutions have any idea of the actual costs of compliance because measuring compliance is not straightforward. Large banks have a variety of different compliance units and compliance structures. Compliance can report to a global head or be combined with other functions or allocated to product lines. Many firms don’t allocate legal costs back to product lines or to compliance. Much compliance intertwines with normal procedures, e.g. Know-Your-Client requirements are wrapped up in account opening processes. An organisation that seems to spend little on ostensible compliance may be superb in compliance due to smoothly functioning systems. An organisation that spends an enormous amount on compliance may be ineffectual. But just because measurement isn’t straightforward is no reason to evade it.
Still, measuring costs is the easy part. It’s even harder to assess ‘success in compliance’. There are some interesting ideas. One such is ‘environmental consistency confidence’ where firms try to predict where the compliance problems will arise using advanced dynamic anomaly and pattern response systems. Other firms are experimenting with prediction markets alongside statistical systems. Others are exploring automated surveillance. Others are looking at reducing cost variances as a measure of operational risk. Predictability is seen as a good measure of effective compliance.
With better measurement of compliance success and compliance costs, firms can:
- identify areas for improvement and automation;
- establish a baseline for future work on balancing the costs of compliance with ‘doing the business’;
- provide frameworks for proving that voluntary certifications and ratings, e.g. quality systems or fiduciary ratings, justify a reduction in direct regulatory oversight;
- negotiate with regulators on obligations based on the comparative costs they impose;
- set out to compete on the effectiveness and efficiency of compliance.
Some firms are taking their RegTech thinking to another level by trying to design a firm-wide ‘ICT compliance architecture’. The idea is that rather than layering on new systems for each regulation, a Basel system, an AML system, a KYC system, a MiFID system, etc., they should have an ICT architecture that has compliance in-built. A full description is beyond the scope of this short note, but includes such thoughts as proliferating thousands of predictive analytic ‘sniffers’ automatically across the firm. Any new ICT process or ‘pipe’ automatically attracts a sniffer. The sniffer’s job is to identify anomalies for human attention. Another thought is that these new compliance architectures should be able to produce firm-wide operational risk linked to financial risk.
Even better is the idea of the ‘telepathic’ bank, a self-diagnosing and self-administering bank that anticipates customers’ problems and needs. We have seen an increasing number of adaptive systems in many other industries, from online retailing to aero-engine maintenance. At this point we begin to realise that perhaps the government isn’t wrong, RegTech is an important part of FinTech. We need to build future financial technology such that it always performs as required. Compliance is not an ‘add on’. Those thinkers who are trying to design holistic compliance architectures are on to something. RegTech is worthy of investment, just not on its own.
About the author
Professor Michael Mainelli is Executive Chairman of Z/Yen Group and Principal Advisor to Long Finance. His latest book, The Price of Fish: A New Approach to Wicked Economics and Better Decisions, written with Ian Harris, won the 2012 Independent Publisher Book Awards Finance, Investment & Economics Gold Prize.