Using Strategy, Automation to Drive Efficiency and Value in Regulatory Compliance

Even a decade later, financial institutions still feel the ramifications of the global financial crisis, especially when dealing with the ongoing regulatory fallout. Whether addressing emerging regulatory concerns, like Basel IV or the Financial Accounting Standards Board’s (FASB) Current Expected Credit Loss (CECL) standard, or dealing with older requirements, like the Dodd-Frank Act Stress Test (DFAST) or Comprehensive Capital Analysis and Review (CCAR), many financial services institutions remain ill-prepared to meet their burgeoning regulatory demands.

Too many financial institutions still use outdated, ad hoc, spreadsheet-driven approaches to compliance. These approaches:

• Lack an overarching compliance and data strategy.
• Are inefficient, requiring significant staff hours to execute.
• Fail to leverage automation opportunities to increase speed, accuracy and efficiency.
• Rely on manual data manipulation and input, which inevitably builds errors into the process, requiring refilings and delays.

Financial institutions should couple a disciplined strategy with advanced technologies to streamline and automate their compliance efforts.

As the list of regulatory challenge grows, banks continue to struggle in their response to regulators. Not having a cohesive and comprehensive approach around risk, banks find compliance and finance data has been the main area of discontent. The results of this disorganization are cumbersome and siloed processes, data management practices and compliance tactics, which:

• Depend on inconsistent approaches and information.
• Undermine existing investments in technology and personnel.
• Miss opportunities to take advantage of common data requirements and analytics methods.
• Do not deliver or leverage insights that can be gained through the regulatory compliance process.

Financial services organizations constantly face new regulatory requirements, many with pressing deadlines, which finance, risk and other groups struggle to keep up with. Some banks have even formed “SWAT” teams to deal with specific regulations, but these teams end up operating in relative isolation from each other. They scramble to assemble the data they need to comply with each new requirement, generally compiling responses in individual spreadsheets cobbled together to address changing demands. In response to each regulation, banks add yet another process or yet another workaround, or purchase yet another system — layering numerous approaches and data sets into an already fragmented environment.

The outcome is a disjointed compliance process and rogue information that is usually not easily assembled and communicated throughout the bank. Often, there is no clear delineation between the responsibilities of the dedicated risk management and reporting function and the responsibilities of other departments, perpetuating insufficient data management practices. As regulators increasingly press banks to “show their work,” these haphazard compliance processes and underlying information management practices leave banks with incomplete audit trails.

In some instances, bank leaders may find they have unwittingly used different data, different calculations or otherwise divergent approaches in complying with regulations. When regulators discover such gaps, banks likely will be required to resolve them, adding to the time and expense of compliance efforts. While not all financial modeling practices must be identical, banks should ensure nuances are clearly documented and justified.

Bank regulatory compliance does not have to be a constant source of chaos, nor must it be a sunk cost.

With a strategic approach and proper governance, banks can integrate compliance, risk and finance activities across functional boundaries. By anchoring these efforts around a centralized strategy, banks can build a compliance function that meets regulatory demands in a fast, affordable and consistent manner — and that generates valuable business insights year-round.

1. A strategic approach to compliance starts with data. There is tremendous overlap between the regulatory data requirements facing your bank and how that information is also used for internal processes like budgeting and forecasting. Rather than waste time on duplicate efforts, start by gaining a comprehensive understanding of all data required across your compliance spectrum. In most cases, the majority of the information you need already resides in your array of existing source systems. Ensuring that the data is appropriately aggregated and categorized will make it easier to extract for reporting purposes.

2. Next, develop a detailed governance framework for managing data you’ve already captured and collecting data you do not already have. Make sure to enforce common practices for identifying, collecting and storing data so that all functions have access to the same valid, reconciled information. Creating a complete data strategy for your organization will make it easier to provide the auditability and traceability (not to mention level of data integrity) regulators increasingly demand.

3. Establish an analytics strategy that creates standardized reporting practices and definitions for all departments to follow. This will increase the consistency of your regulatory responses year to year, across the regulatory spectrum. You may also find numerous opportunities to automate these steps, which will increase both efficiency and reliability.

4. Leverage available tools, such as Oracle’s compliance option, to automate data capture and reporting wherever possible. Much of the compliance work currently being done using inefficient spreadsheets and manual effort can be automated using templates that instantly pull the required data and are continually updated to reflect regulatory changes. This will improve both the speed and accuracy of your compliance effort.

By looking at regulatory demands as more than a government-mandated burden, banks can act on insights gained through their regulatory compliance effort to identify growth opportunities, better control risks and build shareholder value. Consider these examples:

• While the FASB’s new CECL standard is an accounting rule, not a regulation, it places considerable demands on banks. The standard requires banks to develop sophisticated models to quantify the expected loss from every individual loan. These models will consider everything from interest rate risk to geographic risk to industry and concentration risk. Banks can take advantage of this data to make better pricing and lending decisions.
• Banks can leverage results of their CCAR, DFAST and other stress-testing requirements to better understand their risk exposure and manage balance sheets. By taking a holistic view of credit, assets and liabilities, liquidity and capital, you can develop a more accurate read on risk and performance management.

Regulatory demands are intended to maintain healthy bank performance. The inefficiency that has become synonymous with reporting does not stem from the rules, but the way banks respond to them. With a more integrated and strategic approach, banks can evolve regulatory compliance from an obligatory burden to a value-add exercise.