Mid-sized banks face web of regulatory complexity - 3 tips from my practice
Since the financial crisis of 2008, banks have faced increasing regulatory scrutiny and a growing number of rules to follow. For many mid-sized banks, regulatory compliance is a costly and complex web to manage.
Enter reg-tech, a range of IT technologies and solutions that automates compliance processes and makes it easier to meet requirements for monitoring and reporting. While the solutions require an upfront investment, they have the potential to save companies money over the long term, and, at some point, having IT solutions for regulatory compliance may be a regulation in itself. One reason is that computers are good at following rules (as opposed to principles).
Sometimes I discuss with my colleagues why mid-sized banks in Switzerland are not quickly embracing reg-tech.
From my perspective, as the head of the FS Risk Management & Data Analytics team in Switzerland, I see that smaller companies may actually need reg-tech more than the larger ones. They need it to deal with the regulatory jungle precisely because they are small and have fewer resources.
To illustrate the dilemma that banks are in, I’d like to look at the example of KYC, or Know Your Customer, regulations and provide some advice.
Explore the reg-tech offering
To get the most out of the reg-tech tools available on the market, my first suggestion is to partner up with and connect to software providers. The relationship can work really well - like a perfect marriage, I’d say.
Sometimes the partners have a different profile and a different skill set, but somehow, the two partners need to merge and create a symbiosis. In this case, the bank brings in the business knowledge and the IT partner the technical knowledge. And for that, one doesn’t have to be an expert in the area of the other.
Of course, technology partners want to sell their solutions to banks, but you’d be surprised how much you can learn before committing to a particular partner. Not to play it up too much with my marriage metaphor, but indeed, you have to find out what you want, and that means exploring.
I recommend you focus on niche areas of technology application for regulatory compliance. That way, you can find out which one has the best solution for your individual needs.
That said, I do sense a gold rush feeling once again. Many reg-tech firms have received funding from angel investors eager to deploy their capital and there’s a risk of an excitement bubble around the technology.
The hiring challenge
My second thought is about talent. To get your company up to speed with reg-tech, you’ll need to change your hiring practices compared to what you have been doing in the last 10 years. People you recruit need to be more open to IT topics in general and have a better understanding of technology overall. Candidates may even have a less typical banking and finance background than usual. That’s not necessarily a negative.
I don’t think recruiting is going to be the same game as in the past: a race by companies to get the best students from the best universities, and a desire by those students to go to the best-branded companies. Technology in the workplace has shaken that up.
Therefore, I recommend mid-sized banks in Switzerland redefine talent for themselves. If someone brings in a new and different perspective on the banking issues of today, that’s talent.
At BDO these days, we’re not only interested in finance and banking credentials but skillsets related to programming and business intelligence techniques.
Buyer beware
Finally, I think it’s important to "keep both feet on the ground" and be also skeptical with reg-tech areas that are not yet so mature. Here you could invest a lot of time, money and energy in a new technology only to find out the solution is not viable or doesn’t suit your needs.
Anti-money laundering (AML) technologies, for example, often present the problem of generating too many false positives, and if this happens on a regular basis, the entire rationale for having the technology is in question. When hits do come up, people, as opposed to machines, have to investigate the potentially false positives to find out if there was a breach of compliance or a potential problem, and this is quite costly.
And, since the number and complexity of regulations is likely to increase, the need for smart ways to automate compliance functions increases as well.
In conclusion, I’d say that mid-sized banks in Switzerland should go for reg-tech.