3 Best Practices For Regulatory Compliance

Best practices have emerged that financial institutions can use not only to meet new regulatory standards, but to improve business processes and align strategies.

Since the financial crisis, banks have had to navigate a more complex regulatory environment than ever before. The sweeping Dodd-Frank Wall Street Reform and Consumer Protection Act was designed to prevent another such collapse, and in the process added many more compliance statutes banks have had to meet. Additionally, in 2009 the Federal Reserve began issuing its Supervisory Capital Assessment Program, and the subsequent annual Comprehensive Capital Assessment Review tests, commonly known as “stress tests.” The stress tests — the aim of which is for banks to show they have sufficient capital to continue to lend to households and businesses even under severely adverse conditions — were initially for the nation’s largest 19 banks, but have since been opened up to any bank with assets of more than $10 billion. Throw in international regulatory guidelines such as the Basel III accord, and regulatory compliance has never been a more daunting task than it is for banks right now.

This increased regulatory burden has necessitated increased investment, both in technology to handle the greater compliance workload and in personnel in these areas. But over the past several years some best practices have emerged, and banks have learned some valuable lessons. Here are three ways banks can survive and thrive in the new regulatory environment, and how they might continue to do so going forward.

Invest In Technology That Multitasks

It’s often painted as an either-or scenario for banks: Investing in compliance technology means fewer resources are devoted to innovation and growing the business. But it doesn’t always have to be that way. Through smart investment, BancorpSouth, a bank holding company with $12.9 billion in total assets based in Tupelo, Miss., has been able to meet new compliance standards while also improving business processes.

“It can be a challenge trying to check all the regulatory compliance boxes while also developing systems that allow you to evaluate strategic initiatives,” acknowledges Ty Lambert, first VP for BancorpSouth.

But BancorpSouth has been doing just that. The key, says Lambert, is using technology that serves multiple functions, including regulatory compliance. For example, the bank has spent money and dedicated internal resources to ramping up its risk management practices to meet new regulatory standards, but at the same time these new risk management capabilities also can be used to inform some of the bank’s other initiatives, whether making capital deployment decisions or looking at potential M&A opportunities, Lambert notes.

Also, as an institution in the $10 billion- to $50 billion-asset range, BancorpSouth was subjected to the Fed stress tests for the first time this past year. The holding company partnered with SunGard to build a new stress-testing platform using SunGard’s Ambit Risk and Performance Management suite. The platform is designed to help banks generate a complete picture of their balance sheets to aid capital allocation. Lambert says the suite not only will help meet stress-testing requirements, but also provide a long-term framework to fulfill wider risk management and regulatory objectives and help to turn the practice of compliance into a competitive advantage.

“Having this in place will really help us to evaluate our capital and allow the board to make better business decisions; it’s not just about the stress tests,” says Lambert.

Banks rely on data more than ever before to be compliant with regulatory statutes. Regulators want financial institutions to be able to document every detail of a wide range of business practices to ensure compliance. Banks certainly have all the data to do this, but without robust analytics tools it can be very hard to make sense of it all, says David Wallace, global financial services marketing manager at SAS. This can help with not just compliance but other areas of the business as well, he notes.

“Analyzing patterns of behavior separates virtue from vice across many areas of banking,” Wallace explains. “Keeping a constantly updated record of customer behavior and applying hybrid analytics to transactions or activities is a proven fraud-prevention best practice. It can also improve customer experience by more accurately predicting and delivering an optimal offer or communication in real time during a digital interaction. The same technique can also separate and identify rogue trading activities.”

Behzad Gohari, an attorney and managing director with The Althing Group, believes analytics will be key — especially in dealing with the new Basel III statutes, which require financial institutions to measure their exposure to a variety of risk-weighted assets. In the course of that process, he says, banks will both receive and produce large amounts of data — often across different countries — in order to ascertain and maintain their compliance.

“The most efficient path to compliance under Basel III is through the robust use of analytics, which, in the long term, will be a necessity,” he says. “As Basel III implementation becomes fragmented among countries — akin to different dialects in a single language — it becomes imperative to use software that will normalize seemingly disparate numbers from far-flung entities into a uniform set of digestible data and a coherent knowledge base for compliance purposes. As such, analytics expertise will become a necessity. Compliance with Basel III will require banks to translate the underlying requirements set forth by the Fed — and perhaps other central banks or regulators — into code that can systematically implement the process of gathering, mining, analyzing, and presenting the conclusions of vast points of data.”

Another reason analytics will be useful is that it allows for growth and change, adds Gohari.

“Just as there was a Basel I and II, so will there be a Basel IV,” he says.

“Financial crises are not preventable; they’re inevitable. However, with best practices, banks can help provide sufficient information to central banks in a manner that will mitigate the impact of future crises. Such will be the benefit of analytics to the implementation of the new rules.”

SAS’s Wallace also touts the benefits of data visualization. Risk managers, compliance officers, analysts, and executives need to be able to see data, navigate it, and discover relationships graphically for critical business decisions, he says. Analyzing aggregated risk exposures, for example, must involve data exploration to deliver the insights that management needs, notes Wallace.

Make Compliance A Business Priority

Gone are the days when a bank’s compliance team could work as an independent entity unto itself. Alignment between compliance and risk management and lines of business is more crucial than ever before. In fact, compliance has taken a place solidly as a business priority, not just a regulatory burden, says Paul Henninger, global product director, BAE Systems Detica.

“Regulatory activity around major ‘know your customer’ issues, Libor manipulation, and recent scrutiny of foreign exchange activity have made it clear that large-scale risk events have had a major impact on share price, executive careers, and banks’ ability to operate their business,” adds Henninger. “Financial institutions are in the process of aligning controls that cross AML compliance, fraud, market abuse, and operational risk functions to better protect themselves from the financial and reputational fallout that occur in the wake of high-profile incidents like rogue trading or serious money-laundering violations.”

He notes that this new alignment is taking a number of forms, but key among them are establishing a centralized financial investigations or enhanced investigations function, along with a technology capability that pulls in risk activity from all areas of the bank and across regions.

“This is a nontrivial undertaking that requires an approach that creates useful linkages across disparate risk events, not just more noise, and that takes into account data sharing sensitivities across geographic boundaries,” Henninger adds. “The goal is to understand where discrete risk events managed separately can add up to a major business risk for the bank. Alignment between compliance, risk management, IT, and line-of-business functions has never been more critical, and new projects to replace or establish reporting and analytic infrastructure require a plan that extends to budget and resource management, training, and governance.”

Alignment among lines of business also means breaking down data silos, adds SAS’s Wallace. But this is not such an easy task. The work of dismantling and integrating the results of more than 30 years of mergers, acquisitions, and expansions will continue for many years, he says.

“Data federation, master data management, and data governance incorporate practices like a business data glossary, remediation and quality routines, entity resolution, and metadata management,” he says. “These techniques, along with a banking data model, can provide a streamlined and trusted aggregated data repository for high-priority projects.”

Bryan Yurcan is associate editor for Bank Systems and Technology. He has worked in various editorial capacities for newspapers and magazines for the past 8 years. After beginning his career as a municipal and courts reporter for daily newspapers in upstate New York, Bryan has ... View Full Bio