The Evolution of IT Systems for Regulatory Compliance

For decades, status quo reporting was the norm for financial institutions. However, since the global financial crisis in 2008, banks and other financial institutions have experienced an increased mandate in reporting and compliance requirements, and as a result felt increased pressure on cost control as margins are squeezed and revenues decline. Increased regulatory burdens and merger and acquisition activity also mean that the business structure of many firms has become significantly more complex.

To address this complexity and help banks maximize their resources and protect the bottom line, financial firms are improving their IT systems and embracing smarter technologies. A data infrastructure that is holistic and serves multiple business lines simultaneously is key to banks’ ability to effectively meet regulatory and compliance needs – but more importantly, serve its customers’ evolving needs. This is achieved by breaking down silos within the organization and using principle-based approaches that support streamlined data service initiatives.

Data Infrastructure for the Whole Enterprise

As part of a de-siloed approach to business and IT infrastructure, firms must overcome legacy behaviors. For instance, there is a tendency to think compliance should sit solely within the compliance department. However, it is crucial to have a comprehensive view of compliance across the enterprise – especially within an increasingly complex regulatory environment - and leverage the right IT infrastructure to make the process efficient and effective.

As more banks and financial firms embrace this best practice, we are starting to see the lines of compliance reporting start to blur. Compliance processes are shifting from the legal to the risk department so that firms can more accurately assess levels of overall risk. Even IT departments, which are managing the infrastructure to facilitate this holistic approach to compliance, are now involved.

This change reflects the regulation-driven requirement to move compliance beyond an advisory function to develop a stronger assurance capability. This level of reassurance is extensive and exhaustive, and thus heightens the importance of a strong IT data system to help manage complex compliance reporting and risk assessment. To illustrate the complexity of this reporting, consider the standard Office of the Comptroller of the Currency (OCC) Enforcement Actions (EA), which now include a full assessment of AML risk associated with each line of business in addition to an enterprise-wide assessment.

Culture of Compliance

Since the last financial crisis, this extensive level of reporting has become expected. Unfortunately, the process of streamlining compliance and risk reporting requirements is neither easy nor cost or time effective with most firms’ existing IT infrastructure, which negatively impacts revenue margins. Organizations need to understand how compliance impacts the bottom line. As such, it should not be a treated as a matter of simply checking a box. Rather, compliance departments should advise on strategy from the outset on all projects and speak to where compliance can help or hurt the bottom line.

For instance, ineffective controls lead to poor decisions, which can negatively impact business growth areas. Consider that if lending customer complaints are not properly tracked and audited but are still aligned with Profit & Loss Statements and employee performance, the business can easily make the mistake that performance is good and complaint controls are working. The CFPB would have a field day in an audit.

The Rise of the Chief Data Officer

Given the heightened role of IT in compliance reporting, and the terabytes of sensitive corporate data and information that reside in the data infrastructure, senior IT executives and CTOs have taken on more responsibility. In response, the creation of the chief data officer (CDO) role is an increasingly common practice. The responsibilities and decision-making clout among these executives are growing to ensure that data quality serves its purpose across the entire organization but is in line with regulators’ expectations and complies with a growing base of standards.

While some financial firms may be hesitant to justify appointing a CDO from a commercial and business perspective, consider that senior IT executives / CTOs are responsible for gathering, analyzing and responding to an unprecedented amount of data that affects a company’s adherence to compliance and its bottom line.

An on-going commitment to data quality for compliance and risk assessment requirements is also reflected in the standard OCC EA. A full risk assessment will be conducted periodically—at least once per year—so financial institutions must invest in compliance structures year-round.

By mapping out exactly how data architecture ties directly into regulatory directives, senior IT executives, CTOs and CDOs can ensure the business is always working towards a bottom line that is still consistent with regulatory goals and mandates. Furthermore, IT can help outline how to improve cost margins and revenue by maximizing and streamlining resources necessary for today’s reporting in an ever-changing and increasingly complex regulatory landscape.


This article was originally published on Click to read.