Most CIOs, Risk and Compliance Officers, and IT Managers manage to a budget and are often left trying to determine whether to spend money upgrading infrastructure, increasing operational efficiency, reducing credit risk, enhancing collections, or improving the scope of compliance review and audit functions. All of these areas deserve attention and each has a significant impact on a company’s bottom line, so allocating funds is more challenging than ever.
In my experience, the one that seems to get overlooked or underfunded most frequently is investment in Compliance Automation. An unfortunate observation considering the potential for such efforts to offer a better and more effective approach to meet regulatory mandates, reducing costs of manual auditing, and decreasing the risk of penalties.
Accuracy & Reliability: Many financial institutions have teams of people who perform random sample audits to ensure adherence with State and Federal regulations. Random samples tend to identify some issues in operating procedures and may even single out a few specific instances of human error. I am certain that most of the financial institutions found to be deficient by the regulators had random sampling programs in place. So while the approach is certainly better than doing nothing, random sampling does little to mitigate compliance risk.
Unlike manual compliance approaches, automation allows for more accurate, timely and complete coverage. The ability to assess compliance with multiple regulations, automatically redress and track the remediation actions through to resolution, as well as maintaining the status of identified issues are benefits of designing and implementing automated compliance processes. Identifying every account and/or customer that falls within the scope of each directive and understanding the criteria that triggers each regulation is critical to the success of any automation process. Most importantly, properly implemented automation and audit trails provide an organization with the ability to confidently prove compliance to the auditing agency.
Cost-Effectiveness: The risk to the organization can be very high. CFPB and OCC audits or reviews can uncover issues resulting in fines from thousands to millions depending on the number of customers or accounts impacted, the value of the impact, and the processes in place to review and ensure conformance – or more importantly – the lack of processes. The cost of manual assessments is significant and, given the potential for multiple complex scenarios in a regulation, increases the possibility of human-error resulting in unidentified issues. Compared to these less efficient manual efforts, automation offers a more unified conformity and risk management approach, whereby the evaluation of adherence issues including relative risk, order of critical importance, and comparable cost allow for prioritization. The accumulation of such information invariably impacts an organization’s ability to address issues and allocate resources accordingly. Look through recent CFPB or OCC reviews and associated fines. Designing and implementing mechanisms to verify abidance typically costs a fraction of the fine or the cost to repair a company’s reputation and regain customer trust when regulators identify issues.
Adoption and Adaptation: Adherence to regulations should be thought of as a continuing process, rather than a singular event. To provide productive and sustainable solutions, mechanisms must be implemented to allow for configuration of key parameters and alert notifications. Automation, when designed and implemented correctly, facilitates the ability to alter rules and account for the amending of legislation and the outright repeal of laws. The Trump administration has repeatedly signaled changes in the regulation of consumer financial services, issuing an Executive Order titled “Core Principles for Regulating the United States Financial System” on February 3, 2017. While these “Core Principles” do not expressly mention the CFPB or consumer financial protection, several imply that changes, while not imminent, are likely in the future. In the meantime, compliance with existing regulations remains in effect pending further administrative action and congressional legislation. When purchasing or designing compliance automation solutions, remember that regulations evolve over time and you either need your solution to be able to handle rule changes or you will need to pay for customization.
“Over the past five years, we have returned almost $12 billion to 29 million consumers and imposed about $600 million in civil penalties.” (CFPB Director Richard Cordray, prepared opening statement before the House Committee on Financial Services, April 5, 2017)
Conclusion: In the end, the goal of any organization should be to implement processes to ensure that their treatment of customers is consistent with the organizations’ values and complies with all laws and regulations in the most efficient and accurate way possible. There may still be a need for people to manually review certain outlier cases and scenarios, but if automation can ensure compliance for a larger percentage or preferably 100% coverage of customers and accounts, the cost savings can be significant when compared to a single encounter with the CFPB or OCC.