The past five years have seen an array of new regulations in the financial sector. And an inevitable consequence of the implementation of Sarbanes-Oxley, Basel II, the Markets in Financial Instruments Directive, Solvency II and International Financial Reporting Standards has been a massive increase in regulatory and compliance spending by financial institutions.
According to a recent Deloitte report, “In Control”, the largest 100 financial firms have seen regulatory and compliance costs rise 30% in the past three years to $56 billion. The regulatory burden has yet to peak, however, with Deloitte forecasting the figure could double to $100 billion by 2010. And this is before the costs of additional regulatory measures implemented in response to the credit crisis have been factored in.
The report suggests there is a disparity in terms of costs, directly related to the size of the institution. Regulatory and compliance spending accounts for approximately 4% of total costs for large firms, but this figure rises to 6% at smaller institutions. Deloitte also says there is evidence of regional disparities, with Anglo-American banks considered leaders, and Asia-Pacific institutions the chief laggards.
The recent surge in costs should not necessarily be considered a burden however; Deloitte believes successful compliance strategies can lead to a competitive advantage.
“Financial institutions are always seeking to find and sustain the correct balance between risk and reward, but lack of triangulation between control, risk and governance is, in most cases, a missing link that needs joining up,” asserts Chris Gentle, London-based associate partner and head of research at Deloitte.
In terms of specific recommendations to improve controls, Deloitte advocates the appointment of a fully accountable board representative to oversee controls, as well as monitoring transactions in real time where possible.
One area of weakness identified by the advisory firm was a lack of certainty over who is in charge of overall governance, control and risk management policy at many institutions. While the audit committee or board of directors would seem the logical choice, only 41% of firms polled said this was the case at their own institutions. Furthermore, only 47% of institutions have undertaken consolidation of governance and controls across borders and operational units within the past few years.
There has been much clamour in the wake of the credit crisis for senior executives to set the tone for a risk management culture, something Deloitte fully concurs with. “Senior management should be visibly involved in communicating messages about behaviour in risk and control culture through the organisation,” stated the firm.
Deloitte’s report replicates many of the themes highlighted in Ernst & Young’s recent 2008 corporate governance survey of the top 500 UK companies. Approximately 35% of directors polled in that survey listed regulation and governance as the number one challenge facing their companies in the next 12 months.
See also: BIS to modify Basel II rules