Post the financial crisis, Risk & Compliance have invariably become top priorities for a bank’s senior management. The complex banking system in the US with multiple regulators have multiple regulatory requirements. And to increase the burden, the Dodd Frank Act has led to a systemic overhaul of the banking industry.
Interestingly Cost, Complexity & Changes have been cited as the 3Cs of concerns around compliance for any bank across the globe. Cost is usually attributed to the increasing resource and IT infrastructure requirements with no single solution to cater to all compliance needs. Complexity is due to regulatory pressures on a wide variety of subject areas (ALM, AML/Fraud/SAR, Basel, Stress Testing, etc.) covering all business lines. Finally, the “ever-changing” regulatory environment requires a bank’s compliance team to provide an interface with the regulators and always be on their toes to track and pivot accordingly.
Figure 1: Risk & Compliance: Major hurdles in a bank’s growth story
Risk and Compliance Data Requirements
Traditionally, IT departments in banks have been isolated from the compliance and risk functions, leading to a silo-ed approach for multiple compliance requirements. No single technology solution has the ability to cater to all compliance and risk requirements. Thus, the ability to generate timely and accurate aggregated data has always been an impediment to a robust compliance strategy. An integrated data repository increases the quality of data, limits errors and fosters a conducive environment for on-demand and ad-hoc reporting.
Let’s take a scenario of regulatory reporting, primarily because data required for the same, spreads across multiple systems. A country’s regulatory reporting requirements may vary depending upon:
1) Number of regulators, such as FRB (Federal Reserve Board), OCC (Office of Comptroller of Currency), FDIC (Federal Deposit Insurance Corporation) and many more.
2) Kind of products and regulations around them (Mortgage as a product is highly developed in the US and has a separate set of compliance and reporting requirements).
3) Size of bank (CCAR/ Stress Testing is not mandatory for banks with < US$10b in assets)
4) Frequency of reporting (Call Report is submitted quarterly, while 2900 series is weekly)
Typically, regulatory reporting data requirements can be classified into categories as mentioned in Figure 2. As can be seen, most of the subject areas are covered and a robust regulatory reporting system would require data to be fetched from multiple source systems. So, a regulatory reporting division would aggregate large amounts of data from various systems for timely and accurate submissions. But is the large amount of accumulated data being used for any other purpose?
Figure 2: Data requirements for regulatory reporting
Analytics woven around Risk and Compliance Data
Let’s first analyse the various fields of Analytics that a bank could require:
1) Financial & Risk Analytics: A CFO/CRO would want to be up to date on the financial health of the bank at all times by tracking key KPIs such as Cost-to-Income, Net Interest Margin, Return On Equity, Return On Assets, etc.; at the bank level as well as the divisional level
2) Customer and Product Analytics: Customers are at the heart of a bank, and products are its actual customer facing offerings. It is imperative for a bank to answer its “What to offer?”, “Who to offer?” and “How to offer?” questions. After acquiring a customer, the next level of questions that need to be answered are “How profitable is the customer?”, “Should I invest more on the customer and what else can I offer to the customer?”. If we take a bottom-up approach, then customer and product profitability are what would determine a bank’s profitability.
3) Operational Analytics: Any organization cannot operate without the Service Business Units. Channels, IT, HR and Finance are a few Service Business Units for a bank. Channel effectiveness and productivity, ATM usage, application turn-around time, RM performance management, employee attrition/retention, etc. are a few KPIs, a bank would track to assess the efficiency of a service business unit.
Apart from the above subject areas, competitive benchmarking and market analysis is another major concern for most banks. ‘How well am I performing against competing banks?”, “What markets should I enter?”, “Which product should I offer in the market?”, are a few questions which can be answered by a healthy merger of external data with the bank’s internal data.
Analytics on the above subject areas require a certain amount of additional data for effectively communicating various insights to the management.
Financial and Risk Analytics
Budgets and Forecasts play an important part in the financial analysis of a bank. Most of the banks operate on the basis of periodic goals and achievements, which are not tracked by the regulator. Therefore, we need to have a mechanism to get this data into the system, if we need to make an effective analysis.
Customer and Product Analytics
Customer Relationship Management systems are a rich source of information on the sales efficiency of the bank and also provide useful information on campaigns and marketing effectiveness. This data is usually not needed by compliance and has to be sourced separately for an effective analysis of the customer profitability and product life cycle management.
Loan Origination systems again hold valuable information regarding products and customers and are used widely in banks. This data helps assess the loan conversion efficiencies and overall credit requirement quality in terms of incoming customers and advances made. This is an essential repository that needs to be mined for valuable insights along with compliance data.
IT Support is considered as one of the prime areas of focus for many banks, which leads multiple strategic initiatives and supports them for the bank. But unfortunately, a number of metrics regarding the performance and efficiency of this area are not collected for compliance, but are an essential analysis source to assess the effectiveness of a robust IT platform within the bank.
Human Resources and Finance can be compared to IT Support and can be considered even more important, as banking is still a resource intensive knowledge based industry and has quite a few measures that they track on a regular basis regarding acquisition, retention and attrition of employees dissected at various levels such as Region and Business Unit.
Figure 3: Mapping compliance data to analytics data
Value of an End-to-end Solution
IT infrastructure investments for risk and compliance are not small and are not everyday decisions made by management. Moreover, whenever a regulation changes or a new regulation comes up, there is an incremental investment or the previous investment could go waste. So, before a bank makes a judgement on its IT investment the below points should be evaluated:
1) Holistic Approach: The technological infrastructure should assess requirements holistically to reap the maximum benefits from data acquired and function as the centralized ecosystem to transmit information from various source systems within the bank.
2) Flexibility: Any technological investment should demonstrate flexibility to adopt and re-engage to any regulatory changes. Most studies have shown that making changes to legacy systems is cumbersome. Hence, any new regulatory changes should be captured by the technological infrastructure investment, without any impact on legacy systems.
3) Reusability: Data accumulated for risk and compliance should be reused for an integrated analytics platform. The time and effort required to acquire any incremental data should be minimal
The banks’ management should target to achieve appropriate returns from investments in Risk and Compliance solutions. Essentially, an offering with a holistic view on the Risk and Compliance requirements of a bank is still incomplete, if it does not provide insights on growth and profitability, using the enormous amount of data acquired.