Home / Grid / Bank regulations change every 12 minutes

Bank regulations change every 12 minutes

I recently spent a day in a meeting discussing Governance, Risk and Compliance (GRC) … yawn.  Well, it is a bit of a dull area, but highly important.  In fact, what gets me is that regulations are the big ticket barrier to change in banking.  It’s what protects the banks from disruption and change, as I’ve blogged before.  It’s as John Cryan put it the other day:  “Everything regulated tends to continue as it is”.

That doesn’t mean that a bank should be lazy and complacent, as many are, but that the banks can respond to change at their own pace, rather than being forced to change by new competitors.  In fact, the only change factor in banking is regulation.  As someone put it to me the other day: “if the regulator said we had to do it (blockchain, artificial intelligence, APIs, whatever), then we’d do it”.  That’s the only reason why faster payments happened and is the only reason the banks are talking about Open Banking: because the regulator told them to do it.

But the regulators are getting more and more difficult to deal with.  In fact, I’ve lost the plot when it comes aligning regulations at global, regional and national levels because often they are not aligned.  They conflict and contrast, have local interpretations, gold plating and implementations vary between banks.  This was mentioned the other day in respect of money laundering:

Spain has by far the largest number of politically exposed persons – those singled out for higher risk controls by banks – because it uses an expansive definition of local officials. Financial institutions then apply their own interpretations of the rules in their compliance, which can also vary from peers.

And it’s not getting easier.  In fact, it’s getting harder.

I remember Jamie Dimon’s shareholder letter in 2012 getting him the label Whiner Dimon for complaining about the complex network of regulations they now had to deal with:

We have hundreds of rules, many of which are uncoordinated and inconsistent with each other. While legislation obviously is political, we now have allowed regulation to become politicized, which we believe will likely lead to some bad outcomes.

But he was right. Just look at the graphic below and you can see why:


Maybe that’s why so many of the details of Dodd-Frank are yet to be implemented months, or even years, after their deadline dates:

Of the 390 total rulemaking requirements, 274 (70.3%) have been met with finalized rules and rules have been proposed that would meet 36 (9.2%) more. Rules have not yet been proposed to meet 80 (20.5%) rulemaking requirements.

In Europe it’s no better.  EMIR, UCITS, CRD, PSD, MiFID and the whole raft of other inter-related, but separated directives and regulations, are causing just as much of a mess over here.  In fact, Thomson Reuters monitor all this stuff, and say that the number of regulatory changes a bank has to deal with every day has increased from 10 in 2004 to 185 today.  That’s a regulatory change that has to be interpreted and implemented every 12 minutes.

The Thomson Reuters Regulatory Intelligence Feeds monitors 750 different regulators globally for changes to bank rules, and updates compliance teams three times a day with what’s going on.  Even so, and even with all that insight, it’s too darned difficult to keep up with.

A great example is the Volcker Rule.  Starting out at just three pages, it ballooned into 298 pages by the time it was written into law, and accompanied by 1,300 questions. pages by the time of implementation.  No wonder compliance costs are the biggest overhead in the banking business.

Surely there must be a better way of doing business?

About Chris M Skinner

Chris M Skinner
Chris Skinner is best known as an independent commentator on the financial markets through his blog, the Finanser.com, as author of the bestselling book Digital Bank, and Chair of the European networking forum the Financial Services Club. He has been voted one of the most influential people in banking by The Financial Brand (as well as one of the best blogs), a FinTech Titan (Next Bank), one of the Fintech Leaders you need to follow (City AM, Deluxe and Jax Finance), as well as one of the Top 40 most influential people in financial technology by the Wall Street Journal’s Financial News. To learn more click here...

Check Also

Bitcoin: More electricity consumption than the entire planet?

I am tempted to predict the price of bitcoin for the end of 2018 but …

  • Pingback: The Semantic Regulator (#RegTech Rules) - Chris Skinner's blog()

  • Huh? Sorry, but I must jump in here. First, the 43,420 “alerts” number is lifted directly from a Thompson Reuters marketing scare piece, and has no thought given to it.


    If you do the math, it means we see just shy of 21 changes per hour, per 8-hour day, day in day out, year-round. (bankers and regulators don’t do overtime) That is nonsense. Maybe that’s some crazy global number if you add up every single change requested by the EU, China and every other country that has a bank, but when I go to the NCUA web site, for example, I see the following:


    We can all see that in 2015 there are 5, count them 5, regulatory alerts for the thousands of credit unions that are in business in America.

    This is just another bit of prose that is divorced from the reality of the vast majority of financial institutions in America, those that use COTS systems for their processing, where their regulatory concerns are less complicated than tier 1 banks (85% + of American financial institutions are under 1 billion in assets and far removed from the exclusion level of most federal post-crisis guidelines); where instead of saying “if the regulator said we had to …” financial institutions would simply say “when my vendor provides it, I will have it…”. Full stop.

    This use of big bank problems, which are legion, to make it appear as if they are industry problems is very misleading. The onus for change sits squarely on the shoulders of Fiserv, FIS and their ilk.

    Who cares how may PEP instances Spain has? What is the point?

    Chris, take another pass at this and explain what your point is, please.

    • Chris M Skinner


      Your point is also misleading. USA institutions face different regulatory requirements between every state and, if you are a national bank like JPMorgan then, as illustrated, it is a minefield of overlapping regulations across the universal banking operations.

      It may be different for a small, single state credit union, but a global, universal bank, does face a regulatory change every 12 minutes on average, due to having to deal with regulatory requirements in 200 countries across their insurance, retail, commercial and investment banking operations.

      That was the point of this article and its sequel – the semantic regulator – explains how to deal with the issue.



  • Pingback: The FinTech Wave, Part Two - Chris Skinner's blog()

  • Pingback: AI in banking is all about risk management - 11:FS()

  • Pingback: AI in banking is all about risk management - Chris Skinner's blog()