Compliance will kill the bank

I was talking with a banker at a recent conference, and was surprised by his attitude. He’s not worried about Amazon, Google or Alibaba; he’s not concerned about FinTech start-ups, Revolut or Monzo; he doesn’t really care about Open Banking and software; as for machine learning, artificial intelligence (AI) and the like, you might as well shove it.

No. What was concerning him was compliance.

He didn’t even mean in the regulatory sense. He meant just compliance in general.

Compliance.

I use the stat often that a global bank has to deal with 185 regulatory changes per day, or a change every twelve minutes, and that a typical bank faces 128,000 regulations compared with technology firms that deal with just 27,000.

Yes, regulatory compliance is a big overhead.

According to some banks, one in three people are checking what the others are doing; in some banks it may be as high as two out of three. That’s real bad.

But if you could automate compliance, wouldn’t that make a big difference? If you could use AI to manage the whole darn mess for you, wouldn’t that make a difference? If you could get rid of all those human checkers and just have the whole thing run by software, wouldn’t that make a difference?

Yes, yes, yes, he told me. But it’s too late.

It’s too late? What do you mean? It’s never too late.

Yes, it’s too late, he told me. This is because, by the time we develop the software structures to automate compliance, we’ll be out of business.

Hmmm. That’s a particularly negative view of the world I thought. But then I reflected on his outlook.

OK, there’s a whole raft of regulations banks need to deal with. Unfortunately, in Europe and America, banks also have the view that if the regulator doesn’t allow it, then they won’t do it. China has a different view: do it and then ask for forgiveness. We Europeans don’t like to try out anything without asking for permission first.

This means that we take each and every regulation and try to implement it in its entirety. Just look at PSD2 or MIFID2 if you want to see what I mean. So, we end up absorbing 1000’s of words of regulatory text and then employ thousands of people to implement it. We end up with a raft of people working on regulatory implementation and then a raft of other people checking that the first set of people and their working counterparts are adhering to the interpretation of that regulation.

That’s why we have one or two in every three people working in some form or regulatory or compliance role, and why there is such an overhead in banks of checkers checking the checkers checking the workers who are being checked again.

Compliance.

It might not kill the bank, but it sure does give them a headache.