The head of retail banking at a prominent South African bank has just succeeded in meeting the highest regulatory requirement on his book of work: 100% compliance from the internal audit team, confirming that his operations will stand up to the rigorous expectations of the regulator. And yet, contrary to the celebratory team events and handshakes, he is urgently pushing his team to structure a plan to address the relentless influx of further risk and compliance requirements.

This scenario could be found at any regulated financial institution and if you have a global footprint, the governance, risk and compliance (GRC) diligence and rigor in your operations will only multiply.  Executives are finding themselves on the back foot when it comes to implementing internal and external control effectiveness requirements.

Regulators, legal teams and restrictive policy could make maintaining customer service levels and meeting customer expectations increasingly difficult; with the voice of the customer, product and distribution teams going unheard.

While consultants are quick to talk about integrated strategic programmes, experience indicates that the prioritisation of the regulatory pressures will quickly turn these objectives into a checklist of tactical items to be addressed, versus strategic objectives. With the investment into regulatory compliance running into the hundreds of millions of Rands, the question needs to be asked whether there is a way to extract competitive advancement for the organisation and derive value for customers from all this effort.

External drivers of change

While regulatory scrutiny in the financial services sector continues to increase, the emphasis on regulatory compliance requirements dominates this sector for the near-to-medium term horizons (see figure 1: drivers and the multiplier effect). In a South African context, the coming years will require significant investments as regulation from the FIC (Financial Intelligence Centre), FCA (Financial Conduct Authority) and SARB (South African Reserve Bank) places additional requirements on banks.

This is happening at a time when disruptive technology start-ups are challenging financial sector incumbents through innovative customer value propositions. Research from the June 2015 McKinsey Quarterly indicates the new entrants are targeting the lucrative retail banking segment, accounting for approximately 52% of the entire industry’s revenues. In future, this focus will also include retail lending, as well as retail savings and investment business and will have significant implications for the financial sector.

As the commoditisation of banking services gains momentum, technology innovators and business model disruptors from within and outside the industry, will further encroach on established banking platforms.  Some of these entrants and innovations have the potential to alter the industry, while others offer an insight into how banks may be able to better perform their current role.

Where size and scale no longer offer an advantage, banks need to look beyond the current operating models and perhaps leverage these innovators. Examples, such as Standard Bank’s acquisition of SnapScan, are already coming to light. While the South African regulator is cautious of banking services being provided without the involvement of the large volume banks (which offer established controls, processes and infrastructure to provide satisfactory levels of monitoring), other jurisdictions in Africa have been less challenging for new entrants.

Multiplier effect

Where financial institutions have amassed assets through acquisition and growth, many have resulted in siloed business structures. Furthermore, many of the financial institutions are centred on products and services, underpinned with layers of legacy processes, technology platforms, data stores and governance structures.

In such an organisation, each change needs to permeate across all of these levels, thereby multiplying the effective effort.

To derive value from the investment—proactive planning, decisive management and a willingness to seek strategic opportunities among such a deluge of compliance demands is required.

Cycle of change

Regulatory or compliance requirements are often perceived by management as mandatory rather than strategic. Furthermore, these may require changes to entrenched processes and are viewed with reluctance or fear. The perception that mandatory regulatory change is distracting, rather than strategically value-adding, leads the organisation to either ignore and delay the change for as long as possible or to pursue the change tactically rather than strategically.

The misalignment of the interpretation of the requirements among subject matter experts (SME) across the various domains (for example risk, compliance, assurance and audit) can add further risks to the cycle. It is therefore not a surprise that the cycle may often be repeated, with ever-tightening constraints.

As shown above, change fatigue easily sets in, making it difficult to focus on customer relationships.

The time for ticking boxes is over

Pursuing the strategic opportunities available in regulatory and legislative compliance initiatives is not easy. Given the pressing need to respond to competition, most executives are looking for the path of least resistance to implement these changes.

Tactical responses may be perceived as adequate for the time being, but in the long run, the organisation is left with negligible or negative returns on the investment costs.  The customer ultimately bears the consequences, as the costs of compliance are passed through and services become overly complex.  Shareholders thus continue to bear the costs of recurring and escalating regulatory investment.  In response, the business realises that only limited options remain as described in the following table.

Impacted	Strategic option Strategic benefits alignment	Tactical option Minimising effort to comply	No response option Non compliance
Return on investment (ROI)	Higher probability of successfully determining and managing benefits in the strategic option.	Benefits management is often not in focus due to delivery constraints. As a result, little or no ROI impact can be expected.	Escalating cost of non-compliance in the industry can only have a negative impact on the ROI.
Customer	Improved customer impact is more likely in strategic change. This must be managed as a benefit in the change exercise.	It is unlikely a tactical response will result in a positive customer impact. At best, the customer impact is uncertain.	Negative customer impact is highly likely as the trust levels deteriorate and reputational effects of non-compliance surface.
Regulator	Provides a foundation of fact-based, productive and purposeful regulator relationship.	Relationship is likely to deteriorate with time as the stakeholder fatigue sets in and realisation of diminishing returns dawns.	Negative impact on relationship is a high probability as regulator is unlikely to be open to justification of non-compliance.
Shareholder	Positive impact on shareholder relationship as managed cost, benefits and risks – where historically the expectations have been low-to-none.	Continuing escalation of cost of compliance with unpredictable benefits realisation.	Depends on enterprise strategy and justification of risk acceptance.

What is the alternative?

The longer term negative impact of tactical responses to compliance needs on the end customer, as well as the shareholders, is often overlooked. The deteriorating relationships with the regulators become more apparent as adverse media perceptions could take centre stage; while the escalation in penalties and increasing portfolio of inadequately managed risks (due to ongoing recurring efforts) can lead to wasted resources.

To remain competitive, organisations must reconsider their approach to regulatory and compliance change initiatives.  Adoption of a GRC change delivery framework to allow for benefits management and tracking, aligned with the organisational strategic roadmap, is highly advisable.  A strategic approach would allow the organisation to apply the right kind of expertise and focus to the transformation journey. The benefits are thus likely to include improvements to customer experience, ROI and regulator relationships—while also enhancing the satisfaction and engagement levels of internal stakeholders.

Conclusion

Developing a co-ordinated response that both meets regulatory demands and positively impacts customer experience is no longer a choice but an imperative.  With increasing maturity levels on this journey, purposeful and fact-based partnerships with the regulator would allow for the necessary thought leadership engagement at industry level, which many consider long overdue.