Compliance is starting to break the bank — it doesn’t have to

On February 21, 2024, LexisNexis Risk Solutions published its True Cost of Financial Crime Compliance Study, reporting on the results of a global online survey to evaluate the cost, current state, and challenges presented by financial crime compliance operations amongst financial institutions. From May to June 2023, the survey sought input from 1,181 senior decision-makers at financial institutions, with 160 participants from the U.S. and Canada.

The study revealed that financial crime compliance costs have increased 98% for both Canadian and U.S. financial institutions, with industry costs soaring to $61 billion, and that financial institutions are keen to prioritize finding efficiencies to cut costs. As the study reveals, technology and outsourcing have been top of mind for financial institutions, both large and small, to deal with the increasingly complex compliance regulatory landscape and heightened customer expectations.

These rising costs underscore the importance of designing a tailored and purposeful compliance plan which reflects the unique risks facing each organization and its business. Despite rising costs, prioritizing a strong compliance foundation and investing in solutions to address organizations’ specific pain points can still be cost-effective, without sacrificing adherence to regulators’ ever-increasing expectations.

Top drivers of compliance costs for financial institutions

The study identified the escalation of financial crime regulations and heightened regulatory expectations as primary factors driving increases in compliance costs, which is likely a product of both increased criminal use of advanced technology and mounting pressure on regulators to tackle modern financial crimes. Among other things, the growth of crypto currency and digital payments, along with the potential for fraud and supply chain or trade-based money laundering, has attracted particular scrutiny from regulators. Further, Canada has been singled out internationally for its perceived lax regulation and enforcement of anti-money laundering (AML) and anti-terrorist financing (ATF) conduct — Transparency International has consistently placed Canada in the bottom ranking of G20 countries in its ability to meet G20 AML commitments.

Financial institutions are largely perceived as key players in the fight against modern financial crimes and have thus faced the brunt of the regulatory burden in recent years. For instance, through the federal government’s Budget 2023, several legislative reforms were introduced to Canada’s AML/ATF regime, including new powers awarded to the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) to levy administrative monetary penalties against violators’ directors, officers and agents, the criminalization of unregistered money services businesses (MSBs), new obligations for the financial sector to report sanctions-related information to FINTRAC, and new authority to the Minister of Finance under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) to impose enhanced due diligence requirements to protect Canada’s financial system from the financing of national security threats. Further, as we discussed in our Osler Legal Outlook article, new regulations will come into force on October 11, 2024 requiring the mortgage sector to comply with new AML/ATF obligations and, beginning on April 1, 2024, FINTRAC will implement a new cost-recovery funding model imposing compliance costs on banks, federally regulated trust and loan companies and life insurance companies, as well as any reporting entities under the PCMLTFA that submit 500 or more threshold reports during the fiscal year.

The study identified that regulatory changes in both the U.S. and Canada have led to increases in screening alert numbers and steep increases in compliance workloads. Compliance obligations — most notably related to know-your-client (KYC) identification and verification measures — are also running up against increasing customer expectations for near-instant gratification when completing financial transactions and payment processing. Surveyors in the study expressed feeling stuck in the precarious position of balancing customer satisfaction with regulatory adherence.

Financial institutions, both large and small, have been turning to technology and outsourcing to ease the labour burden associated with compliance in modern times:

• 80% of compliance departments reported that they were seeking opportunities to automate some of their activities in the next three years
• 78% of respondent financial institutions were looking to outsource some of their activities in the next three years, and
• 79% of respondent organizations noticed rises in technology costs related to compliance and KYC software in the past 12 months, while technology costs associated with networks, systems and remote work have increased for 75% of businesses

The study ultimately recommended that financial institutions focus on finding the right partners (such as financial crime technology partners) to complement their in-house compliance teams and embrace new technologies to respond to new financial crimes, such as artificial intelligence/machine learning-based compliance models, privacy-preserving technologies, and advanced analytics in their financial crime compliance solutions to identify new crime patterns rapidly.

Businesses should not lose sight of core compliance principles

Financial institutions and other businesses alike have recognized the need to invest in compliance measures to safeguard against the serious consequences of compliance failures — legal challenges, regulatory enforcement actions, hefty fines, and significant reputational damage. Outside the financial sector, businesses are similarly facing the burden of compliance with domestic and foreign anti-bribery and corruption laws, ESG reporting requirements, and Canada’s new modern slavery regime (as we have previously written).

The rising costs of compliance measures underscore the importance of taking a thoughtful approach to compliance to ensure resources are effectively deployed to address the risks facing each company. There is no one-size-fits all compliance strategy for all organizations and there is no one all-encompassing software solution that will solve every compliance challenge: a truly cost-effective compliance strategy should be tailored to the risks associated with an organization’s industry, geography, and the counterparties with whom it does business. Further, while the innovative solutions outlined in this recent study are welcome tools, they are not a replacement for and should only serve to complement a solid compliance foundation, which begins by fostering a culture of compliance throughout the organization (by setting a “tone at the top” of compliance), setting clear expectations through policies and procedures, and providing adequate training. If done right, building a strategic and effective compliance program is an investment that will pay for itself in the long run.