As technology moves ahead, are utilities the upgrade you need?

Authors

Keith Pogson

EY Global Assurance Leader, Banking & Capital Markets and EY Asia-Pacific Financial Services Senior Partner

Financial services advisor. Thought leader. Public speaker. HKICPA and ICAEW Fellow. Active advocate for gender equality.

Kara Cauter

EY EMEIA Capital Markets Advisory Partner

Capital markets regulatory leader. Technology led transformation of compliance and control. Committed advocate of women and children. Open minded and outspoken. Gourmet gardener. Runner. Wife. Mother.

7 minute read 19 Oct 2018

Utilities and shared service models could be the future, but they must keep up with the risk and compliance challenges of financial markets.

As technology transforms risk management, financial institutions face both opportunities and threats. Digital processes have the potential to make compliance more effective and efficient but, for many organizations, major technology improvements are stymied by cost and talent constraints.

The use of compliance-led shared services models is helping overcome these issues, but a series of major hurdles is preventing their wider adoption. Acting now to clear these barriers can help institutions and regulators seize the true potential of collaboration and technology to transform how financial risk is managed in a digital age.

Is collaborating to comply the way forward?

The use of utilities in financial services is nothing new. For years, firms have outsourced or centralized core operational activities to reduce costs, pool resources and improve efficiencies. Recently, financial institutions have begun to extend the use of shared services models in the risk and compliance management space, motivated by the need to drive down costs, access scarce talent and make better use of technology.

Digital technologies, particularly automation and analytics, hold great potential to increase efficiency and improve the performance of many risk management functions. But digitally driven processes are expensive to implement and require highly skilled specialist staff to establish and run, presenting major challenges to institutions already grappling with financial constraints and talent gaps. This is prompting many to consider how pooling resources via a shared services model could enable greater use of digital technologies in risk areas where large volumes of data and processing are involved, such as:

  • Initial screenings for breaches of anti-money laundering obligations, regulatory reporting or automated monitoring and testing of high-volume controls
  • Managing content, including central market data repositories, regulatory rules and commonly-used applications (for example, in a cloud platform)
  • Ongoing identification and verification of potential customers and commonly-used vendors

The regulators’ perspective

Most regulators welcome the prospect of “collaborative compliance” with cautious enthusiasm. While they are wary of risks — particularly their lack of direct oversight of many service providers and the repercussions of flawed data in a shared services ecosystem — most embrace the opportunity for shared services models to improve outcomes. They also see potential for these models to enhance competition by making complex compliance capabilities available to smaller market participants. The US Office of the Comptroller of the Currency has said that it believes collaboration around compliance could strengthen the “future vitality” of community banks and that it supports community banks in exploring opportunities to achieve economies of scale and the other potential benefits of collaboration.”

One clear and consistent message from regulators around the use of third-party providers is that all risks associated with use of data remain with financial institutions. In announcing its latest public consultation on outsourcing, the European Bank Authority reiterated its stance that Institutions should be able to effectively control, challenge the quality and performance of outsourced processes, services and activities, and carry out their own risk assessment and ongoing monitoring.” This is a challenging ask in a complex services ecosystem.

How can we clear hurdles to adoption?

Adoption of the next wave of compliance-led shared services models in financial risk management and compliance has been slow to accelerate, despite the opportunities that new technology offers to reduce costs and improve operations and outcomes through collaboration.

A number of significant hurdles have hindered adoption, but these could be overcome if banks and regulators act now:

Hurdle: regulatory confusion leads to duplication. Even when banks outsource compliance functions, concerns around regulatory expectations are prompting many to carry out shadow processes in-house to mitigate risk. And with no industry-wide standards to assess and monitor potential vendors, these efforts, too, are duplicated across many individual firms, undermining cost benefits and dampening enthusiasm for wider rollouts.

Solution: clarify accountabilities. It’s understandable that financial institutions are cautious about outsourcing compliance when regulators will still hold them accountable for any breaches by shared services providers. This can be overcome by institutions and providers working together to document processes, confirm that providers understand regulatory obligations, and clarify risks and roles.

Hurdle: legacy manual processes. Many shared service providers are yet to evolve their manually driven processes, which limits the ability to derive real cost and efficiency savings.

Solution: comprehensive digitization and automation of processes. True transformation of compliance processes will be digitally driven, but full automation will require commitment and resources from both shared services providers and their customers. Greater uptake of these services will drive the scale needed to encourage utilities to invest in technology, which, in turn, will further boost their reach across the sector.

Hurdle: reputational and regulatory impact if it still breaks. Some banks are waiting to invest in shared services until regulators offer more clarity around their expectations and support in case of any “teething issues” experienced through the use of new technologies and utilities.

Solution: regulatory flexibility and support for innovation. Regulators are acknowledging that transitioning to new models and new technology may not always be smooth. Many, including an innovation network brought together by the UK’s Financial Conduct Authority (FCA), are rolling out “sandbox” initiatives to test what the FCA describes as “innovation-related topics.” There are opportunities to extend this sandbox approach beyond specific new services to include broader utility proposals, which could, in turn, help support firms work more effectively with service providers to provide smooth transitions to collaborative models. Financial firms and service providers can help themselves by improving planning and governance over transitions to new operating models.

Hurdle: inconsistencies in data and regulations. Shared services providers are finding it difficult to develop standardized, leading-class risk approaches due to the fragmented, inconsistent processes, use of data and definition of standards by financial institutions and regulators.

Jurisdictional differences in regulatory definitions, rules and regulations — in particular, complex, and often conflicting, data privacy requirements — are complicating efforts to centralize information in shared services centers. Even when data can be pooled in data lakes, concerns around resilience and security lead some firms, regulators and even the public, to favor a decentralized model, perpetuating fragmentation.

Solution: fix it, shift it and create a single version of the truth. Maximizing the benefits of investment in utilities will require financial institutions to clean up their data and align patchwork processes to prepare for a phased, controlled shift of data to shared services providers. In this way, they will prioritize changes to processes while enhancing the ability of providers to harmonize and offer leading-class approaches.

For regulators, standardization of rules can allow machines to take on more compliance tasks. Building this scale will accelerate momentum, boosting the development of standardized processes, technologies and data repositories.

Act now to accelerate adoption

Shared services have the power to unlock the true potential of technology to improve financial compliance and risk — but only if they can evolve for a digital era. Financial institutions, service providers and regulators will have to work together if they are to overcome the hurdles holding back these models from achieving the reach, scale and sophistication needed to match the operations of both leading-class financial market participants and malicious actors.

Summary

Shared services have the power to unlock the true potential of technology to improve financial compliance and risk — but only if they can evolve for a digital era.

About this article

Authors

Keith Pogson

EY Global Assurance Leader, Banking & Capital Markets and EY Asia-Pacific Financial Services Senior Partner

Financial services advisor. Thought leader. Public speaker. HKICPA and ICAEW Fellow. Active advocate for gender equality.

Kara Cauter

EY EMEIA Capital Markets Advisory Partner

Capital markets regulatory leader. Technology led transformation of compliance and control. Committed advocate of women and children. Open minded and outspoken. Gourmet gardener. Runner. Wife. Mother.