Although on the increase, financial penalties are only the tip of the iceberg for non-compliance in the financial sector according to a review published by Thomson Reuters.
First published in 2008, ‘The rising costs of non-compliance: from the end of a career to the end of a firm’, Thomson Reuters looks at the compliance landscape in financial services organisations then and now.
“Regulators have lost patience and in a world where super-size fines no longer either shock or deter have moved on to using a wider range of measures to ensure compliant behaviour”.
As well as the financial implications of non-compliance, Thomson Reuters highlighted 15 other areas:
Financial costs of non-compliance
Monetary fines
According to Thomson Reuters:
“Regulators have lost patience and in a world where super-size fines no longer either shock or deter”.
Financial services organisations are seeing fines, although huge, merely as a cost of doing business in the industry.
Post-financial crisis and high profile collapses of a number of financial organisations, the regulators have been under increased pressure both politically and socially to ‘punish’ those organisations who fail to conduct their business properly.
Over the past five years, the fines levied by the UK Financial Services Authority has grown significantly – from £26 million in 2008 to a staggering £474 million in 2013.
Sadly, Thomson Reuters argues, these fines have simply failed to drive any significant change in behaviour and have lost their power to shock. Fines have become so commonplace in the industry that:
“We are now in an era where every global systemically important bank, as defined by the FSB, has been fined”.
This has led regulators to look at different measures to ensure compliance in the industry.
End of a business or business line
We are seeing regulators withdraw the ability of organisations to undertake regulated activities either on a temporary or permanent basis on a more regular basis as part of enforcement actions.
Within the review, Thomson Reuters gives an example of Pricewaterhouse Coopers whose Regulatory Advisory Services division was suspended from accepting consulting work on New York State Department of Financial Services-regulated financial organisations for two years – and fined $25 million in August 2014.
In the UK, Thomson Reuters cited Barclays who decided to wind down Mercers, its debt-recovery company in June 2014 prior to a UK Treasury Committee probe.
Increased capital, liquidity or solvency requirements
To prevent financial organisations from collapsing, regulators have been pushing them to rebuild their balance sheets. Changes to Basel and Solvency II, for instance, have resulted in organisations having to carry increased capital on their books to promote financial soundness.
Impact of share price
There are a few things that investors like least is uncertainty. Some of the volatility in the share prices of financial institutions can be contributed to rumours surrounding fines and regulatory enforcements.
Unquantifiable fines and unquantifiable risks for example, contributed to the decision of fund manager Neil Woodford to sell his £159 billion holdings in HSBC. He noted that ongoing investigations into HSBC’s manipulation of Libor and foreign exchange markets could expose the bank to significant financial penalties.
He also warned that:
“Fines are increasingly being sized on a bank’s ability to pay, rather than on the extent of the transgression’. A sobering thought when you consider the monetary fines discussed earlier.”
Competetive disadvantages
Damage to an organisation’s reputation, plus the time and resources required to remediate non-compliance mean that companies do not have the ability to invest in their own development – or that of their customers.
opportunity costs of non-compliance
Related to the consequence above, Thomson Reuters says that the time senior managers spend on remediation diverts attention away from the tasks they should be focusing on – growth and business performance.
Personal
Increased personal liability
Rather than simply target the institution, regulators are increasingly focusing on the individuals within those institutions as a means of changing the behaviour of the institution.
In a similar way, as the Health & Safety Executive has in the UK, senior managers within financial services organisations are being held to account for any non-compliance with a supervisory focus.
Thomson Reuters points out that 2013 was the first year that:
“The UK Financial Conduct Authority sanctioned more individuals than firms”.
Forced changes to senior management
Dismissals, demotions, pay cuts and removal of bonuses have become a feature as the regulators have focused more attention on individuals.
Need for more highly-priced risk and compliance skills
As we have discussed in this and other posts, cybersecurity, risk and compliance have never been more important. With this importance, comes the need for more resources.
Businesses and the regulators themselves are having to upskill and see new staff to meet the demands of regulatory change, reporting and day-to-day management.
Claw-backs invoked on bonuses
One of the first areas to be tackled post-2008 was to ensure that individuals were not being rewarded for taking excessive or undue risks. These were then expanded to be able to ‘claw-back’ bonuses when:
“Inappropriate risks were taken, products mis-sold or losses made”.
Operational
Expensive and time-consuming remedial actions including redress
Quite often the costs of remedial actions far outweigh the initial costs of any fines imposed on financial institutions – not least in terms of contacting customers, paying compensation (take for example the £16 billion that has been paid out for misselling PPI in the UK), employing additional staff and reforming/managing policies and procedures.
Thomson Reuters cites the example of JPMorgan who announced in late 2013 that they were intending to:
“Spend $4 billion and commit 5,000 extra employees to clean up its risk and compliance problems”
This is in addition to an extra $1.5 billion being spent on managing risk and complying with regulations and a 30% increase in risk-control staffing.
Enforced changes to business
To protect consumers (and the wider marketplace) regulators are attempting to guide appropriate behaviour amongst the industry by enforcing changes to business practices. These range from banning certain products (think single premium payment protection insurance in the UK) to the suspension of licences.
Expensive and time-consuming use of third-party or skilled persons
Skilled Persons Reviews (commonly referred to as an s166) are used by the Financial Conduct Authority as a way to independently:
“view aspects of a firm’s activities that for example cause us concern or where we require further analysis”.
The firm pays for the s166 itself and when you consider the median cost being £160,000 in 2013/14 that is not an inconsiderable figure.
Inability to recruit and retain high-quality skilled resources
With the amount of adverse publicity generated for each organisation’s non-compliance (and the industry as a whole), it is unsurprising that many are reporting problems in recruiting talented new people into the financial services sector.
This is magnified in the risk and compliance area where personal liability is resulting in higher compensation demands from individuals.
Regularory
Greater regulatory scrutiny
With more frequent and high profile non-compliance incidents, organisations have subsequently been under higher levels of scrutiny.
In the UK, organisations have been subject to ‘enhanced supervision’ and in the US, regulators have embedded ‘monitors’.
Thomson Reuters reports that non-compliance has been widespread, scrutiny has been applied market, and in some cases, sector-wide.
More regulation, cost and complexity for all
After reading each point above, you will probably be unsurprised to hear that Thomson Reuters predicts that the financial services sector will be subject to greater levels of regulation – with its increased costs and complexity as the regulators seek to learn, and correct the mistakes made in 2008.
Posted by Paul on 15th December 2014.