How Banks Can Effectively Manage Regulatory Changes

June 10, 2021

The accelerating pace of regulatory change

Regulatory environments globally are becoming increasingly complex – 300+ million pages of regulatory documents will be published by 2020, and 600+ legislative initiatives need to be cataloged by a medium-sized, sell-side institution to have a holistic view of their rulebook.

Global financial institutions must diligently monitor and implement change in three regulatory clusters: financial stability, prudent operations, and resolution. The flood of revisions averages 200 per day – three times the rate in 2011. The Cost of Compliance 2018 Report found that 66% of firms expect the cost of senior compliance staff to increase, up from 60% in 2017. Nearly two-thirds (61%) of firms expect the total compliance budget to be slightly or significantly more over the next year – another increase from last year (53%).


Source: Global Risk 2018: Future-Proofing the Bank Risk Agenda

Globally, banks are spending more than $270 billion a year on compliance and regulatory obligations, having on average 10–15% of their staff dedicated to compliance.

Overall, compliance costs for financial institutions amount to substantial parts of total expenses, with a negative correlation between the size of the institution and the percentage of total costs. For banks with assets ranging from $1 billion to $10 billion, total compliance costs are averaging at 2.9% of their non-interest expenses; for banks with less than $100 million in assets, the costs averaging at 8.7% of their non-interest expenses. For some banks, it takes up to $4 billion a year to cover demands ranging from checks to prevent money laundering to requirements to give more data to regulators for stress tests. By 2018, The Dodd-Frank Wall Street Reform and Consumer Protection Act had already cost banks $36 billion, with MiFID II costing €2.5 billion.

By 2021, regulatory costs are expected to rise from 4% to 10% of revenue, driven primarily by the sheer volume of regulations – each week sees an average of 45 new regulatory-related documents issued. The impact of this change on information governance in a financial institution is profound across all stages – data collection, data processing, data sharing, and data security.


Source: RegTech for Information Governance

The pressure of enforcement

As regulatory environments become increasingly complex globally, strict enforcement of new and updated guidelines leads to a highly prohibitive cost of even the simplest misstep, not to mention misconduct. The estimates suggest that the cumulative penalties imposed since 2009 rose to $345 billion by the end of 2017, an increase of $22 billion from the cumu­lative total at the end of 2016. About 54% of compliance and risk practitioners expect personal liability to go up in the next year.


Source: Global Risk 2018: Future-Proofing the Bank Risk Agenda

Financial risks alone associated with failure to adequately address regulatory requirements called for a change in the way financial services firms manage their compliance obligations and practices. Rob Fulcher, a recognized professional with 20+ years in the compliance and risk industry, explains the need for progression from manual data governance to sophisticated automation, leveraging technology made available by RegTechs.

There is a huge responsibility now on the shoulders of regulatory professionals to stay up-to-date with regulatory change, be it proposed, upcoming or effective, and ensure their organization stays compliant. Pre-2008, it was an easier task for compliance and certainly an easier task to accomplish manually. With less regulation, less volume of change, and less expectation from regulators, firms could afford to manually monitor regulators’ websites and publications to review the change and determine applicability. Typically, the change was recorded in spreadsheets and distributed to stakeholders for review of policies, controls, and risk – a clunky workflow but commonly used during a time of less regulatory scrutiny. However, after uncovering the regulatory failures of 2008, a tsunami of new regulations flooded the industry, and very quickly, the volume surpassed the individual or team capacity of monitoring change manually, as well as the limitations of static spreadsheets. Of course, it’s also difficult to retrospectively present a good audit trail for the steps compliance took when using spreadsheets and outlook.

I think it’s fair to say that compliance and risk professionals initially suffered because of a lack of information, service, and dedicated solutions to help support their challenge, but with the emergence of purpose-built RegTech firms over the last five years and a better understanding of how to properly leverage AI, machine learning, and natural language processing within compliance, there are now excellent options available to the market, helping to improve operational and commercial efficiencies. Importantly, this use of technology helps to free up compliance from the laborious task of scouring regulatory websites and instead allows them to take on more high-value tasks, such as implementing change.

“In short, I think it’s become very evident in 2019 that technology is playing a critical and influential role in effective compliance management. I believe we’ll see this trend and dependence continue to grow in the years to come.” – Rob Fulcher, CUBE

Since 2008, many of the largest financial institutions have increased their compliance staff 10X yet are still consistently falling foul of the regulators, incurring fines. However, analysts today spend 90% of their time only on data collection and organization and only 10% on data analysis – an archaic disparity in talent and intelligence allocation, leading to mistakes.

“Traditional compliance and fraud prevention programs are built on four-eyes principles, management oversight, and sign-offs. Add that to occasional, often inconsistent audits, and the resulting systems fall short of meeting these new challenges. They are simply too slow, too ineffective, and too expensive.” – How digitization is strengthening compliance and anti-fraud programs by Carolina Macri, EY, and Tomás Kong, SAP

Fulcher explains that while a number of large global banks have significantly increased the size of their compliance teams, manual processes are not scalable and sustainable any more – banks can only go so far with throwing more people at a problem before they really need to automate the processes to make them more efficient.

“If you look at the patterns in 2008, it was very reactive. Financial institutions increased their compliance costs and increased their compliance resources, but the volume of regulations just kept on coming, and you can’t just keep throwing people at the problem – that in itself introduces risks and inefficiencies. With technology, you can improve operational and commercial efficiencies.” – Rob Fulcher, CUBE

How banks can effectively manage regulatory changes

Over a decade later, it’s clear that manual processes are not only expensive and slow but unable to provide the degree of regulatory intelligence required to tell organizations which regulations are relevant to their business and how to avoid compliance gaps. If manual processes were effective, enforcement fines would not have exceeded $321 billion in the last five years.

Ensuring compliance in a highly dynamic environment of banking regulation led to almost 15% of the sector’s workforce being deployed in governance, risk management, and compliance functions. To enable institutions to address ever-increasing regulatory complexity effectively, technology companies developed tools to address the need for automation in the GRC function.

Meanwhile, investments in regulatory software can lead to an ROI of 600% or even more with a payback period of fewer than three years. Today, there are 770+ RegTech startups operating around the world, 70+ of which are offering some of the most critical solutions for managing regulatory change – governance and regulatory reporting platforms.

One of the first-founded RegTech companies to recognize how extensive and voluminous regulatory requirements would become is CUBE. The company offers an enterprise-scale platform that operates throughout the compliance lifecycle to continuously monitor regulatory change, alert compliance and risk practitioners of the changes that impact the business, and enable rapid remediation to reduce compliance risk.

Currently, 1.5 million staff in 180 countries are consuming regulatory intelligence and managing regulatory change initiatives that are powered by CUBE. The platform delivers value to regulated financial institutions based on a four-step methodology from monitoring compliance status and managing regulatory change.


Source: CUBE

The 4-step methodology allows institutions to not only capture the regulatory change but provides the regulatory intelligence and analytical capabilities to understand the impact of regulatory change on a particular business.

CUBE is the only RegTech company to deliver a fully automated regulatory intelligence and change platform that spans the entire end-to-end compliance lifecycle across all jurisdictions, lines of business, and product types.

Financial institutions are utilizing CUBE to automate the regulatory change management process, typically to replace complex, interwoven manual processes that are time-consuming, costly, and reactive. Since CUBE’s customers operate in up to 180 jurisdictions, it requires a team of highly qualified regulatory professionals of a substantial size to manually identify relevant regulatory changes, the applicability, as well as the associated policies and controls impacted by the change.

A typical CUBE customer is heavily regulated, often by multiple regulators, which requires them to have adequately proportionate teams of highly skilled regulatory professionals responsible for managing regulatory change. With the accelerating pace of regulatory change and the pressure of enforcement institutions face today, the risks associated with manual management of important announcements are too high.

One of CUBE’s clients, a global investment bank headquartered in the US, employed a team of 20 highly qualified regulatory professionals to monitor all of their global regulators’ websites in approximately 70 jurisdictions in which they do business. This team was responsible for first identifying changes, then determining if those changes were applicable. Regulatory events that were deemed applicable were collected in spreadsheets and distributed to the relevant lines of business for review of impact. Further review was then completed to determine the risk, policies, controls impacted by the regulatory event/change and whether any action was required. The Regulatory Affairs team spent about three hours each day scouring regulators’ websites and publications.

By leveraging CUBE, the bank was able to automate the process of monitoring relevant regulatory changes and announcements. Lines of business and owners were automatically alerted to the change, as well as the associated policies and controls which were impacted by the change.

As a CUBE customer, the bank was able to redeploy the team to manage more high-value tasks, such as implementing and managing change to business processes and practices. The redeployment of the team to perform higher-skilled tasks lead to a substantial ROI for the bank.

“Regulatory compliance is mission-critical, and no bank can afford to get it wrong. The financial impact is pervasive. Failure to perform results in crippling enforcement fines, damaged reputation, lost customers & revenues, and depressed stock values. The most effective damage limitation strategy is to leverage cognitive technologies to manage regulatory change at enterprise scale, and to view life as a three-way partnership between your financial institution, your RegTech provider and the regulators.” – RegTech 2019 – What’s on the horizon? by Ben Richmond, Founder & CEO, CUBE

Learn more about how businesses can make sense and effectively manage regulatory changes at

Keep reading

See all blogs
How to Defend Against the Rise of SIM Swap Attacks

The Federal Trade Commission (FTC) received reports of a significant increase in SIM swap attacks in 2023, and Experian's 2024 scam forecast identified SIM swapping as one of the top threats, emphasizing the need for heightened awareness and preventive measures.

Mary Ann Miller
July 24, 2024
Fraud in the Age of AI: Meet the Shapeshifter

The COVID-19 pandemic not only changed the way we work and live, it also unleashed a wave of fraud unlike anything we've seen before.

Mary Ann Miller
July 18, 2024
Company News
Introducing Prove Link™ – Unlocking the Power of Identity for Any Business

To continue achieving our mission of accelerating trusted interactions on the internet, we’re proud to announce the introduction of the Prove developer self-service platform and the Prove LinkTM SDK. With these tools, it’s now faster and easier for any company to integrate our industry-leading identity technology into its brand operations.

July 16, 2024
Company News