The Hidden Costs — And Risks — Of Legacy Compliance Management Systems

0
182


As governments around the globe tighten online regulations, businesses that rely on legacy compliance management systems (CMS) risk not only falling behind the real-time regulatory environment, but also lagging behind competitors that have modernized compliance and can now automate, streamline and optimize overall compliance management.

The housing crash of 2007-2008 and the Great Recession that followed triggered an array of regulatory changes, most notably the Dodd-Frank Wall Street Reform and Consumer Protection Act, which overhauled regulations on the financial services industry.

Meanwhile, the rise of new technologies, such as digital payments and cryptocurrency, as well as a lack of regulatory continuity across jurisdictions, added to the problem. Now, these pressures are combining to accelerate both the pace of change and the overall complexity of compliance management.

Legacy compliance change management solutions were built as monolithic platforms intended to serve a broad horizontal market. Designed for consultant-led initiatives, they were intended to be deployed across varied sectors, such as financial services, insurance and healthcare.

As a result, legacy CMS is inherently difficult to deploy, onboard and keep updated. Moreover, most legacy solutions are entirely rules-based, rather than leveraging advanced tools like AI and machine learning.

Legacy Baggage Adds Numerous Hidden Costs

Monolithic legacy systems are also difficult to manage and upgrade. The systems are not maintained with frequent patches, and many of them are on-premise, meaning that your IT staff is completely responsible for patching, maintaining and managing these systems.

Those operational costs add up quickly. Boston Consulting Group estimates that between 2008 and 2016, financial organizations spent more than $320 million on tracking enforcement actions (EAs) alone.

The overall total cost of ownership (TCO) of legacy CMS (beyond EA tracking) is harder to estimate. According to a Thomson Reuters survey, compliance costs are a black box for many financial organizations, since their overall compliance efforts are poorly defined and loosely managed.

Those are just the operational costs. When you add the cost of noncompliance to the equation, that’s when the TCO of legacy CMS becomes too high (and risky) to ignore. Boston Consulting Group found that regulators issued $321 billion in fines to global financial institutions between 2008 and the end of 2016; BCG also found that $42 billion in fines were levied in 2016 alone.

Smoothing The Transition

Legacy, on-premise CMS designs predate the widespread adoption of cloud computing and software as a service (SaaS). The cloud/SaaS wave has given businesses the ability to adopt best-of-breed solutions without sacrificing any of the advantages that all-in-one CMS software used to provide, but no longer delivers.

With streamlined deployment cycles, intuitive user interfaces, automated workflows and APIs that seamlessly mash up business tools, best-of-breed software eliminates errors, streamlines compliance and frees compliance officers from time-consuming, error-prone manual processes.

The shift to best-of-breed has already happened with other cloud/SaaS tools, including cybersecurity, ERP, CRM and many others. Expensify (expense management), Zenefits (HR), and Gusto (payroll) are just a sampling of cloud-based business-critical tools that have achieved mainstream acceptance by providing interoperable, focused business solutions for teams within organizations.

Business may be cautious, but compliance professionals are eager to modernize. Research firm Research and Markets predicts that the global RegTech market will expand from $4.3 billion in 2018 to $12.3 billion by 2023.

Thomson Reuters surveyed more than 500 compliance and risk professionals and found that RegTech is beginning to “shape compliance,” with 52% of respondents saying that RegTech solutions “were affecting how they managed compliance” and nearly a fifth (17%) reporting they have already implemented one or more RegTech solutions. Meanwhile, 76% of industry disruptors are planning to replace their legacy applications within the next five years.

Regulators Embrace Best-Of-Breed Software

The fast-paced mainstreaming of best-of-breed RegTech software has led regulators — typically a slow-moving lot — to embrace change. The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) believes that a failure to integrate CMS into decision making processes — a tall task with outdated, manual systems — can have wide-ranging negative consequences.

“The consequences may include missed business opportunities, losses, failure to comply with laws or regulations, or deficient practices (including those that are unsafe or unsound) that could lead to enforcement actions, including CMPs (Civil Money Penalties)” the OCC notes in its latest Compliance Management Systems handbook.

Financial Industry Regulatory Authority (FINRA) is even more direct with its guidance. “As financial services firms seek to keep pace with regulatory compliance requirements, they are turning to new and innovative regulatory technology (RegTech) tools to assist them in meeting their obligations in an effective and efficient manner,” a recent FINRA RegTech white paper notes. “These RegTech tools may facilitate the ability of firms to strengthen their compliance programs, which in turn has the potential to create safer markets and benefit investors.”

Clearly, the time to modernize compliance management is now. The risks are too high and the benefits accruing to RegTech early adopters are too great to put off modernization for even one day more. After all, it takes only a single enforcement action to turn the CMS status quo into a disaster.

Getting Started With RegTech

There’s no reason to reinvent the wheel here. Compliance departments should follow the lead of other SaaS adopters. Consult with your colleagues who have adopted best-in-breed SaaS for everything from HR to CRM to testing and development.

Ask them the following: What made your shift a success? What mistakes should we avoid? How do we future-proof our approach? What should we outsource to the service provider, and what must we keep in-house?

But be careful to prioritize the factors that regulators care about. Is your compliance change management process transparent? Is it repeatable and auditable? Is it agile enough to adapt to future changes?

Answer questions like these, and not only will you limit your risk exposure, but you may be able to automate, streamline and optimize compliance management to the point that it becomes a competitive advantage.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives.
Do I qualify?

“>

As governments around the globe tighten online regulations, businesses that rely on legacy compliance management systems (CMS) risk not only falling behind the real-time regulatory environment, but also lagging behind competitors that have modernized compliance and can now automate, streamline and optimize overall compliance management.

The housing crash of 2007-2008 and the Great Recession that followed triggered an array of regulatory changes, most notably the Dodd-Frank Wall Street Reform and Consumer Protection Act, which overhauled regulations on the financial services industry.

Meanwhile, the rise of new technologies, such as digital payments and cryptocurrency, as well as a lack of regulatory continuity across jurisdictions, added to the problem. Now, these pressures are combining to accelerate both the pace of change and the overall complexity of compliance management.

Legacy compliance change management solutions were built as monolithic platforms intended to serve a broad horizontal market. Designed for consultant-led initiatives, they were intended to be deployed across varied sectors, such as financial services, insurance and healthcare.

As a result, legacy CMS is inherently difficult to deploy, onboard and keep updated. Moreover, most legacy solutions are entirely rules-based, rather than leveraging advanced tools like AI and machine learning.

Legacy Baggage Adds Numerous Hidden Costs

Monolithic legacy systems are also difficult to manage and upgrade. The systems are not maintained with frequent patches, and many of them are on-premise, meaning that your IT staff is completely responsible for patching, maintaining and managing these systems.

Those operational costs add up quickly. Boston Consulting Group estimates that between 2008 and 2016, financial organizations spent more than $320 million on tracking enforcement actions (EAs) alone.

The overall total cost of ownership (TCO) of legacy CMS (beyond EA tracking) is harder to estimate. According to a Thomson Reuters survey, compliance costs are a black box for many financial organizations, since their overall compliance efforts are poorly defined and loosely managed.

Those are just the operational costs. When you add the cost of noncompliance to the equation, that’s when the TCO of legacy CMS becomes too high (and risky) to ignore. Boston Consulting Group found that regulators issued $321 billion in fines to global financial institutions between 2008 and the end of 2016; BCG also found that $42 billion in fines were levied in 2016 alone.

Smoothing The Transition

Legacy, on-premise CMS designs predate the widespread adoption of cloud computing and software as a service (SaaS). The cloud/SaaS wave has given businesses the ability to adopt best-of-breed solutions without sacrificing any of the advantages that all-in-one CMS software used to provide, but no longer delivers.

With streamlined deployment cycles, intuitive user interfaces, automated workflows and APIs that seamlessly mash up business tools, best-of-breed software eliminates errors, streamlines compliance and frees compliance officers from time-consuming, error-prone manual processes.

The shift to best-of-breed has already happened with other cloud/SaaS tools, including cybersecurity, ERP, CRM and many others. Expensify (expense management), Zenefits (HR), and Gusto (payroll) are just a sampling of cloud-based business-critical tools that have achieved mainstream acceptance by providing interoperable, focused business solutions for teams within organizations.

Business may be cautious, but compliance professionals are eager to modernize. Research firm Research and Markets predicts that the global RegTech market will expand from $4.3 billion in 2018 to $12.3 billion by 2023.

Thomson Reuters surveyed more than 500 compliance and risk professionals and found that RegTech is beginning to “shape compliance,” with 52% of respondents saying that RegTech solutions “were affecting how they managed compliance” and nearly a fifth (17%) reporting they have already implemented one or more RegTech solutions. Meanwhile, 76% of industry disruptors are planning to replace their legacy applications within the next five years.

Regulators Embrace Best-Of-Breed Software

The fast-paced mainstreaming of best-of-breed RegTech software has led regulators — typically a slow-moving lot — to embrace change. The U.S. Treasury Department’s Office of the Comptroller of the Currency (OCC) believes that a failure to integrate CMS into decision making processes — a tall task with outdated, manual systems — can have wide-ranging negative consequences.

“The consequences may include missed business opportunities, losses, failure to comply with laws or regulations, or deficient practices (including those that are unsafe or unsound) that could lead to enforcement actions, including CMPs (Civil Money Penalties)” the OCC notes in its latest Compliance Management Systems handbook.

Financial Industry Regulatory Authority (FINRA) is even more direct with its guidance. “As financial services firms seek to keep pace with regulatory compliance requirements, they are turning to new and innovative regulatory technology (RegTech) tools to assist them in meeting their obligations in an effective and efficient manner,” a recent FINRA RegTech white paper notes. “These RegTech tools may facilitate the ability of firms to strengthen their compliance programs, which in turn has the potential to create safer markets and benefit investors.”

Clearly, the time to modernize compliance management is now. The risks are too high and the benefits accruing to RegTech early adopters are too great to put off modernization for even one day more. After all, it takes only a single enforcement action to turn the CMS status quo into a disaster.

Getting Started With RegTech

There’s no reason to reinvent the wheel here. Compliance departments should follow the lead of other SaaS adopters. Consult with your colleagues who have adopted best-in-breed SaaS for everything from HR to CRM to testing and development.

Ask them the following: What made your shift a success? What mistakes should we avoid? How do we future-proof our approach? What should we outsource to the service provider, and what must we keep in-house?

But be careful to prioritize the factors that regulators care about. Is your compliance change management process transparent? Is it repeatable and auditable? Is it agile enough to adapt to future changes?

Answer questions like these, and not only will you limit your risk exposure, but you may be able to automate, streamline and optimize compliance management to the point that it becomes a competitive advantage.

Read More

LEAVE A REPLY

Please enter your comment!
Please enter your name here