The cost of ensuring cyber resilience has come down this year, but still quite high
Continuing regulatory change and data privacy & GDPR are seen as the top two challenges in the year ahead by compliance practitioners globally, according to the annual Cost of Compliance report by Thomson Reuters.
While enhanced monitoring and reporting requirements was identified by the respondents as the 3rd greatest challenge, they pointed to regulatory scrutiny and Implementation of regulatory change as the next two challenges.
Interestingly, when asked about the board’s greatest challenges in the year ahead, they identified the same challenge—continuing regulatory change—as the top challenges. However, they identified cyber security too as one of the top five challenges for the board. Of course, balancing compliance and commercial demands was identified as one of the top challenges for the board.
Thomson Reuters has carried out its annual survey on the cost of compliance and the challenges financial services firms expect to face in the year ahead. The survey is now in its ninth year and generated responses from over 800 compliance senior practitioners worldwide, representing global systemically important financial institutions (G-SIFIs), banks, insurers, broker-dealers, and asset managers, according to the firm.
As with prior years, the vast majority of firms (94%) are expecting their compliance team budget to remain the same or grow in the coming year. However, resources continue to be a challenge, as they need to keep pace with unrelenting regulatory change, evolving regulatory expectations and increasing personal liability.
Some 61% of firms are expecting an increase in their total compliance team budget in 2018 (14% increase).
Practitioners gave details on why they expect compliance team budgets to be slightly or significantly more in the coming year. Some of them are:
- Additional legislation
- Need for additional skilled and senior resources
- Developing internal policies and procedure
- Focus on implementing new regulatory requirements
- More training required
- Outsourcing specific services
- Compliance monitoring tools and activities
- Increased personal liability
The cost of assessing cyber resilience fell to 43% in 2018 as compared to 48% in 2017 and 2016). “The decrease could be associated with other areas picking up more of the work or perhaps the use of outsourcing. It would be a matter of concern if the decrease was due to a lack of required resources,” the report says.
Outsourcing remains a major factor in compliance strategy: Almost a quarter (24%) of firms continue to outsource all or part of their compliance functionality (28% in 2017, 24% in 2016). The drivers for compliance outsourcing included the need for additional assurance on compliance processes, a lack of in-house compliance skills and cost. Among the specific compliance activities outsourced were annual policy reviews and email reviews.