Rewriting The Regulatory Compliance Cookbook
Instead of delegating the regulatory compliance authority to the oversight bodies, to avoid a new financial crisis, the right approach would have been to analyse the accrued Governance, Risk Management and Compliance (GRC) failures, and to rewrite the compliance recipes based on facts. Regulators were rather slow to recognize the impending collapse of the financial system because a comprehensive compliance rule-book was unavailable in 2008.
From experience, we know that it is difficult for the oversight authorities to connect the disparate events that comprised the financial collapse and the following crisis as a coherent compliance rule-book was missing. The primary reason is the use of each regulatory issue as a separate legal implementation module, without connecting the GRC components together into a holistic compliance framework and rule-book.
Compliance without any significant value
To avoid another even severe financial crisis, politicians have given the keys to the Pandora box of compliance activities to the oversight authorities. They have in turn bombarded the financial sector with loads of Good Governance and Risk Management and Compliance (GRC) regulatory implementation, disclosures and reporting. The result is that financial institutions are now hiring GRC officers and personnel by the dozens, to check the box and fill in templates to document that they are in compliance without creating any significant value.
The result is that the board and senior management of big or small financial institutions no longer have the real authority to enforce GRC instructions in the organization. They have ceased to play a central role in identifying & optimising risk management to risk Intelligence. The GRC vulnerability of risk management is no longer based on the compliance culture of the financial institution, but primarily focused on GRC transactions & processes, that are de-facto addressed by the oversight authorities with a one-size-fits-all approach.
One of the missing links is the ability to scan the systems & regulating mechanisms that balance the long term costs/benefit of past GRC failures in any particular financial institution, and to restructure the GRC framework, architectures & internal process to a cost-effective, scale-able, enterprise compliance strategy.
Unconscious Compliance bias.
It seems that the above rather impatient delegation of compliance authority to oversight establishments, are probably based on inaccurate narratives of the financial rulebook on monitoring, management & compliance failures of the past. The lack of awareness and inaccurate risk narratives could not reflect the links between the housing market, the subprime mortgage market, and the financial instruments being used to package the mortgages into securities, causing the crash.
The result is a significant increase in compliance costs without any noteworthy improvement in compliance infrastructures with both regulators and stakeholders. Reinventing the wheel on each regulatory has resulted in operating costs on compliance-related technology & headcount to be >7% of total administration costs[1]. An estimated 20-40% of future compliance cost can be avoided if overlaps, duplication, models, transactions, reporting and record retention issues are addressed in an integrated, timely and structured manner[2].
The taxonomy of regulatory data.
On the other hand if the oversight authorities take a holistic approach not only to regulatory compliance but include the components of Governance, Risk Management and IT-Security the integration process will improve, and the results of the GRC driven compliance processes will help to define the optimal balance sheet structures in a given set of market conditions in the financial services division. http://www.copenhagencompliance.com/GRC3.html
The new regulatory framework for the authorities will provide insight into the company's processes to boost compliance preparedness and implementing adequate controls to monitor data and maintain quality across the entire GRC life-cycle in the new compliance rule-book. With the added cooperation management can acquire the IT tools or services that pull high-quality data from different areas of the business, so that risk analysis are the primary component for better decisions.
In a recent paper Why the Federal Reserve Failed to See the Financial Crisis of 2008: http://www.irle.berkeley.edu/workingpapers/111-14.pdf researchers from Berkeley University analyse the meeting transcripts of the US Federal Reserve's primary decision-making body, the Federal Open Market Committee (FOMC). They document that the FOMC had surprisingly little recognition that a serious economic meltdown was underway, even after the collapse of Lehman Brothers on September 15, 2008.
[1] https://www.kpmg.com/dutchcaribbean/en/Documents/Publications/The-cost-of-compliance-v2.pdf
[2] Thomson Reuters 2014, analysis on compliance costs.