Analysis, Regulation & Supervision

Tackling the climbing cost of regulatory duplication

By Ellesheva Kissin
regulatory duplication
Image: Getty Images

Duplicative regulatory requirements are diverting a disproportionate amount of banks’ resources towards compliance. As banks push back against regulatory duplication, a proposal for a ‘regtech test’ aims to tackle the issue.

JPMorgan Chase CEO Jamie Dimon griped in his annual letter to shareholders this year that “the many overlapping rules [from regulators] contribute to the bureaucracy that generates an extraordinary amount of make-work [for banks]”.

He gave the colourful example of two separate documents the bank had to draft on similar topics: an 80,000-page Comprehensive Capital Analysis and Review and, coincidentally, another 80,000-page recovery and resolution plan.

Santander has even withdrawn its membership from the UK’s Lending Standards Board because of a perceived regulatory overlap. The UK subsidiary of Spain’s largest bank reportedly said the new Consumer Duty and impending fraud reimbursement rules, overseen by the Payment Systems Regulator, make the body redundant. 

Regulatory overlap is evident in the UK. Both the Financial Conduct Authority and the Prudential Regulation Authority have responsibilities for prudential regulation – while oversight of payments, the regulation of pensions, and policing of online scams are also split between various bodies. 

Calls to reduce the cost of regulatory compliance have intensified. The UK’s fintech industry body Innovate Finance has now called on the FCA to introduce a ‘regtech test’ to reduce duplicative requirements that it says make it hard for smaller firms to operate.

Regtech test: three ways firms could benefit

Create a ‘learning loop’ between regulated firms, vendors and regulators about the impact of policy on compliance technology and new innovations that could better meet regulatory objectives

Engage regulated firms earlier on in the policy-making process so they can consider the impact of new policies on their existing technology sooner, allowing time for more strategic approaches to technology change

Reduce the cost of compliance by avoiding duplication of requirements e.g. through the use of existing industry data standards and/or the re-use of current reporting processes

Source: Innovate Finance


The pain of overlapping regulation

As three Queensland University academics point out succinctly in a 2022 paper, “overlapping regulation can be problematic”. It obscures the policy objectives at hand and can inflict “real costs on businesses through repetitive inspections and data collection efforts”. 

A notorious example is the regulatory conflict between the Markets in Financial Instruments Directive, which requires banks to collect and retain more information about their customers, and the General Data Protection Regulation, which gives consumers the right to ask banks to erase their data.

“This has caused a compliance quandary for banks, requiring a greater investment in technology, operational processes, and personnel to develop and enforce controls around using, storing, sharing and deleting personal data,” says David Biggin, regulation expert at PA Consulting.

Despite this, UK regulators maintain they co-operate well. The FCA, BoE, Prudential Regulation Authority and Payments Systems Regulator annually review how well they co-operate – and this year they said they work together “well”, and “seek to avoid duplication in their requirements and engagement with industry”.

A 2018 paper by Matthew Turk at the Kelley School of Business, even tried to argue that overlapping rules could work well. “When overlapping rules are complements they create efficiencies, not redundancies,” he writes: “The unique complication that arises when evaluating overlapping rules is that they cannot be analysed in isolation, since whether they function well or not depends on how they interact.”

Regulatory duplication rife in ESG and fincrime regs

Emerging rules on environmental, social and governance matters are currently fraught with regulatory duplication, while nascent regimes stabilise. They are being developed at different speeds across the UK, European Union, and the US, driven by varying understanding of the issues, political pressures, and differing regulatory priorities in each location. 

Global banks have to keep up with a jumble of rules, using different methodologies in each jurisdiction. A UK subsidiary of a US bank currently needs to provide different ESG compliance reports to satisfy the US’s Securities and Exchange Commission, the FCA and possibly the EU too, depending on their legal structure.

The patchwork of rules “may be an area for a future [UK] government to review”, Biggin says, to make sure the form and function of regulators remains effective.

Banks also struggle with financial crime screening, says Che Sidanius, global head of financial crime and industry affairs at LSEG Risk Intelligence, by having to compare datasets of suspicious-person names that have no common format and any number of different spellings.

“There are 65 sanctions authorities and they’ll all put my name in very different formats. That makes it incredibly expensive and burdensome,” Sidanius says. 

“Whenever [banks] have to issue a suspicious transaction report, there is no standard way for them to report that data … all the financial intelligence units have their own standards around processes, which is incredibly expensive – each SAR on average costs about £5000,” he adds.

The average cost of financial crime compliance for UK firms is £194.6m, according to LexisNexis Risk Solutions. Total annual spend has increased by nearly a fifth from £28.7bn in 2020 to £34.2bn in 2022.

There is also growing concern around financial intelligence agencies’ ability to process the ballooning number of reports received.

How can regulatory duplication be remedied? 

The UK is taking steps to reduce technical overlaps with HM Treasury’s Future Regulatory Framework, which hopes to take advantage of the relative freedom offered by Brexit to streamline the country’s regulatory framework.

One such example is through the FCA’s bi-annual Regulatory Grid, which already serves as a form of ‘regulatory air traffic control’. 

But Brexit creates its own regulatory overlap headache. When implementing Basel III – globally agreed banking standards – the PRA chose to deviate from the EU in some areas, such as on the net stable funding ratio and treatment of software assets. 

The EU and UK are also developing separate-yet-similar approaches to operational resilience.

“Regulatory overlap is inevitable in a globalised banking market … national regulators often prioritise policy measures that are tailored to the structure of the local market or address recent failures in that location,” Biggin says.

Labour targets duplication

In the UK, Labour has proposed to consult the City on how to tackle regulatory duplication. 

As shadow City minister Tulip Siddiq wrote for Banking Risk & Regulation: “Working in consultation with the industry, a Labour government would identify overlaps and gaps in regulatory mandates across bodies including the Prudential Regulation Authority, the FCA, the Competition and Markets Authority, the Pensions Regulator, and the Payment Systems Regulator, improving regulatory ‘air traffic control’ and minimising bureaucracy.”

“This will reduce duplicative requirements and data requests that leave too many UK firms diverting a disproportionate amount of resources towards compliance..

Siddiq also wants the so-called ‘regtech’ mini-sector to bloom, to help promote cross-sectoral regulatory coordination with innovative solutions to banks’ regulatory burden.

Biggin says regtech is “vital” to managing overlaps between regulators: “Using regtech to capture, store and monitor compliance with regulatory obligations can reduce the manual compliance overhead and quickly identify potential conflicts in overlapping regulation.”

Read Next:

internal audit
Analysis, Risk Management
May 29, 2024

EU banks’ internal audit functions fall short, says ECB

European banks' internal audit function has escaped censure, until now
Read more