In a period marked by high interest rates, elevated inflation, increased regulatory oversight and the economic environment in general, bank compliance and risk management leaders are experiencing heightened anxiety and concern regarding the challenges of regulatory management. That’s the biggest takeaway from the 2023 annual Wolters Kluwer Regulatory & Risk Management Indicator survey of lender concerns about regulatory and risk trends.
The survey was developed to methodically collect key trend information on the breadth and depth of regulatory and risk concerns among lenders. It includes a “main score” that offers a snapshot of the compliance landscape that lenders must navigate; the higher the score, the larger the regulatory concern. The score jumped 25 points, from 94 in 2022 to 119 in 2023.
“The survey found a threefold increase in regulatory fines: a surge to $3.9 billion in 2023 from $1.3 billion in 2022.”
Several factors contributed to the increase in the main score. The primary driver from the latest survey results is a significant increase in the dollar amount of fines and dollar penalties imposed as part of agency enforcement actions. Also influencing the outcome is heightened concern about managing compliance and risk at a time marked by new regulations, as well as new supervisory and policy responses amid what can be characterized as turbulent economic conditions.
Soaring penalties
The survey found a threefold increase in regulatory fines: a surge to $3.9 billion in 2023 from $1.3 billion in 2022. Some of the increase in the dollar amount of penalties is simply due to timing. But the increase also shows that regulators are clearly using the full range of enforcement tools available to address noncompliance and risk issues in the industry.
The survey results illustrate that the consequences of noncompliance are steep and real. Enforcement actions carry not only a dollar cost, but often disrupt business plans and do reputational damage.
Keeping current with changing regulations continues to rank consistently as a top challenge. The responses reflect concerns, as they have in prior years, about addressing new rules such as the modernized Community Reinvestment Act (CRA) regulations and the Consumer Financial Protection Bureau’s (CFPB) new regulations for small business lending that implement Dodd-Frank Section 1071, in addition to ongoing changes to existing requirements.
In fact, 74% of the respondents indicated they were very or moderately concerned about their institution’s ability to implement the small business lending regulations, most notably with training staff, upgrading systems and accurately capturing data. The survey showed that regulations on unfair and deceptive lending practices drew high levels of concern, as well as CRA and fair lending laws. An interesting corollary to those results is a measurable increase in perception around examiner scrutiny of fair lending practices.
Managing regulatory change requires a disciplined, enterprisewide approach. The deployment of technology as part of that approach is viewed as essential by the respondents, with 45% ranking it as the most important component of a regulatory change management program.
Major obstacles
Survey respondents also discussed the top obstacles to implementing effective compliance and risk management programs. The importance of a compliance management system (CMS) is well understood in the financial services industry and something on which regulators focus extensively.
When asked what the major obstacles are to implementing an effective CMS, a full 50% of respondents cited manual processes, followed by competing business priorities (46%) and inadequate staffing (43%).
The survey also asked how frequently manual processes and spreadsheets are used as a primary means for managing regulatory compliance. A full 90% of those surveyed responded that they are often or sometimes using manual processes. These manual processes bring a panoply of issues detrimental to the proper execution of a compliance management system that are exacerbated during active regulatory periods, such as the one being experienced today.
When asked about their enterprise risk management plan — a framework of identifying and methodically addressing risks — 21% of respondents say they have implemented a formal program, up from 19% last year. A larger segment of respondents either characterized their organizations as ones that use a well-defined program but lack consistency (18%), or just understand and manage risks without a formal program (36%). That matters, because institutions with healthy and maturing enterprise risk management programs are often better equipped to absorb challenges more readily, among other things.
Economic conditions
Economic factors are receiving considerable attention in enterprise risk business planning. The survey asked respondents to calibrate the degree they are weighing certain environmental factors in their plans.
The most heavily weighted factor was interest rate increases, with 74% of the respondents indicating it was receiving significant consideration, followed by ransomware attacks (65%), inflation concerns (54%) and loan default risk (53%). The high percentage for rising interest rates, perhaps not surprising given the current environment, eclipsed ransomware attacks, the perennial leader until this year’s survey.
As the Office of the Comptroller of the Currency (OCC) noted last fall, “banks continued to navigate a higher interest rate environment, uncertain economic climate, and fallout from the failure of three regional banks.” The OCC further noted that banks’ outlooks will hinge on their ability to manage those elevated interest rates, higher funding costs, potentially weaker demand for loans and deteriorated credit quality.
Looking ahead
The survey, now in its 11th year, was conducted from July 20 to Sept. 11, 2023. What do last year’s results bode for 2024? The survey findings reinforce the importance of comprehensive compliance and risk management across the enterprise. That includes:
- Robust regulatory change management programs, particularly an up-to-date library.
- A strong enterprise risk management program including compliance, operational, and third-party risk management systems.
- Use of technology to manage risk and compliance companywide.
Finally, the cost of addressing problems that ultimately lead to enforcement actions is often demonstrably less than the direct and indirect costs of the associated fines and penalties. Learning from those enforcement actions by turning a critical eye internally to whether your institution has similar issues, and then proactively managing any identified risk is an important step in avoiding future problems. ●
