Key insights:

• • • Non-compliance is significantly more expensive than compliance 鈥� Data consistently shows the cost of non-compliance can be greater than proactive compliance investments.

    • Reputational damage and hidden costs often outweigh direct fines 鈥� Beyond financial penalties, the damage from legal fees, loss of customer trust, and operational disruptions from non-compliance can inflict long-term harm.

    • Strategic investment in compliance yields a competitive advantage 鈥� A robust compliance program builds trust, attracts investors, and demonstrates greater operational resilience in a complex regulatory landscape.

There’s a persistent myth in the business world that compliance programs are a necessary burden, a line item to be minimized and managed rather than invested in strategically. The data tells a very different story, however, and it has for quite some time. For organizations still treating compliance as an overhead expense, it’s time to reconsider the math and view the broader strategic picture.

The numbers don’t lie: Non-compliance costs more

Non-compliance costs are 2.65-times the cost of compliance itself, a finding that dates back to the of multinational organizations. While the average cost of compliance for the organizations in that study was $3.5 million, the cost of non-compliance was much greater. That means simply by investing in compliance activities, organizations can help avoid problems such as business disruption, reduced productivity, fees, penalties, and other legal and non-legal settlement costs.

According to a later report from from 2017 (the most recent set of analytical data on the subject), the numbers have only grown more striking. The study showed that average cost of compliance increased 43% from 2011 to 2017, totaling $5.47 million annually. However, the average cost of non-compliance increased 45% during the same time frame, adding up to $14.82 million annually. The costs associated with business disruption, productivity losses, lost revenue, fines, penalties, and settlement costs add up to 2.71-times the cost of compliance.

And these non-compliance costs from business disruption, productivity losses, fines, penalties, and settlement costs, among others aren’t simply abstract risks. They’re real, recurring, and measurable, and they don’t stop with the fine itself.

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance.

This gap between compliance and non-compliance provides evidence that organizations do not spend enough of their resources on core compliance activities. If companies spent more on compliance in areas such as audits, enabling technologies, training, expert staffing, and more, they would recoup those expenditures and possibly more through a reduction in non-compliance cost.

While the math here is straightforward, the strategic case is even clearer. Compliance isn’t overhead; rather, it’s an investment with a measurable, proven return.

The hidden costs: Legal fees, fines & reputational fallout

Regulatory fines get the headlines, but they represent only part of what non-compliance actually costs an organization 鈥� a cost that has only risen over time. As of February, a total of 2,394 fines of around 鈧�5.65 billion have been recorded in the database, which lists the fines and penalties levied by European Union authorities in connection with its General Data Protection Regulation (GDPR).

Beyond the fines themselves, legal costs are a significant and often underestimated component of non-compliance. Regulatory norms are shifting constantly and navigating them requires specialized expertise. As quickly as the rules change, outside counsel and compliance specialists must keep pace, and that knowledge comes at a price. Every alleged compliance violation triggers an immediate need to engage qualified counsel, adding to a cost burden that compounds quickly and unpredictably.

Then there is reputational damage, perhaps the most enduring consequence of all. The cost of business disruption, including lost productivity, lost revenue, lost customer trust, and operational expenses related to cleanup efforts, can far exceed regulatory fines and penalties. Consider , whose compliance failures around its anti-money laundering (AML) efforts became a cautionary tale for the industry. TD Bank’s massive $3 billion in fines from US authorities wasn’t just the result of a few missteps; rather, it was caused by years of deep-rooted failures in its AML program, pointing to a culture that prioritized profit over compliance.

The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance.

TD Bank’s failure to make compliance a priority not only led to a huge fine but also seriously damaged its reputation, with revising TD’s outlook to negative in May 2024, where it remains. This is the kind of a reputational stigma that can take years to repair.

Leveraging compliance as a competitive advantage

There is also a positive side of the ledger that often goes unacknowledged. A robust compliance program signals to investors, partners, and clients that an organization is well-governed and trustworthy. That reputation doesn’t just retain market value; it actively attracts it.

Organizations that cut corners in compliance risk engaging in a short-sighted, high-risk strategy that will ultimately result in a negative outcome for the organization. Businesses that take compliance seriously tend to operate with greater predictability, fewer surprises, and stronger stakeholder confidence.

The 2017 Ponemon and Globalscape and study found that, on average, only 14.3% of total IT budgets were spent on compliance then, not much of an increase from the 11.8% reported in 2011. This clearly indicates that organizations are underspending on core compliance activities in the short term and aren’t prepared to allot further resources as the years go on. That gap represents not just risk, but a clear missed opportunity.

“The findings from both the 2011 and 2017 studies provide strong evidence that it pays to invest in compliance,鈥� explains Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute. 鈥淲ith the passage of more data protection regulations that can result in costly penalties and fines, it makes good business sense to allocate resources to such activities as audits and assessments, enabling technologies, training, and in-house expertise.”

The organizations that recognize compliance as a strategic function, not a reactive one, are the ones that will earn the trust of clients, the confidence of investors, and the operational resilience to weather an increasingly complex regulatory environment. The data is clear, and the choice is a critical one.

Please add your voice to 成人VR视频鈥� flagship , a global study exploring how the professional landscape continues to change.听

As workloads are increasing, there is also a limit on the finite resources available to manage these growing compliance burdens. These concerns are compounded by a diverse and expanding range of subject areas with which compliance officers need to be familiar as well as an expectation of a greater volume of regulatory change. This larger picture is set against increased costs and difficulties in recruiting skilled compliance staff.

Overall, survey respondents outlined a sector that held greater responsibility but also contained practical operational challenges that threaten to undermine efforts to provide their firms with the level of compliance support required in today鈥檚 environment.

成人VR视频 Regulatory Intelligence鈥檚 14th annual survey of compliance leaders 鈥� distilled into the 鈥� was undertaken against this backdrop. The report explores the challenges that compliance officers face in 2023 and exposes the depth of issues that compliance leaders have encountered. The survey was taken of more than 350 practitioners, representing global systemically important banks (G-SIBs), other banks, insurers, asset and wealth managers, regulators, broker-dealers, and payment services providers mainly in the United States, the European Union, and the United Kingdom.

Overall, survey respondents outlined a sector that held greater responsibility but also contained practical operational challenges that threaten to undermine efforts to provide their firms with the level of compliance support required in today鈥檚 environment.

Some of the key findings of the annual report include:

• • • The volume of regulatory change was expected to increase and was seen as a key compliance challenge for boards and compliance officers.
    • Cost pressure and balancing competitive and compliance pressures were reported as key challenges, yet 45% of respondents did not monitor their cost of compliance with regulations across their organizations.
    • One-third of respondents expected compliance teams to grow, and the cost of compliance staff was also expected to increase, while turnover of staff and budgets remain at 2022 levels. An increase in the number of firms using outsourced providers for their compliance functionality was also reported.
    • Retaining skilled resources is seen as essential to deliver on a growing range of subjects with which the compliance function is involved. The recruitment of the appropriate talent comes at a cost, and the appeal of becoming a compliance officer has been reduced due to the potential for increased personal liability.
    • Low staff morale is emerging as a key conduct risk for many financial services firms. This may lead to wider noncompliance issues due to staff error or manipulation. Couple this with the identification of cybersecurity as a prominent culture and conduct risk, and it becomes more important for firms to ensure internal security controls are robust.
    • Firms operated an effective compliance culture despite the conduct and culture risks, with respondents predicting they will spend more time on culture and conduct issues in 2023.

The findings of this annual report are intended to help financial services firms with planning and resourcing while allowing them to benchmark their own approaches with those of the wider industry. The experiences of the G-SIBs are analyzed where these can provide a sense of the stance taken by the world’s largest financial services firms.

You can download a full copy of 成人VR视频 Regulatory Intelligence鈥檚 , here.

The recoil from the 2008 financial crisis changed compliance’s standing across the world. Governments reversed light-touch policies and once supine regulators harried firms听about听breaches and anti-money laundering (AML) failings. Not surprisingly, new regulations followed, such as the European Union’s听, the听, the 听and the 听(MiFID II). With more regulation to comply with and dire penalties for breaches (听for AML alone in 2016), firms boosted compliance headcount and budgets as regulatory focus broadened around the world, notably in the United Kingdom, mainland Europe, the Asia-Pacific region, and the Middle East.

“Substantial regulatory enforcement in the 2010s, especially by regulators and government agencies in the United States, drove significant investment in financial crime functions,” says Tom Salmond, a UK financial services partner at EY. “This was accompanied by multi-year programs to remediate historic issues, tighten up existing policies, implement new systems, and build stronger data and operational capabilities.”

Fresh challenges

Firms hardly loved the extra expense 鈥� a mindset that compliance stops the company from doing business lingered at large firms and persists at some smaller ones 鈥� but leaders realized the necessity of the compliance function. Spending on compliance often peaked while firms built up teams and systems, but EU and UK regulators have made it clear they must maintain effective compliance.

“Some firms have reduced teams from previous highs as they were in a change mode and now are in ‘business-as-usual,’鈥� says Mark Spiers, a partner in the regulatory consulting firm Bovill in London. 鈥淗owever, those resources still need to be adjusted over time according to the risks faced by the particular firms.”

A downside of having substantial resources, however, is that senior management assumes听compliance can undertake more tasks, especially when economic uncertainty means cost reductions are sought. Today, fresh challenges requiring compliance input include the regulatory consequences of data- and cybersecurity breaches, expanding climate impact reporting, guided investment in environmental, social, and governance (ESG) initiatives, and firms exploring the opportunities of the crypto-sphere.

Regulatory听onslaught

Further, regulation keeps evolving and compliance has to ensure that its systems and processes will keep up. The EU is听听in some existing regulation, including MiFID II and the听. Also, major new regimes such as the听听and the听听are expected to take effect in in 2023 or 2024. And the UK’s new听听applies from next July, while the听听proposes substantial changes to the mechanisms of regulation.

To better keep up, many financial firms have split the responsibilities for financial crime and other conduct compliance areas to separate internal units, but those UK practitioners preparing for the Consumer Duty have a busy time ahead of them, Spiers explains.

“The largest challenge for many UK-focused firms at the moment will be the uplift required by the Consumer Duty,” Spiers adds. “This is a large piece of work for firms and will require an assessment phase followed by, in some cases, substantial investment in data and management information capabilities to ensure that the firm is achieving consistently good customer outcomes over the product, service, and client lifecycle.”

Fight for talent

Perhaps the most insidious problem facing financial firms鈥� compliance functions cannot be solved by chucking money at it, even if firms were willing to. There is an international dearth of high-quality professionals 鈥� especially those who combine compliance and rare technical skills. These specialized professionals are in growing demand as the function’s involvement in areas such as digital security, ESG, and crypto-finance increases.

“Compliance teams are facing heavy and increasing workloads, with a scarcity of some very technical skills in areas such as sanctions,” Salmond says.

Skills shortages also affect efforts to make compliance more efficient by using more regtech and AI, because the experts that can bring that efficiency are in high demand across much of the economy.

“The fight for talent runs across the entire ecosystem,” Salmond says, adding that traditional financial institutions, fintechs, technology vendors, and consulting firms are all competing heavily for suitably skilled staff.

Firms should also not expect regtech and AI in themselves to be an instant solution that slashes the need for expensive compliance headcount. Many technology packages have been available for years and most provide a “digital compliance framework” comprised by a range of tools, the majority of which require human input, Spiers notes. 鈥淢aking compliance easier, achieving good client outcomes, and reducing financial crime at scale requires data and tools to analyze the business 鈥� and the interaction of people with the existing technology tools in the digital compliance framework is key.”

Further, like many change projects, adopting new compliance technology puts additional strain on teams in the short term and requires careful planning to implement effectively. Although compliance consulting firms are commonly called in to help financial firms scale up their business or adapt to regulatory changes, they are now frequently commissioned to help firms integrate technology and the human team.

“Our clients are indeed struggling with finding the balance of people and squaring the promise of elements within the future digital compliance framework with the reality of the tools available today,” Spiers says. 鈥淲e are frequently called to help them implement, tune, or support elements of their digital compliance framework and augment resources to provide that human brain support.”

This article was written by Tim Hitchcock of the 成人VR视频 Regulatory Intelligence team.

成人VR视频 Regulatory Intelligence鈥檚 (TRRI鈥檚) , focuses on the challenges expected to be faced by risk and compliance functions within financial services firms in 2022. The report is based on a survey that generated responses from almost 500 practitioners worldwide, representing global systemically important banks, banks, insurers, asset and wealth managers, regulators, broker-dealers, and payment services providers.

You can download a copy of 成人VR视频 Regulatory Intelligence鈥檚 (TRRI鈥檚) newly published 13th annual 听here

The survey questions remained largely the same as the previous year, and the survey closed before the Russian invasion of Ukraine and the resulting widespread sanctions. The shifting priorities highlighted in the survey results will only have been exacerbated by the myriad sanctions imposed on Russia.

Last year鈥檚 pointed to a need for compliance officers to focus on planning for the future and developing a vision to manage their firms鈥� evolving compliance and regulatory risks.

The new 2022 report and survey shows the difficulties that compliance officers are experiencing as they try to plan for the future. Competing priorities are compounded by tightening budgets and potential shortages of skilled professionals. Compliance functionality is a fundamental part of the in-house core competency required to secure the long-term future of financial services firms, but many are struggling to meet their commitments while maintaining an appropriate risk and compliance culture.

The demand for compliance skills has increased substantially in the last few years, the report shows. The regulatory environment has diversified, with developments occurring in many areas, such as crypto-assets, fintech, artificial intelligence, third-party management, operational resilience, and cybersecurity. The range of regulatory topics for which compliance is now expected to provide senior managers with assurance has increased. There is also emerging evidence that the compliance function is having to work much harder to continue to be heard at the highest level of the firm.

The 2022 results show a frustration among respondents that, despite compliance鈥檚 widening duties, staff numbers are unlikely to grow, mostly because staff costs are increasing and budgets remaining tight. Add to this the increases in personal liability for compliance officers, and it鈥檚 perhaps easy to see why capable individuals may be deterred from joining the profession and experienced personnel may choose to leave.

Outsourcing, new technology, and regulatory technology may step in to plug some of the gaps, but all these resources will need to become more sophisticated to make the type of changes required by compliance functions.

According to the new report, the greatest compliance challenges that boards expect to face in 2022 include:

Further, the 2022 report briefly explores some of the main regulatory developments and other drivers that have contributed to the heightened demand for skilled compliance officers as well as the challenges compliance officers are facing.

The findings in the report are intended to help financial services firms with planning and resourcing while allowing them to benchmark their own approaches with those of the wider industry. The experiences of the global systemically important banks are analyzed where these can provide a sense of the stance taken by the world鈥檚 largest financial services firms.

What does the ideal future of the compliance function now look like?

鈥淚 am concerned compliance is moving backwards, not forwards. That鈥檚 due to other challenges 鈥� supply chain, pandemic, and non-pandemic issues 鈥� that we鈥檙e getting less budget, getting more isolated, and returning to check-the-box type of compliance management. We鈥檙e in danger of losing the progress we鈥檝e made rather than moving forward into a future state, ideal or not.鈥�

鈥� Anonymous, United States of America

In some firms there may be a perspective that technology could reduce the need for compliance functions. In fact, the increased popularity of regtech is a step down this path; however, technological solutions are often immature and need to show their value before they鈥檙e widely accepted. It is imperative that compliance functions, whether manual or automated, showcase their value and necessity to senior managers. A well-resourced, skilled, and managed in-house compliance function remains the most effective way of delivering high-quality compliance at a firm. Indeed, compliance skills are a core competency, and an appropriately resourced compliance function is a key way in which a firm can ensure that it continues to thrive.

Strong compliance functionality is difficult to achieve especially in the current climate. Firms should consider a wholesale review of their internal compliance strategy. A board-sponsored directive that the compliance function evaluate the firm鈥檚 post-pandemic position, the impact of new geo-political tensions, the refreshing of skills, and a continued investment in digital transformation all may go some way to untangling competing priorities that compliance leaders now face.

TRRI thanks all respondents for their participation in the survey, offering a continued assurance that responses will remain confidential unless permission to include an anonymized quote has been received.

The special report will be featured on the Compliance Clarified podcast which is available on听,听, and听.

You can see report co-author Susannah Hammond here.