Can Small Firms Really Stay Compliant?

By Shira Rottner At Shield (www.shieldfc.com)

Whether you are the biggest banking conglomerate or the smallest financial business, there is at least one thing you have in common – the legal and moral obligation to adhere to financial regulations.

Well written and conceived regulations are designed to ‘level the playing field’ for competing businesses, as well as protecting them and clients from potential breaches and the punitive and reputational issues associated with these.

However, falling foul of the regulator is arguably an even greater risk for Small to Medium Sized Enterprises (SMEs). Many large businesses can ‘cover’ the cost of a hefty fine (and survive the reputational damage in the long-term), but for a smaller firm it can prove fatal. If the fine itself doesn’t cripple the business, the reputational damage to a ‘challenger brand’ may well strike the fatal blow.

Same issues, different resources

Being under the same regulatory requirements, financial firms of all sizes face very similar challenges in terms of the way they must meet regulatory requirements. However, in the real world we all know there are considerable differences in the compliance resources of an SME firm compared to a Tier One bank for example.

Most larger enterprise businesses will have a compliance department, team or function of some description. Inevitably a small business (with perhaps a handful of employees) will struggle to find the resources to dedicate solely to compliance.

In fact, many smaller businesses are unable to do much more than the minimum with regards to compliance monitoring. Regrettably for many this means taking a certain level of risk and hoping they do not draw the regulator’s attention.

If you speak to many small financial business (as I do) you start to learn that many don’t have specific compliance monitoring at all, often due to confusion and ignorance of the risks.

Tightening regulations

Naturally all financial businesses will face the need to address their compliance monitoring abilities at some point and that culminated recently for many SMEs when they received the ‘Dear CEO’ letter from the FCA. This was sent to UK brokers outlining the focus points it will enforce and encouraging the firms to actively take measures to prevent breaches if they wish to avoid fines.

To add further stress to all financial businesses (and SMEs in particular), the Senior Managers and Certification Regime (SMCR) comes into effect on 9^th December 2019 and increases personal accountability of senior people in the financial services industry. This will create a ‘perfect storm’ that could be very dangerous for under-prepared firms and the individuals that run them.

SME struggles

The risks are clear, but SMEs obviously must juggle these with the realities of the resources available. Many of these businesses have their compliance function as part of their operations or risk departments and therefore must share the same resources.

Many SMEs have a number of very specific struggles to overcome as well. There is the practical difficulty of keeping up with regulatory changes (sometimes on a monthly or even weekly basis). The IT resources are another area of frequent limitation, many SMEs don’t have a dedicated IT team (or even individual) and choose to outsource this for convenience and cost.

Linked to a limited IT resource is the issue of data silos and the difficulties this causes in accurately monitoring compliance. Often small businesses struggle to update their systems and consequently end up running ‘legacy’ systems for extended periods to recoup maximum ROI.

All these factors combined make the challenge of compliance monitoring even harder!

Reliable compliance monitoring on a budget

Despite these apparently insurmountable challenges, it is completely possible to manage effective compliance monitoring – but it means looking closely at your business, its processes and IT systems and investing in the right automation technology to tackle it.

The first stage is to accept that a manual process of compliance monitoring and investigation simply doesn’t work anymore. This approach is expensive but also unreliable and completely inefficient. It is all too easy to save compliance data on a spreadsheet or on a designated platform, but this adds to the problem of siloed storage and makes investigating data very difficult and time-consuming. Unfortunately, many smaller organisations don’t fully understand their data requirements or even appreciate they have a data issue at all, so this needs to be addressed first.

For organisations that do understand their data requirements the issue of siloes can be overcome, but it requires the automated collection of data to be effective.  Moving forward, all data needs to be stored in a central location to make compliance investigation more efficient and prepared for future data requirements.

It’s also very tempting to ‘rip and replace’ legacy systems straight away, but actually if you look to upgrade and migrate the data immediately, you are just creating another big project! By all means invest in new systems when the budget allows but ensure there is a smooth transition between the old and new.

Equally, don’t be tempted to just hire yet more people to compliance team. Many firms have found themselves feeding a sort of compliance ‘arms race’, continually adding more resources which can’t keep pace and aren’t sustainable.

Turning to technology

In my biased point of view, I believe that ultimately SMEs need to choose a suitably powerful, reliable and affordable RegTech solution which draws a line under all the previous issues. These systems have been designed to deal with all the major pain points (keeping up with compliance regulations, breaking down data silos and processing huge amounts of unstructured information), all at a manageable and predictable ongoing cost.

In an increasingly uncertain world (with the likes of Brexit adding further uncertainty) regulations are set to continue evolving rapidly and data processing needs will only continue to increase.

SME financial firms need to ‘take the bull by the horns’ which means investing in the right RegTech solution so they can get on with their core business duties, safe in the knowledge that their investment has got their back, protecting them and their customers.