The author Chris Anderson turned the statistical concept of the Long Tail into one of the most hyped management fads when he released his book with the same name in 2004. He challenged our general conviction that the 80-20 rule, or Pareto Principle, is generally applicable. According to him, our belief that a few block busters will dominate the revenues is flawed, but self-fulfilling if we stop offering the older goods when the smash hits are launched. He argues that the emergence of e-commerce, with champions like Amazon, has proven that the long tail should not be neglected. In this blog post, I will do the same. I will argue that banks should not neglect the revisions of existing legislations. It is my belief that the revisions drive more work than anticipated and will in the end require a new way of working for the compliance department.
Just like Chris Anderson explained, I do not think that the latest major legislations (FATCA, EMIR, FINREP…) will be responsible for 80% for the compliance toll that is estimated to 1.000 MUSD annually among the 100 largest banks in the US. And the tail is getting even more important now when the legislators are producing as many sequels as in Hollywood. Basel III, Solvency II and MiFID II are some examples of sequels and we will probably experience additional upgrades. The sequels will challenge our traditional way of thinking where a new law equals new policies. But revising existing policies will not be easier than crafting new ones considering that it is not uncommon that a bank has a legacy with 30.000 different policies. So, knowing what policies to revise when the legislations are updated will become a challenge to organizations, especially if the legislators are giving the industry short deadlines arguing that the revisions are minor.
The maintenance of the many policies and the shorter deadlines will probably force the compliance department to change their modus operandi in the same manner as the IT-department did 10 years ago. The traditional sequential approach where the compliance officers capture the regulatory requirements, pass them to the policy owners in the line-of-business and then review and hopefully approve the suggested policies in the end is too time-consuming. Just like the IT-department did, the compliance department has to find an agile process where they collaborate with the policy owners. Given the legislation fury that we have seen lately, I think that many compliance officers would appreciate the following cornerstones of the Agile Manifesto as presented on Wikipedia.
- Individuals and interactions – in agile development, self-organization and motivation are important, as are interactions like co-location.
- Customer collaboration – requirements cannot be fully collected at the beginning of the development cycle, therefore continuous customer or stakeholder involvement is very important.
- Responding to change – agile development is focused on quick responses to change and continuous development
Agile Compliance? Collaborative Compliance? Joint Compliance? The name is not as important as finding a way to streamline the policy authoring process so that we can focus on the real compliance challenge – how do we ensure that customer facing personnel know how to leverage the 30.000 policies for best possible service and trust?