Professor Michael Mainelli, Executive Chairman, The Z/Yen Group
[An edited version of this article first appeared as "Predictive Compliance In Financial Services", New Lens, Fusion Experience (November 2009).]
Competitive Consequences of Compliance
Historically, compliance has been an overhead or ‘cost of doing business’. Political responses to the Credit Crunch predictably call for more regulation – "never mind the quality, feel the width” – rather than better regulation, so while today’s compliance costs are significant, tomorrow’s costs are mounting. And the costs have been increasing for two decades.
Corporate Governance: 1992 Cadbury Report, 1995 Greenbury Report, 1998 Hampel Report, 1999 Turnbull Report and 2003 Higgs report; German KonTraG corporate governance reforms; Sarbanes-Oxley Act 2002; and the OECD Principles of Corporate Governance. General Compliance: Basel 2, Markets in Financial Instruments Directive (MiFID), Sarbanes-Oxley (Section 404), the Patriot Act, Anti-Money Laundering, the Financial Services Modernisation Act, the Insurance Mediation Directive Privacy and Electronic Communications (EC Directive) Regulations, the Freedom of Information Act 2000, substantially different International Financial Reporting Standards, Data Protection Act 1998 and the Financial Groups Directive. Regulators’ Rules: from the FSA, SEC, OCC, BAFIN, etc., let alone SAS 70 or ISO 9000 as voluntarily-incurred compliance, or industry trade association voluntary compliance codes. General Business Regulation: Health & Safety, COSHH, taxation, equal rights, etc.; let alone…
Financial institutions have two obvious avenues to fight back at over-regulation – manage compliance and automate compliance. Too little has been done on both fronts. But first a rethink of compliance.
Environmental Consistency Confidence
Compliance is, somewhat perversely, about the unpredictable. Well-channelled, normal behaviour should be automated into systems. Compliance is there to handle the exceptions. The application of the scientific paradigm to business operations transformed management thinking in the early part of the 20th century. A plethora of management theorizing since often obscures the simplicity at the core of the scientific paradigm. One approach, Environmental Consistency Confidence, restores statistical correlation to its rightful place at the core of financial compliance and risk management. At the core of the scientific approach is a statistical engine room of some form:
"Statistical and applied probabilistic knowledge is the core of knowledge; statistics is what tells you if something is true, false, or merely anecdotal; it is the ‘logic of science’; it is the instrument of risk-taking; it is the applied tools of epistemology."
Environmental Consistency Confidence is an approach to compliance and risk management that says, "if you can predict incidents and losses with some degree of confidence, then you have some ability to manage your risks". You are confident to some degree that outcomes are consistent with your environment and your activities. The converse, "if you can’t predict your incidents and losses", implies either that things are completely random – thus there is no need for management – or that you’re collecting the wrong data. Knowing that incidents and losses are predictable leads to application of the scientific paradigm. From a proven hypothesis, financial risk tools such as culture change, controls, process re-engineering or risk costing can be usefully applied.
A few years ago, when promoting Environmental Consistency Confidence to one trading firm, Z/Yen posed a tough question, "why can’t you predict the losses and incidents flowing from today’s trading?" The idea was to look at the environmental and activity statistics for each day and use multi-variate statistics to see how strong the correlation was with incidents and losses flowing from that day. It is often said that "correlation doesn’t demonstrate causation". That is true, but "correlation should cause questions". This large commodities firm made predictive accuracy the primary measure for its operational risk team.
Environmental Consistency Confidence starts with the idea that the organisation is a large black box. If the outputs of the box can be predicted from the inputs using multi-variate statistics, then the scientific management process can be deployed, abductively (creatively), inductively (experientially) and deductively (analytically). The key elements of Environmental Consistency Confidence are:
a strong database of day-to-day environmental factors and trading activities;
a database of incidents and losses (or errors or non-conformities or other measures of poor performance);
a unit tasked with predicting future incidents and losses from current factors and activities;
a "confidence" measure (typically R2) from the unit tasked with prediction;
managers enthused simultaneously to reduce R2, by removing non-compliance, and increase R2, by providing new data to test new hypotheses.
You can’t manage what you don’t measure. Few financial institutions have any idea of the actual costs of compliance because measuring compliance is not straightforward. Large banks have a variety of different compliance units and compliance structures. Compliance can report to a global head or be combined with other functions or allocated to product lines. Much compliance is intertwined with normal procedures, e.g. Know-Your-Client requirements are wrapped up in account opening processes. An organisation that seems to spend little on ostensible compliance may be superb in compliance due to smoothly functioning systems. An organisation that spends an enormous amount on compliance may be ineffectual. But just because measurement isn’t straightforward is no reason to evade it.
If financial institutions worked towards shared benchmarks and solid data for compliance costs, such benchmarks would help them to:
assess current compliance costs and identify areas for improvement internally;
establish a baseline for future work on balancing the costs of compliance with ‘doing the business’;
provide frameworks for proving that voluntary certifications and ratings, e.g. quality systems or fiduciary ratings, justified a reduction in direct regulatory oversight;
negotiate with regulators on obligations based on the comparative costs they impose.
Most industries faced with spiralling costs in an area that is essentially paperwork would ‘try and automate the problem away’. New approaches using dynamic anomaly and pattern response systems (full disclosure: Z/Yen’s PropheZy system is one such automated general compliance engine) permit large amounts of compliance to be automated. At heart, compliance is investigating anomalies in order to understand them or to flag them upwards in the governance structure.
Automated systems can flag anomalies or exceptions upwards to humans in the governance structure. Z/Yen has successfully applied dynamic anomaly and pattern response predicting failed foreign exchange trades, best execution compliance automation, liquidity, non-STP correction, anti-money laundering and operational risk. Wherever the predictive system incorrectly categorises a transaction, the transaction becomes an area of interest for compliance. Financial institutions of the future cannot afford to have large numbers of staff ineptly and inconsistently looking for inconsistencies in thousands of transactions. Some institutions will succeed in automating the bulk of compliance tasks and this automation will give them a competitive edge.
For too long financial institutions reacted to past events rather than designing forward-looking control systems. Due to a groundswell of disappointment flowing from bad financial surprises, society has applied the blunt tools of law and regulation to financial institutions. If financial institutions want to take control of their destiny, they must begin to recognise that competing on the efficiency and effectiveness of compliance can be, however paradoxical it sounds, as exciting a battleground as the forex markets or the retail mortgage markets.
The financial institution of the future will be one that demonstrates corporate governance, detects anomalous transactions in real-time and proves to regulators that it is well run, all the while as new regulations cascade in. While customer service, product innovation and clever ways of using capital will always be vital, boring old compliance may be the new battleground. On balance, it is more likely that the field will be lost by ‘compliance’ rather than won. However, for financial institutions a new strategic theme might be to build a new compliance architecture that manages and automates and visualises one thing that won’t go away, new regulations.
1. Mainelli, Michael, "Finance Looking Fine, Looking DAPR: The Importance of Dynamic Anomaly and Pattern Response", Balance Sheet, The Michael Mainelli Column, Volume 12, Number 5, pages 56-59, Emerald Group Publishing Limited (October 2004).
2. Michael Mainelli, "Environmental Consistency Confidence: Scientific Method In Financial Risk Management", Risk Management In Finance: Six Sigma And Other Next-Generation Techniques, Chapter 22, Anthony Tarantino & Deborah Cernauskas (eds), pages 273-288, John Wiley & Sons (2009).
3. Taleb, Nassim Nicholas, "The Fourth Quadrant: A Map Of The Limits Of Statistics", Edge, An Edge Original Essay (15 September 2008).
Z/Yen operates as a commercial think-tank that asks, solves and acts on strategy, finance, systems, marketing and intelligence projects in a wide variety of fields (www.zyen.com), such as developing an award-winning risk/reward prediction engine, helping a global charity win a good governance award or benchmarking transaction costs across global investment banks. Z/Yen’s humorous risk/reward management novel, Clean Business Cuisine: Now and Z/Yen, was published in 2000; it was a Sunday Times Book of the Week; Accountancy Age described it as "surprisingly funny considering it is written by a couple of accountants”.