Banks and compliance: Be nice to your CIO now

  • New study by PwC and Institute of Bankers Malaysia shows lack of investment into tech infrastructure
  • Chief compliance officer must be able to influence the technology budgets of the banks, controlled by the CIO

MORE Malaysians are using online banking, whether to just check their accounts or to actually transfer money and pay for products and services. Obviously this higher comfort level has been earned by our banking fraternity through the high level of security they provide and the ever-improving user experience they work to deliver.
So, a press release that came to Digital News Asia (DNA) recently triggered great interest in me because it said that the majority of the respondents named inadequate technological infrastructure as one of the key challenges in monitoring business compliance (81%) and compliance function activities (84%).
In banking parlance what compliance means, according to the Bank for International Settlements, is: “An independent function that identifies, assesses, advises on, monitors and reports on the bank’s compliance risk; that is, the risk of legal or regulatory sanctions, financial loss, or loss to reputation a bank may suffer as a result of its failure to comply with all applicable laws, regulations, codes of conduct and standards of good practice.”
And you thought people in tech talked strange!
Anyway, PwC Malaysia and Institute of Bankers Malaysia did an online survey among heads of compliance and senior management from local and foreign Malaysia-based banking institutions in July and August. All Malaysia-based banks were surveyed, and the response rate was a very healthy 65%.

The survey identifies the challenges faced by Malaysia-based banks in achieving and sustaining compliance, including lack of efficient organizational structures, inadequate technological infrastructure, poor communications with internal and external stakeholders, and lack of awareness of the compliance function role within the organization.
Naturally I zoomed in on the technology part and found that the results indicate that banks have yet to capitalize on the use of technology in their compliance activities.
The report, called Compliance Matters, even describes technology as the elephant in the room. The survey indicates that there are tremendous opportunities to use technology to make compliance activity more efficient and effective.
But organizations have yet to fully capitalise on it, and the reason why is that investments in this space have been low.
This piece of news will be music to the ears of vendors which supply risk software to financial institutions. You can be sure they will be knocking on the doors of banks after this.
What caught my attention was the statement that technology optimization can be better realised “if the compliance function can expand their focus and influence on Compliance’s technology budgets.”
Banks and compliance: Be nice to your CIO nowSo I asked Foong Mei Lin (pic), PwC Malaysia executive director for Regulatory Consulting, about this. She tells DNA, “Banks can explore the use of technology amongst others as exception reporting tools and to track and monitor specific compliance activities. However, these involve investment in [IT] systems.”
Because the decision to invest in these systems lies out of the control of compliance, she suggests that “the Head of Compliance must be able to influence the technology budget allocation of the banks (currently under the purview of the CIO) for this purpose.”
How successful compliance officers will be is anybody’s guess, but while readers ponder that, here are a few other interesting bits of information the study discovered.
Almost 85% say compliance is perceived as everyone's responsibility. However, at the same time, the majority (85%) say that the role of the compliance function is not well understood within their organization.
Instances where survey results imply that technology can be better optimized in banking institutions include:

  • Over two-thirds (67%) indicate that technology is not used to track/report breaches;
  • Nearly half (47%) say that technology is not used in reporting, monitoring and communications of compliance activities;
  • Under a quarter (23%) use IT to track and raise red flags.

It is worth noting that in the areas of compliance function and business compliance budgets, technology was ranked at moderate level (just 60%) in comparison to budget focus on staff matters – training, salaries and benefits (exceeds 70%).

The report goes on to state that technology is clearly wanting in a number of compliance areas. As a result, there is scope to optimize technology to facilitate the embedding of compliance within the organization and in improving the efficiency of the compliance function.
Beyond exceptional tracking, technology can be utilized for the timely communication of market and operational risks, including the tracking and monitoring of specific activities, internally and externally.
Now if those stressed out CIOs would just listen to what their compliance counterparts need.

Download the full report here.

Keyword(s) :
Author Name :
Download Digerati50 2020-2021 PDF

Digerati50 2020-2021

Get and download a digital copy of Digerati50 2020-2021