3 Factors Driving Compliance Costs for Financial Services

Over the last few years, most industries have seen an uptick in regulatory requirements. While these additional regulations are well-intentioned, they ultimately result in higher compliance costs for many organizations. Companies in the financial services industry are no exception. This sector has experienced one of the more significant increases. According to Globalscape’s Ponemon report, The True Cost of Compliance with Data Regulations, the cost of compliance for financial services companies grew from $16 million to $30.9 million between 2011 and 2017.   That’s almost double the 2011 cost, with an increase of $14.9 million. 

Total Compliance Cost by Industry


A few key reasons for this rise are discussed below:

The Digital Demand

As with many industries, organizations in the financial services sector face increasing consumer demand for digital services. Businesses are embracing financial services technology (fintech) developments, including online banking, account management applications, and payment apps to stay competitive. These developments have been well received by customers and have already begun to change consumer habits. For example 46% of customers surveyed by PWC choose using digital channels over visiting physical locations like bank branches.  

Digital disruptors continue to make waves in the fintech space with successful payment apps like Venmo, online brokers like Ally, and peer-to-peer lending companies like Lending Club. These consumer-friendly applications are enabling financial services companies to expand their customer base to reach new, and often younger, customers. That said, the push to digital also has its drawbacks. The digital marketplace is location-agnostic and accessible to anyone who can get online. That means banks no longer have a lock on certain groups of customers based on their proximity to a physical branch location or ATM. Therefore, they face more competition from players in the digital world. 

Additionally, the growth in digital service offerings is adding a level of complexity when it comes to regulatory compliance. Banks are relatively inexperienced when it comes to digital services, which create more input and output points for financial institutions to manage. This makes data security more challenging. Non-bank fintech companies (like PayPal or Apple Pay) also face challenges with regulation because they’re operating in a relatively new space and requirements can be confusing or ill-defined.    

Increased Regulations

After the financial crisis of 2007/2008, the regulatory world was on fire. In the years that followed, many countries rolled out significant regulations, including the Dodd-Frank Wall Street Reform and Consumer Protection Act, the biggest financial regulation reform in the US since the 1930s. Increasing regulations across the globe have made for a challenging compliance landscape that continues to grow in its complexity. 

For example, this year the EU is rolling out the General Data Protection Regulation (GDPR). GDPR is said to be one of the most demanding regulations enacted to date. In the True Cost of Compliance with Data Regulation report, GDPR was ranked by those surveyed as the most difficult compliance to achieve. It takes a lot of resources, including a healthy amount of money, to meet compliance regulations. The effort and cost are compounded when regulations are increasingly demanding.

Coping Mechanisms

Many financial service businesses realize they need subject matter experts on hand when it comes to coping with compliance. Under GDPR, some companies are required to have compliance officers, while others are voluntarily opting for a similar position or bringing in consultants in an effort get a handle on all of their regulatory requirements. The high number and detailed nature of regulatory compliance tasks has in many cases meant companies need to have more manpower devoted to the issue, which is expensive. 

To better manage compliance efforts, organizations are also beginning to look to regulatory technology (regtech) to help them ease the burdens of compliance. Regtech refers to technological tools that are designed to help businesses meet compliance regulations and the challenges they bring, including strict timelines and complex, time-consuming tasks. Regtech is designed to streamline compliance efforts and to reduce the reliance on humans for regulatory work. 

Companies are spending an average of $1.34 million on compliance-related technologies in 2017, up from an average of $92,000 in 2011.

– True Cost of Compliance with Data Regulations, 2017

In theory, regtech will ultimately save companies money. However, the use of regtech means adding an additional line item to the budget. While companies are migrating toward a regtech model, they may have both increased manpower and regtech on the books for a period of time. It’s temporarily more costly, but regtech should save organizations some operational costs down the road. Regtech can also potentially help businesses avoid regulatory fines by making the compliance process more manageable and accurate. 

More to Come

Digital transformation already plays a big role in changing regulations and compliance costs, and there is more change to come. It’s estimated that the financial services industry has only 39% digital penetration, leaving more than 60% of the industry that has yet to fully embrace digitalization.

As technological advancement and adoption grow, regulatory requirements will rise up to meet them. The business world’s best hope is that it will eventually figure out how to work smarter, not harder, when it comes to achieving compliance.

Related Resources

Managed file transfer can help facilitate compliance. Globalscape's Enhanced File Transfer platform helps businesses meet standards mandated by GDPR, PCI DSS, SOX, HITECH, HIPAA, and others. Learn more.

The launch of GDPR will have a global impact. Learn how EFT can help your organization achieve and maintain GDPR-ready posture

Read this success story and see how a Financial Organization was able to meet PCI DSS Compliance using EFT Enterprise.