(9 pages)
Consider this short tale of two banks: Acme Bank’s top-notch compliance function kept the bank within its risk appetite, but the bank did not perform well. Its strategy team blamed compliance for slow growth, weak market share, and failed digital initiatives. At Apex Bank, the strategy team bypassed compliance to release new products quickly, expand into new customer segments, and ramp up acquisitions, all while keeping costs low. Soon, though, its main regulator brought a significant enforcement action. The stock price fell, key employees quit, the bank had to exit several important businesses, and compliance costs skyrocketed.
While these descriptions are caricatures, they’re not far from reality. Strategy and compliance often operate as antagonists or as ships passing in the night. This is a missed opportunity. Done well, communication and collaboration between the two parties can create competitive advantage. The stakes are particularly high now: technology offers promise, but new risks are rising on uncertain economic and geopolitical landscapes.
This article explains the benefits available when compliance and strategy leaders work together, the quick wins that are possible, and the structural solutions that can sustain and scale the change. In this article, we use the word “strategy” as a metonym for the broader set of decision makers (not just the strategy organization) who influence and shape banks’ strategic direction; these include business unit leaders, leaders in marketing and sales organizations, and product managers.
Finding competitive advantage
Banks’ compliance functions have typically focused on defense: preventing violations of policy, rules, regulation, and laws. The more complicated the regulatory, business, and technological environment, the more complex the defense.
But in complex environments, collaboration with the businesscan deliver greater strategic value. In our experience, five objectives that define strategic postureare ripe for collaboration: differentiating client experience, investing in fast-evolving areas, securing resilience against geopolitical disruptions, improving productivity, and acquiring programmatically. In each, when compliance and business stakeholders responsible for strategic decisions work side by side, institutions benefit by protecting against the downside, capturing more of the upside, or both (exhibit).
In working with banks around the world, we have seen examples of compliance and strategy collaborating on these five objectives, with varying degrees of success. Here we describe how the successful collaborations were achieved for each objective.
Differentiated client experience
In the increasingly digital world, customer experience is king, and products and services are scrutinized in the court of public opinion—online ratings and social media. Already in 2018, of the 50 largest global banks, three out of four were publicly pledging to initiate some form of customer-experience transformation. We have seen banks’ customer-experience transformations boost the lifetime profitability of satisfied customers—those willing to recommend the bank to friends—to levels five to eight times those of customers with a negative perception.
Banks need processes that deliver a good customer experience in the moment, treat customers fairly, protect against fraud, and comply with laws and other regulations. Poorly designed compliance processes can compromise the experience, but insufficient checks can open the door to fraud or other abuses. Deep collaboration by compliance and business teams can capture opportunities as well as protect the downside.
Poorly designed compliance processes can compromise the experience, but insufficient checks can open the door to fraud or other abuses. Deep collaboration by compliance and business teams can capture opportunities as well as protect the downside.
For example, in retail banking and payments, some consumers have negative experiences with identity verification; it can be confusing and take a long time. Frustrated consumers may even walk away from their bank. Strategy teams with expertise in identifying customer needs, meeting those needs, and differentiating value propositions by bringing together viewpoints from across the organization can work with compliance teams to identify the most critical needs and embed compliance requirements seamlessly into customer journeys.
In institutional banking, some customers experience similar frustrations from the intense and sometimes overlapping queries for information aimed at meeting the complex know-your-customer (KYC) requirements straddling jurisdictions. Certain KYC queries may add operational cost and could even deter large multinational clients from starting new banking relationships. Closer collaboration between compliance and strategy teams helps banks simplify the process in a client-centric and risk-informed way. Our research has found10 to 30 percent improvement in customer satisfaction scores and 20 to 40 percent reductions of administrative touchpoints.
Compliance and strategy teams can also work together on continual improvement. Customer complaints can indicate compliance issues—for example, problematic sales practices—but also opportunities to improve customer experience. Thus, input on customer experience can serve as an early warning about possible compliance issues.
How to start
Compliance and business operations can together initiate a review of priority client-facing processes. The effort may identify opportunities for improving user experience through simplification or rationalization of controls—for example, by removing redundant or overlapping controls.
Banks that aspire to offer a standout client experience typically form cross-functional teams focused on rapid, agile execution. Practically, this would involve including compliance experts in the core of the agile approach and team configuration from the start. For processes related to customer onboarding, teams can include experts in compliance, technology, operations, strategy, and other functions. This equips the team to incorporate guidance on compliance requirements in the most client-friendly way.
One North American institution created a task force of senior banking executives, including the chief compliance officer, to design a smooth customer onboarding process across its capital markets businesses. The team first established clarity around regulatory requirements and then reengineered customer journeys and built a consistent experience across regions. The resulting process minimized requests for client information and decreased the risk of inconsistencies and conflicts in client data.
Investment in fast-evolving areas
Growth into adjacent or secondary industries offers financial services institutions strong opportunity, yet some of the most alluring domains are fraught with uncertainty related to compliance.1Our recent research finds that in financial services, 35 percent of growth comes from secondary industries or expansion into new ones. Companies that grow into adjacent industries generated, on average, an extra 1.5 percentage points per year of shareholder returns above their industry peers. https://www.mckinsey.com/industries/financial-services/our-insights/managing-a-customer-experience-transformation-in-banking This is especially true of areas in which some combination of technology, products and services, business dynamics, and customer expectations are evolving quicky. Strategists weigh the opportunity from potential investments against costs of competition or regulation. Compliance can shape ideas for coping with the regulatory uncertainty and suggest implications for various investment options.
New business opportunities linked to data and analytics exemplify an area that shows promise but presents new and sometimes uncertain compliance expectations. Some institutions are considering investing in or partnering with data and analytics players that provide credit decisioning tools. When decisions about credit extension are informed by or fully based on AI algorithms, banks will need to demonstrate the fairness of such decisions and their compliance with customer protection rules. Compliance teams can inform assessments of these requirements, such as required investments in controls and the AI talent required to interpret algorithms’ output.
Environmental, social, and governance (ESG) offerings are another area of potential opportunity for collaboration. Institutions that aspire to bring attractive ESG offerings to market need well-designed processes for product creation and maintenance. Basic criteria include factors (and underlying data) used to construct ESG investment products that are transparent and reflective of the investment objectives described in the prospectuses. Strategy teams play a key role in defining ESG product initiatives based on market dynamics and client needs. Compliance teams working with strategy teams can provide insights on alignment of ESG factors with the declared investment objectives and regulatory guidance, as well as the processes for monitoring product performance and informing customers.
How to start
Compliance and strategy could collaborate to articulate the largest regulatory risks associated with products or segments that are new to the industry, growing in importance, or being considered as a new focus. Examples could include analytics or digital payments.
Compliance officers could regularly share with colleagues the latest regulatory developments in this space, including potential implications for a bank’s planned investment actions, if relevant. In addition, banks should consider explicitly designating compliance team members who will be on point to provide strategically informed compliance insights on fast-evolving areas that the institution has prioritized for potential investment. These people would have the dual mandate of being compliance officers while advising strategists in areas where the bank is exploring the potential for growth or an inorganic investment thesis. Banks can even consider forming a small compliance advisory team to provide such input as needed in areas of strategic significance. This team might sit either within the strategy or compliance functions, with a dotted-line relationship to the other group.
Resilience against geopolitical disruption
For global institutions, geopolitical forces up the ante, particularly when laws or regulations shift quickly in response to countries’ foreign-policy stances. Institutions with an international footprint have complicated links between countries. Rarely can such organizations disconnect rapidly from any given country, not least because of compliance requirements. The strategy function may lack routines for systematically analyzing and understanding geopolitical scenarios.
For example, companies doing business in Russia or with Russian entities when it invaded Ukraine in early 2022 had to quickly translate the implications of the sanctions that many other countries imposed on Russia. Predefined playbooks for handling similar geopolitical shocks would accelerate response and reduce the probability of any outsize operational losses or regulatory fines that might create opportunities in the defensive quadrant of the values matrix.
How to start
Given recent geopolitical shifts, strategy teams may be well advised to start building a planning capacity, with compliance teams included. Those engaged with strategy at the senior level, with participation from the senior level of the compliance function, can systematically develop and analyze a set of geopolitical scenarios. For example, scenarios might include imposition of sanctions or quickly exiting a country.
Improved productivity
Collaboration to improve process productivity delivers impact primarily on the value capture axis of the matrix. For example, the compliance team can suggest the productivity initiatives (e.g., streamlining compliance controls, suggesting process simplification ideas based on compliance risk assessments) that could lead to significant impact on margin or revenue growth, given that prioritization of productivity initiatives is key for value capture.
When strategy teams design operational productivity programs, they balance effectiveness and efficiency levers across thousands of individual processes. Compliance organizations are uniquely positioned to support these efforts based on their observation of issues and challenges across the organization. In addition, the compliance team can help structure companywide communication flows on process and control streamlining opportunities. For example, they may have data and insights from security breaches, fraud, suspicious activity, and anti-money-laundering (AML) flags, as well as insights from control testing. These insights can inform where to eliminate, establish, or maintain manual checks; eliminate overlaps in the scope of reviews; or reengineer processes more holistically.
How to start
At the start of any productivity improvement effort, banks have an opportunity to include compliance as part of the core team. Similarly, when deploying the agile approach to identify opportunities, compliance officers can be core to the team structure from the start. This collaboration enables the team to review prioritized processes for opportunities to streamline compliance risk assessments and identified overlapping controls.
As the productivity program establishes baselines—for example, collecting data to prioritize the highest-impact products, businesses, and processes to start with—compliance experts can help with specifying data types and inputs needed, especially in areas such as control performance, key risk indicators, or customer complaint themes. For prioritizing productivity initiatives, compliance experts can contribute insights related to control testing or compliance risk assessment.
Stronger programmatic M&A
The compliance team can also help the strategyand M&A teams generate differentiated insights on mergers and acquisitions. In particular, collaboration can help strengthen , which generate excess returns relative to peers because serial acquirers tend to grow faster and more profitably.2Among companies with revenue CAGR over 5 percent, our research has shown, those with programmatic M&A strategies generate shareholder returns 3.5 percentage points higher than for those growing organically.
Collaboration on acquisition-related themes enables both offensive and optimizing strategies. Organizations can generate differentiated insights for upside capture, such as compliance criteria integrated in M&A sourcing filters. They also can pursue the dual benefits of upside capture and downside protection, such as collaboration on postmerger decisioning and planning.
Successful execution requires strong M&A capabilities, and the compliance function has a key role to play in each capability, including M&A sourcing, due diligence, and integration planning and execution. To enable programmatic M&A, compliance can help design filtering criteria so target identification excludes companies with suspicious clients or that operate in jurisdictions with weak regulatory infrastructure. Strategy and compliance teams should also collaborate to ensure the filters stay calibrated to existing market conditions.
Collaboration on due diligence can include pressure-testing strategic and financial assumptions linked to compliance. Key questions to consider for accurate valuation and assessment of targets’ business models are whether the market sizing assumes no new restrictive regulation of the target’s core product and what it will cost to bring a target’s financial-crime controls in line with those of the acquiring bank.
During postmerger integration and planning, the compliance team can be a partner in deciding the nature and level of integration. In our experience, companies do make compliance part of premerger planning but frequently as a stand-alone workstream. However, the maturity of a target’s control infrastructure often has direct bearing on the right approach to business, process, and system integration. For example, limited control infrastructure and a history of regulatory relationship challenges may prompt the organization to pursue greater integration across functions in order to migrate the target’s businesses to the acquirer’s more controlled and mature environment.
How to start
Consider integrating the compliance team into the entire M&A deal workflow. Bringing compliance into the M&A deal workflow can be a simple change. For example, compliance officers can become permanent members of the deal team across the full deal life cycle, including deal identification (refining investment filters with compliance factors), due diligence (leading compliance-specific deep dives), and integration (using control performance to generate insights on the integration strategy).
Structural solutions to sustain and amplify collaboration impact
Walk a day in my shoes
Strategists and compliance officers have not been natural bedfellows. Strategists may not fully grasp compliance-related risks, while compliance officers may not understand in detail competitor moves or friction that spurs clients to reduce their business. But in the world that lies ahead, mutual understanding will likely be foundational for gaining a competitive edge.
Life as a compliance officer
The compliance role has grown as regulatory frameworks and compliance requirements proliferate. Since 2010, more rules have been issued by the four regulatory agencies (Federal Reserve, OCC, FDIC and CFPB) than in the entire period since the creation of the Federal Reserve System in 1913 to 2010. Compliance officers must translate every new requirement into digestible obligations, alter policies and procedures accordingly (often individually for each product, business, and geography), and help the business side understand these obligations in the context of their processes. Failure to do so can result in large fines to the company, restrictions on business, and even liability of individuals including senior executives and board members.
Compliance officers view their core mission as protectors, so the business’s goals of serving clients better, growing, or improving productivity can easily be perceived as resistance to the compliance function’s mission.
Life as a strategist
Unaddressed market forces continually deplete profits, so strategists try to create and capture economic and social value sustainably in the face of uncertainty. As the pace of innovation and disruption accelerates, strategists’ role becomes ever more intense. They rely on insights into key driving factors to formulate powerful strategy, deep interpersonal engagement and debate from senior executives, and a mutual understanding that the business is prepared and willing to act on a strategy once adopted.
While strategists could benefit greatly from the insights supplied by the compliance function, they often struggle to see past the technical language of rules and regulations. They will likely be better able to appreciate the larger meaning behind compliance if they have information synthesized into terms they can apply to their process of strategy formulation.
Three main obstacles tend to hinder systematic collaboration between compliance and business. First, the compliance function is sometimes seen as lacking full understanding of the business, so the idea of collaboratively finding creative solutions never arises (see sidebar, “Walk a day in my shoes”). Second, the operating model, organizational structure, and talent often are not set up to support meaningful engagement that would allow working together. Third, processes and technology generally have not been designed to unlock and sustain such collaboration. Acting systematically in these three areas, banks can sustain and magnify the impact of the initial actions previously described.
Culture of collaboration
Culture is a key determinant of shifts in the collaboration model, but it is arguably the hardest structural dimension to change in a sustainable way. Banks can prepare the ground for larger change by introducing microhabits that start with understanding each other’s vantage point. As with many other aspects of cultural change, building such understanding is a top-down process. Two microhabits are essentials for cultivating mutual understanding:
- The right tone from the top. Senior executives, including heads of the business and functional leadership, should be fully aligned on the principle behind the operating model and reinforce its importance in their communications, decisions, and actions.
- Collaboration at the C-level. An alliance between the chief compliance officer and the chief strategy officer enable their teams to meet the goals of collaboration. Without the chemistry and meeting of minds at the top, simple process interventions won’t deliver meaningful results.
Talent and operating model
Meeting the need for compliance talent skilled in collaboration and strategy requires the right approach to recruiting and upskilling (such as learning pathways and job rotations). From the recruiting perspective, compliance functions may need to reassess their usual criteria for senior compliance hires, such as a legal background, in favor of more diversification and cross-pollination on the team. Recruitment of compliance leaders should leverage the full diversity of the risk and compliance professionals in the industry. Our recent researchindicates that 90 percent of the risk and compliance professionals in our data set did not start in risk roles.
In addition, given that value creation primarily happens within business units, compliance and strategy activities should reflect the needs of business units. Strategy and compliance teams can explicitly align on how to jointly serve relevant business units where needed. Such upfront alignment can then be translated into tactics for collaboration.
Underlying technology
More modular and integrated tech and data infrastructure can enable connectivity between the strategy and compliance systems. More specifically, investments in workflow capabilities would allow both compliance and strategy counterparts to collaborate in real time, assign tasks to each other, and leverage common data sources. Ideally, such systems are capable of ingesting compliance-related input such as data regarding future regulatory scenarios, the potential impact of geopolitical events, and the impact of control failures on M&A integration. The systems then can incorporate this knowledge into major scenario-planning or business valuation tools.
For example, a bank may design a platform for risk assessments where strategy and compliance have access to the same modules and analyses. Such a platform would source the data from business unit systems and allow the compliance officers to see the compliance assessments carried out in real time. This would have an additional benefit: minimizing the time spent on low-value tasks (reconciling data or replicating the analyses, for example). Instead, the teams could focus on jointly prioritizing key risks and on collaborating to select and implement mitigating actions.
Banks have a strong opportunity to realize impact through collaboration between their compliance and business strategists. Quick wins are possible, but banks wanting to unlock the full potential of such collaboration must consider how to build systems, processes, and foundational capabilities that will enable them to scale up their collaboration.
