Mind the compliance gap

How should firms conduct a gap analysis when preparing for regulatory checks? Jim McGivern of AutoRek shares his thoughts.

Government regulators and policy makers are taking a much tougher line with private equity firms and other financial institutions that fail to combat internal risks. And the size of fines levied against financial institutions will continue to rise as more directives are dictated by European officials that seek to hold senior managers accountable for failing to implement the best practices possible.

In the last few weeks alone, the Bank of England's financial policy committee has identified a £25 billion (€29 billion; $38 billion) capital shortfall in banks and called for the introduction of regular stress testing to assess the banking system's capital adequacy. Whilst the 2013 budget, outlined new measures that will see Jersey’s finance industries share more information with UK authorities to combat tax evasion. 

As authorities continue to introduce new measures designed to position financial services as an efficient and viable market for customers, organizations will be forced to face the challenges of data management and the need to monitor for the deliberate circumvention of controls. Transparency is good news for the financial services industry but financial regulators have issued ambitious and complex information reporting regimes which will require clarification on various factors including customer on-boarding, due diligence, account opening, documentation, registration, tax reporting, withholding requirements and more.


As financial regulations become more stringent, an essential first step for organizations will be reviewing the requirements of guidelines and identifying the necessary changes to ensure that existing systems provide an audit-trial of compliance. In order to avoid costly penalties and achieve compliance before legislative deadlines, firms will often need to develop system functionality so that they have the ability to gather data from many different systems or sources, assimilate that information with other relevant data, and then automatically update the entire data set as new linkages, sources and other information become available. Organizations will need to certify that the activity of relevant clients is well documented and audited to a high degree of accuracy to ensure accurate reporting back to the regulators.

In addition, firms need to be prepared for the fact that checks may need to be re-performed more than once and flexed to meet any agreements introduced in the future. Institutions should also try to quantify their compliance costs – at least in broad terms – and consider any potential ‘simplifications’ contained within the final regulations.


As we move towards greater transparency within financial services, UK officials are increasingly demanding access to the details of off-shore accounts and tax havens like Jersey and Guernsey. Whilst it is easy to see the need for greater transparency over the financial activities being conducted between Jersey and the UK, the logistics of complying with this type of agreement is going to be challenging for all of the financial institutions affected. These jurisdictions simply cannot afford to be, or be seen to be, safe havens for tax evaders, as many of the jobs there will be provided by major financial institutions who will want to be seen to be operating only in compliant jurisdictions.

Institutions will need to have the appropriate software and procedures in place to capture the right sorts of data, highlight the records that require assessment or completion, and then communicate the outcomes with their clients or stakeholders. Most firms will need to need to obtain specialist help when it comes to implementing the systems and process changes that will be necessary for FATCA compliance. In addition, financial institutions need to ensure that they can capture additional information about new customers that will need to be included in an annual reporting exercise. Legislative deadlines must be met as organizations that fail to prove compliance will be named and shamed and subject to stiff penalties.


As new initiatives are introduced to regulate activity in the financial market, firms need to start thinking about how they are going to create and maintain a holistic view of the organization that provides a single view of the customer and satisfies demand for more information from watchdogs. 

Firms of all sizes will need to make serious modifications to their internal systems and control frameworks to comply with a range of new agreements – such as Solvency II, FATCA and Basel III – and prove that they have an up-to-date understanding of risk exposure. 

As a result, organizations need to begin evaluating and analyzing various processes, case scenarios and customer records as soon as possible. One thing is clear: firms will need to begin analyzing their existing systems and identifying what process changes are required to ensure that they meet the various reporting requirements as they continue to evolve.

Jim McGivern is a senior business consultant at AutoRek, a provider of financial data solutions including reconciliation software, cash applications and compliance products.