Regulation and economic pressures are altering the scope of change programmes

The Financial Conduct Authority’s (FCA’s) £29 million fine levied against Starling Bank earlier this month may be more of a slap on the wrist than a serious penalty. Still, it is a clear indication of the increased regulatory focus on businesses, particularly in financial services. 

The FCA fined Starling for “serious concerns with the anti-money laundering and sanctions framework in place” but reduced the amount from £41 million after Starling agreed to remediate its regulatory breaches and enhance its financial crime control framework.

On the one hand, the decision seems to reflect an awareness by the regulator that trading conditions are difficult and that mistakes can occur when a company grows quickly. However, it also shows that regulators are becoming more bullish in querying organisations’ approaches to sanctions compliance, reducing the risk of financial crime, and improving their ‘know your customer’ protocols.

In the current economic and geopolitical climate, the likelihood is that sanctions will increase and international organisations, such as those in the insurance sector, will have a harder job transacting business without risking the breach of sanctions or other regulatory exposures.

Regulatory compliance can be a highly resource-intensive activity. While some of the processes involved lend themselves to greater automation, this is one area where the insurance sector is clearly behind the curve.

Data strategy versus IT reality

After a relatively quiet end to the summer in the consultancy space, September has been extremely busy, with many big change programmes effectively being reset by clients. Against an uncertain macroeconomic background and increasing regulatory activity, there are likely to be many audit and regulation-driven programmes on the horizon which will suck up cash, taking it away from technology programmes.

What is really noticeable is that every single project that we are currently involved in has a data element – from more prosaic efficiency drives and optimisation projects, to a number of proof of concepts around artificial intelligence (AI).

While it is easy to see the attraction of AI solutions as a kind of universal panacea for straight-through processing, in the insurance space there is a long way to go before that reality is possible – particularly where organisations have not addressed the legacy IT systems and data issues that continue to dog the industry.

This focus on clever uses of AI to improve efficiency and cut costs also comes at a time when there is an uptick in cyber security issues and – taking the example of the CrowdStrike outage in July – over-dependence on IT supply chains that are vulnerable to catastrophic failure if a link in the chain breaks.

From both a regulatory compliance and an operational resilience perspective, it’s therefore becoming increasingly important that companies have both their Business and IT landscape properly mapped, with greater visibility on both their internal processes and digital supply chains.

However, the challenge for many organisations is the ‘pick and mix’ selection of technology that they rely on. So, while companies talk about the need to have a data strategy, they’re not necessarily addressing all of the fundamentals of how data is received or produced at the front end and ingested by the business into the back end. 

Data remediation versus a long-term fix

We’re increasingly seeing finance departments getting bigger and bigger because finance is at the end of all this data flow, trying to make sense of it to carry out key functions such as cash flow, balance sheet management and financial reporting. If companies haven’t addressed front-end data issues, then all the problems from other departments will keep coming through to finance.

Consequently, a lot of our time is spent on data remediation projects, as clients experience growing pressure from audits, financial reporting and ESG requirements. However, while data remediation can be a short-term fix, to be effective in the long term, companies need to address some of the underlying problems that are creating data issues.

In some organisations we have found ourselves running parallel projects – data remediation to sort out immediate issues and longer-term projects to find a permanent data fix, alongside workflow projects, process re-engineering and so on.

With financial services, and insurance in particular, at something of an inflection point, facing significant challenges from regulatory activity and an uncertain economic climate, there are some very simple things that companies aren’t getting right concerning their data and IT architecture.

While it’s tempting to focus on the cool stuff like AI and jump on the bandwagon of new tech, many of the organisations who have implemented change programmes may need to change direction and focus on fixing their legacy issues first, making data more accessible and importantly, accurate.