Many leaders of financial services companies complain about the rising cost of compliance and fraud detection. Larger institutions fear they are not seeing the economies of scale that typically arise with size. When it comes to compliance, the greater “surface area” and the greater complexity of environment offset the traditional economies of scale.
Increasing costs inevitably create a demand for creative cost containment. The usual proposed solutions are automation, reviews of capital or operating expenses and outsourcing. All three of these are combining to stem the tide of rising compliance costs, but all require re-engineering of business operations to achieve those savings.
Historically in financial services, automation of business interactions – ranging from deposits and withdrawals to derivatives trading – was the first driver of business volume growth. However, as the amount of transactions and other data requiring review grew, so did compliance costs, and businesses had incentives to move from manual to automated auditing and reporting processes.
The Evolution of Automation – From Filters to Social Network Analysis
The first wave of automation of compliance technologies was the adoption of rule-based solutions. Transactions and other data were fed through solutions to identify suspicious transactions or other anomalous behavior. These filters cut the number of transactions requiring examination by around 80 percent so that compliance costs grew only as a fraction of business growth.
However, over time, fraudsters also discovered the benefits of automation; with the new hyper-connectivity provided by the internet, they were able to generate more fraudulent schemes, resulting in an increase in signatures and complexity. Tools to automatically generate cyber attacks became available. Similar to denial of service (DOS) attacks, the aim was to overwhelm the compliance tools of the day by creating significantly more transactions requiring examination and by spreading suspicious behaviors across multiple accounts in order to disguise the activity.
Banks countered with tools to find hidden rings, including social network analysis that identified accounts that were linked by any piece of shared data – account holders, shared addresses and other variables. This social network analysis took compliance from simple fraud identification on a transaction level to identifying teams of players attempting to mask their behavior. Social network analysis found many applications – from fraud detection including credit card and insurance scams to unauthorized trading to identifying possible terrorists.
Initially, this was a manual process for sifting through large amounts of data to find patterns. But companies quickly realized that manual analysis required growth in the number of compliance staff. In automating social network analysis, they developed whole new algorithms which no longer relied on the human eye to detect patterns. These algorithms, sitting on top of the automatically generated graphs, increased prediction accuracy tremendously so that compliance staff wasted less time on false positives. Continued development of categorization and classification schemes continues to improve the detection rate so that with sufficient investment the cost curve flattens rather than climbs with increasing transaction volume.
Organizations will continue to invest in automation because it is the first line of cost reduction.
The Increasing Costs of Fraud and Prevention
The second line of cost reduction is typically a shift from capital expenditure to an operating expense. The business benefit of investing in compliance technologies hasn’t changed that much. The exponential growth of fraud, powered by criminal’s use of automation, means that most compliance investments have a positive return on investment. At the heart, thieves and fraudsters will seek to steal more than it costs to stop them.
However, with increasing volumes of data comes increasing costs for licenses and hardware. Newer solutions based on big data require massive amounts of data to be highly effective. Even with the dramatic drop in storage costs, the rate of data growth drives total costs up. Businesses now see spikes and valleys in costs, and often the spikes in costs come at the valleys in terms of revenue. Being prudent during slow business times just defers the expenditure and delays any positive return on investment. Businesses are caught on the horns of a dilemma. That’s why operating costs are preferred to capital expenditures.
Turning to Cloud Compliance
Given the sensitive nature of compliance, which is able to monitor internal operations as much as external events, many businesses are reluctant to outsource compliance. However, it is possible to leverage the cloud to outsource at least some of the support costs. In doing so, many companies are able to shift to an operating expense model and reduce their costs. Compliance cloud products allow vendors to drive down unit costs by pushing more data in aggregate than any one customer requires. This shifts the capital costs and the risk of over-buying from the business to the compliance cloud provider. With sufficient security keeping a company’s data safe, compliance cloud services enables management to invest money where it will get the biggest return, thus maximizing the effectiveness of the compliance staff.
Bill Sweeney, CTO, Americas at BAE Systems, is an experienced Financial Services CIO. His background includes seven years as CTO at HSBC's Investment Bank, seven years as CIO Risk, Compliance and Legal at Citibank's Investment Bank and then four years with Bridgewater Associates. 
