In the complex world of financial regulation, banks and building societies often find themselves caught between the imperative to comply with evolving regulatory requirements and the desire to invest strategically for future growth. While regulatory change programmes are essential for maintaining a sound financial system, their costs are often viewed as an unwelcome and onerous burden, obscuring their potential to enhance business outcomes. Whilst cost is a factor, regulatory change programmes that are well-designed consider business needs, deliver tangible outcomes contributing to strategic priorities, and deliver broader value than merely achieving compliance.
In the first article in this series, we called for a wider rethink of the value of risk management. This article builds on those ideas and challenges industry participants to rethink how they define, and measure returns on regulatory investment. We advocate for a more nuanced approach that unlocks the strategic value hidden within compliance: enhancing operational efficiency, improving decision-making, strengthening stakeholder trust, and ultimately driving long-term value creation by mitigating risks and fostering a culture of responsible business practices.
The traditional approach to change programmes often involves a binary classification:
Whilst this categorisation is understandable and widely applied – and indeed defining changes as “regulatory” can support internal budget allocation process, this view fails to capture the multifaceted nature of regulatory investments and their potential to deliver value beyond mere compliance.
Consider the implementation of Basel 3.1 in the UK. The PRA's initial consultation (CP16/22)1 included a detailed cost-benefit assessment, comparing the estimated compliance costs against a baseline scenario where the proposed regulation was not implemented. Whilst this is an embedded part of the regulator’s obligations as part of the consultation process, it does provide a conceptual framework that firms and the respective responsible executive or project sponsors could seek to emulate.
Frequently, firms present entire change programmes as mandatory regulatory spend, using compliance as a lever to secure funding and prioritisation over other investment options. While understandable in a competitive environment with multiple competing priorities, this approach can mask opportunities or distract firms’ focus away from optimising investments and extracting maximum value. In essence, this instils a reactive mindset fostering a culture of compliance over strategy; design choices may then overlook opportunities to proactively invest in innovation, process improvements, or new technologies that could enhance efficiency, customer experience, or competitive advantage. Framing change as a regulatory burden can also demotivate employees and limit their willingness to embrace new initiatives and opportunities.
This limitation is particularly acute for complex firms managing multiple, overlapping regulatory change programmes. Without a clear view of these interdependencies, organisations risk inadvertently under-serving specific regulations or duplicating efforts. This lack of coordination can lead to compliance gaps, wasted resources, and missed opportunities to leverage change for broader business benefits. For example, a well-executed regulatory change programme can go beyond compliance by generating insights from data that inform strategic decision-making, improve customer experience, and streamline operations. Therefore, effectively communicating a holistic view of regulatory change initiatives to senior management and regulators is crucial, not only for successful delivery but also to unlock the full potential of these investments and justify their prioritisation in a challenging economic climate.
Within regulatory change programmes, a familiar challenge arises: scope creep (or scope reduction). Compliance requirements become a convenient justification for feature bloat, technical debt, and escalating costs. Amidst economic headwinds, the focus on cost optimisation intensifies, making it crucial to distinguish between essential and discretionary spending. While a degree of ambition or "gold-plating" in regulatory change programmes may be tolerated in more prosperous times, current economic pressures demand a more rigorous approach. This often leads to prioritising tactical, short-term solutions over strategic investments, even if the latter yield greater long-term benefits and sustainability.
Instead of blanket justifications based on regulatory necessity, we propose a framework that encourages continuous ranking of deliverables, features and methodologies based on their incremental value to the organisation. This requires asking a crucial question: "What would we do in the absence of this regulation?"
To facilitate prioritisation and unlock hidden value, we propose a clear definition of regulatory investment:
Regulatory investment is the incremental spend required to deliver a compliant solution, over and above the cost of achieving the same business objective in the absence of regulation.
This definition emphasises establishing a baseline cost – the investment required to meet business needs and shareholder expectations without regulatory drivers. Comparing this baseline to the actual cost of a compliant solution reveals the true cost of regulatory adherence. However, this approach only tells half the story.
To build a comprehensive business case for change, organisations must also quantify the potential cost of non-compliance. This includes tangible expenses like fines and legal fees, as well as less quantifiable but equally damaging consequences such as:
Calculating these "negatives" can be challenging but is essential for demonstrating the full value of compliance investments. This cost assessment should also be layered, reflecting the specific costs associated with individual regulations (e.g. Basel 3.1, GDPR, FCA Consumer Duty) while accounting for any overlaps to avoid overestimation.
The complexity of quantifying both compliance and non-compliance costs underscore the need for a robust framework. This framework should not only enable accurate cost calculation but also facilitate prioritisation and decision-making when allocating resources across multiple regulatory change initiatives.
Consider a robust risk data and systems infrastructure. While such a system might be partially driven by regulations like BCBS239, Basel 3.1, or IRB capital calculations, its benefits extend far beyond compliance. Timely access to accurate data, insightful reporting, and enhanced decision-making are all strategic advantages that a well-maintained infrastructure provides. Investment in automation can also reduce the cost of the core capability and significantly reduce processing times and the risk of operational error.
Unfortunately, firms often take a tactical approach, viewing investments in these systems solely through a regulatory lens. This results in a patchwork of upgrades solely aimed at meeting compliance, obscuring the potential strategic value, and leading to an inflated perception of the true incremental cost of regulation.
Furthermore, the absence of a well-maintained strategic infrastructure also impairs the firms’ ability to meet future regulatory changes. Internal models are a good example, where firms with access to better data and supporting analytical systems are better able to meet regulatory timelines and have been able to obtain approvals at a lower cost.
Regulatory deadlines often exert significant influence on project timelines and resource allocation. This raises important questions:
We propose applying the same principle across all scenarios: establish a baseline cost assuming no regulation, accounting for the time value of money. By comparing this baseline to the actual cost incurred under regulatory pressure, organisations can accurately assess the incremental impact of compliance on both cost and timelines.
Just as we advocate for a nuanced approach to measuring regulatory investment, we must also redefine how we measure returns. A narrow view focuses solely on cost avoidance – the fines, penalties, and remediation expenses avoided by achieving and maintaining compliance.
A more comprehensive approach considers the broader benefits of robust risk management:
By considering these broader benefits, firms can move beyond a compliance mindset and position risk management as a strategic enabler of value creation. This evolution in approach can also help to differentiate firms from their peers and enable a step change in the quality of investment outcomes and help firms to perceive regulatory-driven investment as an opportunity rather than a hindrance.
We recognise that implementing this framework across an organisation presents practical challenges. Defining baselines, quantifying incremental costs, and attributing value to intangible benefits require careful analysis and judgment. However, the potential rewards – a more strategic approach to regulatory investment, optimised resource allocation, and enhanced value creation – far outweigh the obstacles.
__________________________________________________________________________
References
1. Note the Prudential Regulation Authority (PRA) has published two near-final policy statements (PS) to address industry feedback and revise the proposals included in consultation paper (CP) 16/22. Subsequently the implementation was deferred until 1 January 2027.