Skip to main content

Rethinking Regulatory Investment: Unlocking Value Beyond Compliance in Banking

In the complex world of financial regulation, banks and building societies often find themselves caught between the imperative to comply with evolving regulatory requirements and the desire to invest strategically for future growth. While regulatory change programmes are essential for maintaining a sound financial system, their costs are often viewed as an unwelcome and onerous burden, obscuring their potential to enhance business outcomes. Whilst cost is a factor, regulatory change programmes that are well-designed consider business needs, deliver tangible outcomes contributing to strategic priorities, and deliver broader value than merely achieving compliance.

In the first article in this series, we called for a wider rethink of the value of risk management. This article builds on those ideas and challenges industry participants to rethink how they define, and measure returns on regulatory investment. We advocate for a more nuanced approach that unlocks the strategic value hidden within compliance: enhancing operational efficiency, improving decision-making, strengthening stakeholder trust, and ultimately driving long-term value creation by mitigating risks and fostering a culture of responsible business practices.

Moving Beyond Binary Classifications: A Call for Granularity


The traditional approach to change programmes often involves a binary classification:

  • An initiative is deemed "regulatory" and therefore a mandatory cost (for example implementing new capabilities or functionality because of a mandatory regulatory change such as Basel 3.1 implementation); or
  • An initiative is categorised as a "business" investment (for example automating a manual process to enhance efficiency and/or effectiveness of the regulatory compliance process, such as automating manual regulatory reporting steps) subject to stricter cost-benefit scrutiny.

Whilst this categorisation is understandable and widely applied – and indeed defining changes as “regulatory” can support internal budget allocation process, this view fails to capture the multifaceted nature of regulatory investments and their potential to deliver value beyond mere compliance.

Consider the implementation of Basel 3.1 in the UK. The PRA's initial consultation (CP16/22)1  included a detailed cost-benefit assessment, comparing the estimated compliance costs against a baseline scenario where the proposed regulation was not implemented.  Whilst this is an embedded part of the regulator’s obligations as part of the consultation process, it does provide a conceptual framework that firms and the respective responsible executive or project sponsors could seek to emulate.

Frequently, firms present entire change programmes as mandatory regulatory spend, using compliance as a lever to secure funding and prioritisation over other investment options. While understandable in a competitive environment with multiple competing priorities, this approach can mask opportunities or distract firms’ focus away from optimising investments and extracting maximum value. In essence, this instils a reactive mindset fostering a culture of compliance over strategy; design choices may then overlook opportunities to proactively invest in innovation, process improvements, or new technologies that could enhance efficiency, customer experience, or competitive advantage. Framing change as a regulatory burden can also demotivate employees and limit their willingness to embrace new initiatives and opportunities.

This limitation is particularly acute for complex firms managing multiple, overlapping regulatory change programmes. Without a clear view of these interdependencies, organisations risk inadvertently under-serving specific regulations or duplicating efforts. This lack of coordination can lead to compliance gaps, wasted resources, and missed opportunities to leverage change for broader business benefits. For example, a well-executed regulatory change programme can go beyond compliance by generating insights from data that inform strategic decision-making, improve customer experience, and streamline operations. Therefore, effectively communicating a holistic view of regulatory change initiatives to senior management and regulators is crucial, not only for successful delivery but also to unlock the full potential of these investments and justify their prioritisation in a challenging economic climate.

Scope Creep and the Compliance Justification: A Call for Prioritisation


Within regulatory change programmes, a familiar challenge arises: scope creep (or scope reduction). Compliance requirements become a convenient justification for feature bloat, technical debt, and escalating costs. Amidst economic headwinds, the focus on cost optimisation intensifies, making it crucial to distinguish between essential and discretionary spending. While a degree of ambition or "gold-plating" in regulatory change programmes may be tolerated in more prosperous times, current economic pressures demand a more rigorous approach. This often leads to prioritising tactical, short-term solutions over strategic investments, even if the latter yield greater long-term benefits and sustainability.

Instead of blanket justifications based on regulatory necessity, we propose a framework that encourages continuous ranking of deliverables, features and methodologies based on their incremental value to the organisation. This requires asking a crucial question: "What would we do in the absence of this regulation?"

Defining Regulatory Investment: A Framework for Value Creation


To facilitate prioritisation and unlock hidden value, we propose a clear definition of regulatory investment:

Regulatory investment is the incremental spend required to deliver a compliant solution, over and above the cost of achieving the same business objective in the absence of regulation.

This definition emphasises establishing a baseline cost – the investment required to meet business needs and shareholder expectations without regulatory drivers. Comparing this baseline to the actual cost of a compliant solution reveals the true cost of regulatory adherence. However, this approach only tells half the story.

To build a comprehensive business case for change, organisations must also quantify the potential cost of non-compliance. This includes tangible expenses like fines and legal fees, as well as less quantifiable but equally damaging consequences such as:

  • Reputational damage: Eroding customer trust and brand value.
  • Loss of business: Decreased sales, market share, and access to funding.
  • Operational disruptions: Suspensions, sanctions, or diverting focus to remediation efforts.

Calculating these "negatives" can be challenging but is essential for demonstrating the full value of compliance investments. This cost assessment should also be layered, reflecting the specific costs associated with individual regulations (e.g. Basel 3.1, GDPR, FCA Consumer Duty) while accounting for any overlaps to avoid overestimation.

The complexity of quantifying both compliance and non-compliance costs underscore the need for a robust framework. This framework should not only enable accurate cost calculation but also facilitate prioritisation and decision-making when allocating resources across multiple regulatory change initiatives.

Consider a robust risk data and systems infrastructure. While such a system might be partially driven by regulations like BCBS239, Basel 3.1, or IRB capital calculations, its benefits extend far beyond compliance. Timely access to accurate data, insightful reporting, and enhanced decision-making are all strategic advantages that a well-maintained infrastructure provides. Investment in automation can also reduce the cost of the core capability and significantly reduce processing times and the risk of operational error.

Unfortunately, firms often take a tactical approach, viewing investments in these systems solely through a regulatory lens. This results in a patchwork of upgrades solely aimed at meeting compliance, obscuring the potential strategic value, and leading to an inflated perception of the true incremental cost of regulation.

Furthermore, the absence of a well-maintained strategic infrastructure also impairs the firms’ ability to meet future regulatory changes. Internal models are a good example, where firms with access to better data and supporting analytical systems are better able to meet regulatory timelines and have been able to obtain approvals at a lower cost.

The Impact of Regulatory Timelines: A Consistent Approach


Regulatory deadlines often exert significant influence on project timelines and resource allocation. This raises important questions:

  • Should the mere existence of a compliance date automatically classify all spending as regulatory?
  • How should we account for the cost of short-term tactical solutions ("technical debt") implemented solely to meet regulatory deadlines, without providing a sustainable, longer-term solution?
  • Can regulatory deadlines, in some cases, accelerate the realisation of business benefits, justifying a different cost allocation?

We propose applying the same principle across all scenarios: establish a baseline cost assuming no regulation, accounting for the time value of money. By comparing this baseline to the actual cost incurred under regulatory pressure, organisations can accurately assess the incremental impact of compliance on both cost and timelines.

Measuring Returns: Beyond Cost Avoidance


Just as we advocate for a nuanced approach to measuring regulatory investment, we must also redefine how we measure returns. A narrow view focuses solely on cost avoidance – the fines, penalties, and remediation expenses avoided by achieving and maintaining compliance.

A more comprehensive approach considers the broader benefits of robust risk management:

  • Reduced cost of capital: Enhanced risk management practices can lead to lower risk premiums and a lower cost of capital, freeing up resources for strategic investments.
  • Improved customer trust: Demonstrating a commitment to compliance and risk management can enhance customer trust and loyalty, leading to increased business and higher retention rates.
  • Competitive advantage: Proactive risk management can become a key differentiator, attracting investors and customers who value stability and security.

By considering these broader benefits, firms can move beyond a compliance mindset and position risk management as a strategic enabler of value creation. This evolution in approach can also help to differentiate firms from their peers and enable a step change in the quality of investment outcomes and help firms to perceive regulatory-driven investment as an opportunity rather than a hindrance.

Embracing the Challenge: A Call to Action


We recognise that implementing this framework across an organisation presents practical challenges. Defining baselines, quantifying incremental costs, and attributing value to intangible benefits require careful analysis and judgment. However, the potential rewards – a more strategic approach to regulatory investment, optimised resource allocation, and enhanced value creation – far outweigh the obstacles.

__________________________________________________________________________

References

1. Note the Prudential Regulation Authority (PRA) has published two near-final policy statements (PS) to address industry feedback and revise the proposals included in consultation paper (CP) 16/22. Subsequently the implementation was deferred until 1 January 2027.