How to Know When Your Compliance Program is in Need of an Upgrade

Asa Bush

Creative Manager

Compliance work is dominated by the pressure to maintain consistently high levels of efficiency and accuracy. Efforts to accomplish this can lead to a desire not to upset the status quo, resulting in legacy systems sticking around longer than they should. For the CCO, this makes picking out the right time to update a legacy system feel like a dicey gamble. Fortunately, asking a few key questions can help establish confidence that the time is right. Questions such as “Do you constantly feel like you’re on the verge of falling behind?” and “Are you worried about filing deadlines and the result of your next audit?” can help kick off the process of identifying the need for a system overhaul.


Here's a common diagram illustrating how people tend to judge the decision to "upgrade" an existing product:


There's a lot that makes sense here. But any compliance professional would tell you that it doesn't quite capture the difficulties of upgrading your compliance program. Why? Because compliance programs need to run as smoothly as a finely-tuned engine – all the time, with no breakdowns or hiccups. And unfortunately, the constant fight for both efficiency and accuracy often put these two benchmarks at odds. Improving one often feels like it comes at the direct expense of the other. It’s a fine balancing act, trying to do more while knowing that a drop in quality could have significant negative consequences during your next audit. 

That's why the same diagram, when adjusted for the compliance market, is more accurately depicted this way:


With the twin pressures of efficiency and accuracy constantly lurking in the background, it’s no wonder that legacy systems have a way of hanging around compliance departments longer than they should. For the CCO/CRO busy delicately managing a hard-fought balance of investigation scale and quality, changing a system wholesale can seem like a deliberate upsetting of the apple cart. If you’re just breaking even, in terms of managing your caseload, why would you risk dismantling your system and trying something new? 

The threat of outdated legacy systems.

Unfortunately, this is exactly the attitude that keeps non-optimal legacy systems in place. The world of finance has changed wildly over the past decade. Many things are fundamentally different than they were ten years ago, and everything is happening faster than it was before. If you’re currently dealing with a legacy system that’s only just keeping you afloat, there’s every reason to suspect it won’t be long before that system starts to experience diminishing returns. And if that keeps up, you’ll soon be faced with the more serious problem of trying to build a new program while suffering through the negative effects of a non-performing one. 

There’s no getting around the fact that putting a new system in place takes work. There are new and exciting things happening in the regtech space that have made the systems upgrade process much quicker and smoother than it once was. Companies making upgrades now don’t need to worry about exchanging one “all-in-one” system for another – modular solutions are now a possibility. This means that certain things (like transaction monitoring, for example) can be kept in house, while case management, SAR filing, and other key portions of the tech stack can be assigned to a vendor. 

Not every financial institution will need a complete compliance program upgrade. But knowing the health and expected lifespan of your existing program is essential. With that in mind, here are five warning signs that your compliance work is being done with inadequate or sub-par tools.

5 Warning Signs it might be time to upgrade your system:

  1. Steps in the investigation process must be committed to memory, because your tools aren’t guiding you. 
    Financial crime investigation is specialized work, and working just a single case can involve dozens of discrete steps, processes, and procedures. Remembering all of these steps for every case on your plate is an enormous task. When the only tool for tracking/organizing case status is an investigator’s brain, the amount of time able to be spent engaged in deeper, more considered investigation work is reduced dramatically.
  2. The only way to “get everything in one place” is to resize many different windows.
    Any police procedural on TV has it: the bullet board covered in photographs and a web of red string. It’s the ultimate metaphor for a case in progress. While compliance investigators might not have use for a bulletin board, they do need the digital equivalent to do their work. If your current tools don’t allow you to visualize your data, or if you can’t form a holistic view of your case except by resizing several browser windows, that’s a lot of time and effort spent simply trying to get a ‘big picture’ view of what a case contains.
  3. It’s never clear whether or not you’re duplicating a case that was done a few months ago.
    There’s no bigger waste of time than repeating work you’ve done before. But working a large caseload makes it difficult to remember what’s truly new. And even if you have a robust catalog of completed cases, manually cross-referencing today’s case against your entire back catalog can be tricky. The bottom line is: if your tools don’t tell you if you’re looking at a repeat case, you’ll be left guessing. 
  4. The investigation workflow doesn’t contain any automated elements, and instead depends on manual data-entry.
    No matter how good your Excel skills are, you’ll never be fast enough to outpace tools with custom automation. And frankly, there are aspects of compliance work that are better handled this way. There’s nothing wrong with data-entry, of course. But for compliance professionals, there’s a distinct difference between essential data-entry and simply moving data around. Skipping back and forth between applications isn’t anyone’s cup of tea. Automated processes lend themselves to an integrated workflow that cuts down on time spent copy-pasting. And when that happens, investigators are able to spend more time on parts of a case workflow where their investigative skills are most valuable. 
  5. SARs have to be completed manually, and filing deadlines are a constant concern.
    Our last warning sign will hit home with financial crime investigators. With so many cases to examine, compliance professionals can’t afford a workflow that doesn’t automatically assemble case information into the relevant fields of the SAR PDF. Conducting this work manually not only effectively doubles the time involved, it also increases the potential for data-entry errors, which can lead to SAR rejections. Most importantly, it leaves the investigator in an impossible position, stuck between the need to move fast and the need to conduct careful, thorough investigations. 


One last warning: don't wait.

If any of those five warning signs resonate with you, it’s worth examining your program for potential gaps and areas that could be improved through the introduction of new tools or processes. Remember that you don’t need to rip everything out to plug in new solutions – there are great options out that there can be implemented with minimum disruption to your existing workflow. 

Compliance work is highly-specialized, and its practitioners deserve highly-specialized tools. We don’t expect master carpenters to do their work using nothing more than a simple axe. So why  would expect compliance professionals to complete that specialized work without a modern, purpose-built toolset? 

Fighting financial crime is important, meaningful work. There’s no reason your tools shouldn’t reflect that.

Stay Connected

Subscribe to receive new content from Hummingbird