Is compliance a good thing or necessary evil? And who should pay for it?
Proclaim has been hit pretty hard by the compliance stick in the last few years. For a company that is essentially an SME we have had to create and adopt procedures that might be standard in huge global organisations but many of these processes were either intuitive or foreign to us. We have had to completely upgrade our systems, develop and maintain a new suite of reports, create new plug-ins to our existing systems to facilitate management information reporting, buy sophisticated sanctions checking software, create a number of new processes and systems and train people, as well as dealing with the ever increasing requests to demonstrate compliance with the new compliance regime. If we added soft costs to our hard costs we’d estimate our compliance costs run at between 5 and 10% of our revenues, which make it our second largest expense behind our people.
So is this a serious distraction to customer focus, or a necessary part of doing business with big regulated businesses in the 21st century? In an industry wide rush to ensure systems and processes are embedded, have we forgotten what is most important (the customer experience)? Or is the whole compliance wave, at its heart, aimed at providing higher levels of service to the customer?
We have been working for the Lloyd’s market for over 15 years now. When we started, what you needed was some smarts and a will to do things well. We were quizzed on caseloads and expertise, as expected, but there was very little in terms of what we now see as standard. Back then, a little knowledge went a long way. Now, you need knowledge but also systems, structure and a whole bunch of business processes that didn’t exist 10 years ago including sanctions checking, comprehensive MI as well as insurance certificates, disaster recovery plans and a bunch of reporting capabilities. This creates somewhat of a barrier to entry for new aspirants, provided compliance is enforced at that level, but it also places a huge burden on us, one that is finely balanced in terms of the health of our business.
One of the issues with compliance is an over reliance on quantitative data, as opposed to the qualitative data that was historically produced via audit reviews. For instance, one measure tracked these days is response times to first party correspondence. So you could, conceivably, be providing woefully inadequate responses but if they are within the time frames, you get a tick. The dust is still settling on the new regime but clearly compliance MI needs to be supplemented by independent reviews.
In terms of impact on our business, we can see some of the positives. We are creating some new or stronger business processes. We are more capable of understanding and reporting our performance against required standards. And we have created some valuable processes and also unlocked some valuable management information that helps us better understand our overall performance.
However, it has created a monster in time and effort which isn’t being equally reflected in what we can charge for our services. It is also a significant distraction to customer focus given the scale of the task to comply. We also don’t know the general level of compliance, whether we are better or worse or how we benchmark generally in the scheme of things. We suspect given some of our clients are unwilling to shoulder the burden in terms of extra fees (on the basis it is a cost of doing business) that some of our competitors probably aren’t going the whole nine yards.
In a perfect world, compliance would
- Enhance business processes
- Provide superior management reporting on performance
- Enhance the customer experience
- Be cost neutral (in that it is sponsored by the clients who request it)
I think the work needed by those requesting new levels of compliance is to try and further those objectives and where there may be conflict, weight the customer experience the highest. For instance, we have done tens of thousands of payment sanctions checks and never got a hit. We may one day, but if a payment was so urgent that we bypassed the sanctions checking, how would that be viewed?
There is no question we have turned a corner and there is no going back now. The question remains – can compliance help to enhance the customer experience, or is it creating obstacles between customer and service provider? The jury is out, but in terms of our focus, we want to remain with sight fixed firmly on the customer experience as the primary reason we exist.