Regulatory compliance - breaking the rules or not
The corporate world, in particular consumer banking and finance - has been challenged by an increasingly stringent regulatory implementation agenda since the global financial crisis, exacerbated by technology flux and rapidly evolving user expectations.
The UK's Financial Conduct Authority (FCA) published its 2018/19 Business Plan in April highlighting a particular focus on the impact of European Union (EU) withdrawal and how it will affect both financial services and the wider society. With a budget of £543.9m, an increase of 3.2% on the prior year, the FCA is now seeking closure on historical issues such as PPI mis-selling and is placing its spotlight on underlying corporate culture and governance as well as new risks, particularly cyber security.
As the FCA Plan states: “Our priorities are fairness, access and value for retail customers, and an effectively functioning wholesale market. Within this sector, the key drivers of harm include suitability of products, renewal pricing, mis-selling, low value products, operational resilience and cyber-crime.”
With that in mind, regulatory compliance, and the escalating costs and reputational harm associated with non-compliance - continues to be a top priority for Boards and senior management. Time and resource constraints coupled with increasingly complex remedial and preventative solutions insisted upon by regulators mean that corporates have progressively turned to external support to alleviate regulatory burdens. This is evidenced in mounting spend on third party professional services:
- The average annual regulatory compliance spend by a large UK bank is £3.3bn;
- A mid-sized UK bank spends on average £1.1bn on professional services fees; and,
- £30bn has been paid out by banks and insurance companies for mis-selling compensation to date with an estimated further £18bn still liable in pay-outs.
The principal beneficiaries of this trend towards outsourcing are specialist compliance consultancies, offering tailored and managed outsourced solutions, access to technical skills, expertise and people, implementation programmes and ongoing support services. They provide a critical service to a growing client base with neither the technical expertise nor manpower to address their increasingly complex needs for compliance and dealing with the consequences of any breaches.
From an M&A perspective, the market dynamics - including an acute awareness of compliance risk and high barriers to entry - have proven particularly attractive to institutional investors and corporate acquirers alike, evidenced by a growing list of transactions including:
- European Capital's acquisition of a majority stake in Cordium, a regulatory compliance consultancy, for a consideration of £100m in 2014. The business was subsequently acquired by ACA Compliance Group, a US-based provider of regulatory compliance products;
- In March this year, Duff and Phelps acquired Kroll, the US-based risk consultancy, for an undisclosed consideration;
- In 2016, Dunedin invested in Alpha, asset and wealth management consultancy, and went on to successfully IPO the business in October 2017 following an 18 month investment, generating a 2.1x return;
- In 2014, BGF invested in The Consulting Consortium, an multiple-award-winning regulatory and compliance consultancy with an exciting suite of preventative software solutions; and
- In 2017, growth investor Livingbridge invested in Catalyst Development (advised by Arrowpoint), the transformational technology consulting business focused on governance and regulatory change in large financial institutions.
The underlying regulatory dynamics that are driving growth in the sector are set to continue, as is the future outlook for compliance-related M&A