Article

The cost of compliance in Malta

The real cost, the not-so-hidden costs and a more modern approach.

As any compliance professional working in Malta will tell you, regulatory scrutiny has increased. Even as penalties are levied for non-compliance with existing rules, new rules continue to be rolled-out. With an increase in compliance standards, supervisory inspections and penalties, there is an undoubted increase in the compliance burden falling upon all subject persons. This presents several challenges for the Maltese market, most notable with costs, as legacy technology hinders innovative and agility in keeping up with a fast-changing regulatory environment. Additionally, the relatively small size of local entities compared to those on the global market means that Maltese entities carry a higher proportional cost of compliance.


The real cost of non-compliance

The notorious cost of non-compliance is used as the stick by regulators, to impose regulatory expectations and ensure the ongoing management of compliance frameworks.

Most notable is the issuance of penalties and fines. Locally, the FIAU (Financial Intelligence Analysis Unit) increased their penalties in the area of AML/CFT by over 210% from 2020 to 2021, whilst the value of FCA (Financial Conduct Authority) issued fines abroad has doubled, with no signs of slowing down.

However, fines and penalties represent the smallest allocation of non-compliance costs. Other factors, rarely considered, such as business disruption (i.e., economic losses as a result from non-compliance, including shutdowns, contract cancellations and business process changes imposed by regulators.) and productivity/revenue loss (i.e., the opportunity cost associated with the downtime of systems and human capital expenditure to non-core business activities as well as losses incurred from reputational/brand risk), represent the majority of non-compliance costs and may be sustained for the long term before any sense of return to “normality”.

The not so hidden costs of compliance

The cost of compliance is broad but may be distinguished by three main categories, namely:

  • Administrative costs: These are costs incurred by subject persons in their efforts to demonstrate compliance with regulations to the relevant supervisory bodies. This may range from record keeping costs to reporting costs.
  • Substantiative costs: Referring to costs incurred in the delivery of regulatory outcomes, which may include human capital, the use of third-party professional services or the issuance of training to meet requirements.
  • Direct costs: These are charges prescribed by regulation, payable to the government, such as licencing, registration, levies etc.

All companies should be aware of their compliance costs, through the use of costing exercises, which will identify minimum regulatory obligations and enable compliance professionals to accurately gauge priorities for constructing their compliance integration calendars. This alone can decrease compliance costs drastically, as priorities are made clear, and resources may be distributed efficiently and effectively.

Compliance strategies

For many companies, compliance strategies focus around putting an increasing number of staff, time and resources toward regulatory burdens. However, for many entities this is becoming less and less feasible. For example, individual corporate service providers, advocates, notaries and accountants have been slowly pushed out of the market from ever increasing AML/CFT standards, and the continued era of low profitability for credit institutions increases compliance hesitancy.

Looking towards more efficient management practices in this field, Deloitte guidance suggests the below, non-exhaustive list, which may help establish scenarios for reducing compliance overheads:

  • Invite compliance to the strategic round table: Organisation’s board of directors/c-suite should hold discussions around business line development or strategic-level decision making with counsel from the compliance department. Their perspective could save company resources as well as promoting a culture that starts with compliance in mind.
  • Building internal partnerships: The lines are becoming increasingly blurred between compliance and IT within compliance, so why not blur the lines internally? This can be done through workshops, joint internal projects, and secondments between departments.
  • Data driven analytics: Effectiveness and decision making around compliance programs should be measured and based upon data analysis and interpretation. Centralised database structures paired with reporting software will allow for real-time analysis of operations and calculation of inherent/residual risk scores.
  • Robotic Process Automation (RPA): Leveraging technology may allow organisations to automate repetitive and time-consuming processes, such as risk screening, regulatory reporting as well as building customer and business risk profiles.
  • Digitisation: A compliance modernisation program that combines new technologies and approaches, keeping both in alignment with firm goals, can generate a measurable value proposition for the compliance function. An evolved compliance function can help bring measurable, positive value to decisions it hasn’t always participated in.

Every firm and compliance function have a starting point somewhere. Wherever you start and to wherever you are headed, begin looking at compliance as a value creation exercise instead of a cost cutting one and bring compliance onboard as one of our greatest assets as opposed to our greatest liability.

Fullwidth SCC. Do not delete! This box/component contains JavaScript that is needed on this page. This message will not be visible when page is activated.

About the author

Brandon Spano is a Consultant at Deloitte Consulting.

Did you find this useful?