More regulation could squeeze small bank IT budgets

A survey of COBA members conducted by Grant Thornton found that 100 per cent of bank executives expect the cost of IT system changes to rise in the next year, with 35 per cent anticipating a “significant” hike, especially with a number of regulatory changes underway in the financial services sector.

“Investment in IT is required to meet regulatory reporting requirements, deliver services more efficiently and meet customer demand for internet and mobile banking platforms and payment systems,” Grant Thornton’s A case for proportionate regulation: The cost of compliance report states.

“These [digital banking] platforms and systems often require ongoing additional funds, far beyond the cost of implementation, which need to be invested for maintenance, updates, security and the rollout of new features.”

The COBA-commissioned report suggests that mutual banks will especially feel the pinch of higher IT costs and do not have the capacity to splash hundreds of millions or billions into technology like their major bank counterparts, such as Westpac’s $800 million and NAB’s $1.5 billion IT investments.

“The size of the big four enables them to spread costs such as IT systems and infrastructure costs across a broader asset and revenue base,” the Grant Thornton report states.

“The big four banks’ average cost-to-income ratio at 44.5 per cent is significantly smaller than those of the other domestic banks (62.7 per cent) and mutuals (76.2 per cent). This indicates that despite clear differences in size, economies of scale work in favour for the majors.”

Fifty-eight per cent of the COBA members who took part in the study identified changes in IT and system requirements as a key area of concern for their financial institutions in the next 12 months, only outranked by the anticipated increase in compliance costs (85 per cent) in the aftermath of the Hayne royal commission and other regulatory inquiries.

“The ongoing requirements to comply with and demonstrate a robust approach to IT and information security, layered upon the other regulatory changes considerably impacts the bottom line of the smaller entities,” the Grant Thornton report states.

The chair of the Australian Prudential Regulation Authority (APRA), Wayne Byres, has been placing pressure on the banks to upgrade their anachronistic IT systems as they are not fit to meet future prudential requirements.

APRA’s technology risk team reviewed 90 per cent of the banking industry by assets, according to the chair of the prudential regulator, and found that, in many instances, the banks’ core systems had reached end-of-life or end-of-support “without funded remediation plans in place”.

The “backlog of maintenance” work required on the banks’ legacy infrastructure demonstrates their “understandable” preference for investing in new technology-enabled products and services and cyber security, according to Mr Byres. But their existing “patchwork of systems” are not fit for future prudential requirements, such as the mandatory comprehensive credit reporting (CCR) regime.

The Grant Thornton report also notes the cost implications of implementing APRA’s cross-industry prudential standard, CPS 234, focused on the management of information security at regulated entities at a time where there is an “accelerating threat of cyber attacks”.

Sixty-two per cent of the COBA members who participated in the study identified “information and cyber security” as a key area of focus in the next 12 months.

Creating an even playing field 

The chief executive of COBA, Mike Lawrence, warned that uniform regulation across the banking landscape disproportionately hurts smaller competitors due to economies of scale in compliance, which can have “unintended consequences, such as stifled innovation, regional branch closures and reduced investment in the community”.

As smaller institutions are already shouldering a larger share of the regulation and compliance burden compared to their asset and actual size, they need “an equal and level playing field to remain and be competitive in the market”, the unnamed CEO of a COBA member said.

So, if further regulation is to be added to mitigate the issues raised during the financial services royal commission, it would need to take into account the size, risk profile and complexity of different financial entities, according to the Grant Thornton report.

“To be competitive in the financial services industry, you must remain progressive, innovative and certainly offer interest rates that are available in the market, but if small operations have to continually meet the many compliance and regulatory imposts that keep coming, layer after layer, with no extra risks evident that do not produce revenue, only extra cost, then that slight chance of being competitive disappears,” the aforementioned CEO of a COBA member said.

“So, the solution is to be fair and proportionate with the size, non-complexity and risk status of an institution so as to supply an equal and level playing field to remain and be competitive in the market.”

[Related: COBA renews call for ‘proportionate’ banking regulation]