During Q4, Aite Group surveyed 120 financial institutions, with the majority hailing from the buy-side (70 per cent work for asset managers or hedge funds), to capture their views on areas of importance for compliance IT investment and interest in next-generation technology.

Only two per cent of capital markets firms have a fully-automated compliance support programme, new research shows, potentially leaving the majority of institutions open to colossal fines under incoming European legislation. 

Despite a boom in recent years in the use of regulatory technology, or regtech, most firms are still dependent on manual compliance processes, according to new research from Cordium and Aite Group.

“Legacy, piecemeal and manual approaches cannot scale to meet today’s challenges,” Doug Morgan, Cordium chief executive, said. “The good news is that technology is increasingly available to transform traditional processes, enabling compliance officers to work across the firm to achieve buy-in and gain new insights. Compliance teams can implement a technology-focused approach to enhance the overall business and establish a strong compliance culture.”

The research comes as the European asset management sector is making final preparations to comply with sweeping reforms to data protection laws, set to enter into force on 3 January under the European Union’s General Data Protection Regulation (GDPR). 

Under the revamped legislation, market participants are exposed to fines as high as €20 million ($23.5 million), or four per cent of annual turnover – whichever is higher – if they handle data breaches improperly. 

The research shows that only four per cent of capital markets companies feel they have “an entirely strategic” approach to regulatory reform, even though nearly half (45 per cent) have increased investment in compliance-related technology. 

Despite the potential risks manual processing presents, only eight per cent use formal metrics to gauge the impact of non-compliance and 43 per cent do not measure this at all. 

When the stakes are so high, placing damage control on the backburner could prove to be fatal, especially for smaller firms whose balance sheets may not be able to handle hefty blows from regulators. 

“The industry has been bombarded with a barrage of compliance requirements over the last few years and, as a consequence, must shift from a reactive to a proactive mind-set,” Virginie O’Shea, research director at Aite Group, said. “Firms need to better understand their compliance issues to ensure lessons are learnt for the future.”