Compliance, Cost, and the Friction Slowing Financial Services Down

By Francois Weilbach - Executive at BBD

In most financial institutions, compliance is viewed through the lens of risk. Fines, penalties, and regulatory exposure dominate the conversation, shaping how success is measured and where investment is prioritised.

But there is another cost. One that rarely appears in board reports, yet shows up in almost every part of the business: friction.

In many cases, that friction is driven by noise. An overload of low-quality alerts buries real risk, leaving teams focussed on clearing volume rather than acting on what truly matters.

It surfaces in onboarding processes that take days instead of minutes, in compliance teams working through backlogs of irrelevant alerts rather than focusing on real risk, and in decisions delayed by fragmented data and systems that were never designed to operate in real time.

Individually, these delays feel manageable. Collectively, they create a steady drag on the organisation’s ability to move, respond and grow. Because the true cost of compliance isn’t what happens when something goes wrong, but what slows the business down when everything is working as intended.

KYC, AML, and the Friction Beneath the Surface

This is particularly evident in core compliance functions such as Know Your Customer (KYC) and Anti-Money Laundering (AML). KYC processes are designed to verify customer identity and assess risk at onboarding, while AML controls monitor transactions and behaviour over time to detect potential financial crime. Together, they form the backbone of regulatory compliance in financial services and are often where much of the operational friction accumulates – with impact felt commercially as much as operationally.

In practice, onboarding is where this friction becomes most visible. Completing onboarding in a single, uninterrupted flow helps maintain momentum and engagement, while delays break attention, introduce uncertainty, and increase the likelihood that a prospective client disengages entirely.

KYC and AML processes are among the most common points of drop-off in the customer lifecycle, particularly during onboarding. Each additional step, delay, or manual review increases the likelihood that a prospective client simply does not com

plete the process. What is designed to manage risk often ends up constraining growth.

The friction itself is rarely the result of regulation. In most cases, it’s structural.

Over time, compliance capabilities have been layered onto existing systems rather than designed into them. KYC, AML, transaction monitoring, and regulatory reporting often sit across multiple platforms, each with its own data models, workflows, and dependencies. The result is a fragmented landscape where information needs to be reconciled, validated and reprocessed at every step.

Much of this processing still happens in batches, with periodic reviews and manual interventions used to fill the gaps. Data arrives late, decisions are made on incomplete information, and teams are left to bridge the disconnect between systems that were never intended to operate as a single, cohesive whole.

This is where latency takes hold. Not as a single point of failure, but as a series of small delays that accumulate across the lifecycle of a customer, a transaction, or a regulatory obligation. As regulatory expectations evolve, additional controls are introduced, increasing complexity without fundamentally changing how the underlying systems operate. The result is a compliance function that works, but rarely at the speed the business demands.

Addressing this does not start with new tools. It starts with a shift in how compliance is designed and delivered.

Removing Latency From Compliance

Traditionally, compliance has been built around control. Processes are structured to enforce checks at defined points, with human intervention acting as the final safeguard. While effective from a risk perspective, this approach introduces pauses at every stage, creating the latency that slows the business down.

The emerging model is different. Instead of layering controls on top of processes, compliance is embedded within them. Data flows continuously, checks happen in real time, and decisions are supported by systems designed to surface risk as it occurs, not after the fact.

Effective AML and KYC require intelligent process selection, ensuring effort is focused on the highest-risk signals rather than diluted across irrelevant activity. This is where automation is making a measurable impact.

In KYC, identity verification and document processing can now be completed in minutes, supported by risk-based workflows that adapt to the customer profile. Increasingly, AI models are being used to navigate complex corporate structures and improve the accuracy and consistency of onboarding decisions. In AML, automation is shifting the focus away from high volumes of static alerts towards more intelligent triage, where patterns and anomalies are identified earlier and with greater precision. The objective is not to generate more alerts, but to reduce noise and surface the signals that actually require action.

In KYC, identity verification and document processing can now be completed in minutes, supported by risk-based workflows that adapt to the customer profile. Increasingly, AI models are being used to navigate complex corporate structures and improve the accuracy and consistency of onboarding decisions. In AML, automation is shifting the focus away from high volumes of static alerts towards more intelligent triage, where patterns and anomalies are identified earlier and with greater precision. The objective is not to generate more alerts, but to reduce noise and surface the signals that actually require action.

The result is a more effective and efficient compliance function, with teams able to focus on genuine risk rather than being consumed by volume. Compliance teams spend less time processing and more time making decisions. False positives are reduced, investigations are prioritised more effectively, and risk is surfaced in a way that allows the business to respond sooner.

Importantly, this does not lower the bar for compliance. It raises it. Controls become more consistent, coverage improves, and the ability to demonstrate compliance strengthens, without introducing additional delay into the system.

In practice, organisations adopting this approach are seeing tangible results. Onboarding cycles shorten, reducing customer drop-off and accelerating revenue. Operational costs decrease as manual effort is reduced. Regulatory reporting becomes more timely and reliable, supporting better decision-making across the business. At the same time, compliance teams are better positioned to focus on emerging risks rather than managing backlog.

However, the real shift is not driven by automation alone. It is driven by how these capabilities are brought together.

Designing Compliance as a Connected System

The RegTech landscape is rich with specialised platforms and solutions, each addressing a specific aspect of compliance. The challenge for financial institutions is rarely a lack of capability, but a lack of cohesion. When systems operate in isolation, friction persists, regardless of how advanced individual components may be.

This is where a more architectural view of compliance becomes critical. Rather than treating KYC, AML, and regulatory reporting as discrete functions, leading organisations are designing them as connected components within a broader ecosystem. Data is shared, workflows are aligned, and controls are embedded into the same systems that drive customer and operational processes.

At BBD, this is the lens through which compliance challenges are increasingly approached. Not as isolated problems to be solved with standalone tools, but as a question of how to connect and enable the systems already in play.

In an environment shaped by SaaS platforms and specialised RegTech solutions, the focus shifts to integration, orchestration and flow.

Ensuring that data moves seamlessly between systems, that decisions are made on a consistent and complete view of risk, and that compliance processes operate as part of the broader business rather than alongside it is what ultimately reduces friction. It is a shift from reactive compliance to engineered enablement, where the value lies in what each system does and how they work together.

In a real-time world, compliance can no longer afford to operate in batches, silos, or delays. The institutions that move forward most effectively will not be those that simply invest more in compliance, but those that rethink how it operates.

Francois Weilbach, Executive, BBD