The Cost of Compliance in 2021

The Cost of Compliance in 2021

Compliance isn’t cheap—but how much is it really costing the financial services industry and financial institutions like yours?

Nearly one-third (31.4%) of community banks expect to spend 5 percent or more on compliance than they did in 2020, according to the 2021 Community Bank CEO Outlook survey. The other two-thirds expect to spend roughly the same in 2021 as they did in 2020. Just 1.8 percent expected compliance spending to decline at least five percent.

Another 15.9 percent said complying with regulations is one of their bank’s greatest business challenges in 2021.

About a third (34 percent) of financial institutions used a portion of their budget to outsource compliance functionalities in 2020, up from 28 percent in 2019, according to the Thompson Reuters Cost of Compliance Report 2020. Reasons for outsourcing include the need for additional assurance on compliance processes (54 percent), cost (43 percent), and lack of in-house compliance skills (34 percent).

Breaking down the compliance budget

How much budget is allocated to compliance?

Compliance takes up a significant chunk (10.3 percent) of a financial institution’s personnel expenses, including salary and benefits, according to Community Banking in the 21st Century 2020, sponsored by the Federal Reserve, Conference of State Bank Supervisors, and the Federal Deposit Insurance Corporation (FDIC).

It’s also responsible for 42.3 percent of accounting and auditing spending, 38.2 percent consulting and advisory spending, 22.7 percent of legal spending, and 17.1 percent of data processing spending.

Compliance Spending as a percent of category spending
Source: Community Banking in the 21st Century 2020

While these figures have held steady over the past few years, they are a substantial increase over preDodd-Frank compliance spending. A recent analysis found an annual $64.5 billion increase in total noninterest expenses after 2010. Large banks spent an additional $12.4 billion per year on legal fees and $7 billion on data processing. Small banks spent almost $1 billion more per year on legal fees, $310 million on data processing, $70 million on auditing, and $110 million on consulting, according to Rice University’s Baker Institute for Public Policy.

A S&P Global Market Intelligence survey of banks and credit unions found that 49 percent report compliance costs have risen 20 percent or more over the last 10 years.

Compliance and mergers

It’s no secret that many financial institutions are looking to acquire or be acquired. The cost of complying with regulations is a significant factor in these decisions (62.1 percent), according to the Community Banking in the 21st Century survey.

When deciding whether to seriously consider an acquisition offer, 38.9 percent of banks said the cost of regulatory compliance was “important” and another 22.2 percent said it was “very important.”

The Cost of Non-Compliance

Does the cost of compliance seem high? It’s a relative bargain compared to the cost of non-compliance.

Failing to comply with federal and state regulations is an expensive mistake that can lead to enforcement actions, civil money penalties, lawsuits, and consumer restitution. That’s not even counting the cost of outside counsel to wage a defense and manage the reputational fallout.

From tens of thousands to millions of dollars, the cost of non-compliance can be painfully high. Below I’ve outlined just a handful of recent lending compliance fines and penalties over the past few years covering areas like:

Wells Fargo settles Philadelphia fair lending suit for $10 million. In December 2019, Wells Fargo settled a suit by the city of Philadelphia that alleged that banks steered minorities into high-cost, higher-risk mortgage loans. In its suit, the city of Philadelphia alleges that from 2004 through 2017 Wells Fargo violated the Fair Housing Act (FHA) by steering African-American and Latino borrowers into high-cost or high-risk loans even where those borrowers’ credit permitted them to obtain better loans. It also wouldn’t allow minority borrowers in these high-cost loans to refinance when their white counterparts could.

This was one of the first such suits since the Supreme Court ruled in May 2017 that cities could sue banks for discriminatory mortgage lending if they could prove direct harm. Read more.

Indiana bank settles a $1.72 million redlining suit. In a June 2019 complaint and settlement agreement with the Justice Department, an Indiana bank agreed to invest $1.12 million into a loan subsidy fund and devote $500,00 towards advertising and education after allegations that from 2011 to at least 2017, the bank engaged in redlining by intentionally avoiding lending in AfricanAmerican neighborhoods.

Mortgage companies fined $1 million for misleading veterans. Two California mortgage companies will be paying combined civil money penalties of over $1 million after the CFPB issued a consent order for mailing U.S. military service members ads for VA-guaranteed mortgages. The ads contained false, misleading, and inaccurate statements, the CFPB says. Additionally, they lacked required disclosures, in violation of the Consumer Financial Protection Act’s (CFPA) prohibition against deceptive acts and practices, the Mortgage Acts and Practices – Advertising Rule (MAP Rule), and Regulation Z. Read more.

$11.8M UDAAP settlement between CFPB and Santander Consumer USA. In November 2018, Santander settled CFPB allegations that the company violated the Consumer Financial Protection Act of 2010 by not properly describing the benefits and limitations of an add-on to its auto loan products, implying the product would offer complete coverage in the event of a total loss when it was subject to a limit of 125% of the value of the vehicle at purchase. It also allegedly did not "clearly and prominently disclos[e] that the additional interest accrued during the extension period would be paid before any payments to the principal when the consumer resumed making payments." Read more.

CFPB fines bank $200,000 for HMDA errors. The Consumer Financial Protection Bureau (CFPB) ordered a bank in Washington state to pay $200,000 in a settlement alleging the bank violated HMDA (implemented by Regulation C) and the Consumer Financial Protection Act of 2010 (CFPA) by submitting mortgage-loan data riddled with errors. The bank will also have to develop an HMDA compliance management system.

An internal audit of the bank’s 2016 HMDA Loan Application Register (LAR) identified 40 errors in the 100 files that were selected for testing. That is a 40 percent error rate! 2017 was not any better. The CFPB’s review of 84 files in the bank’s 2017 HMDA LAR found 27 files with 58 errors—a 32 percent sample error rate. Even when the bank resubmitted its 2017 HMDA LAR, there were still significant errors that exceeded thresholds. The CFPB reviewed 81 files and found 21 errors in 13 files—a 16 percent sample error rate. Read more.

USAA suffers CRA rating downgrade and $85 million penalty. In October 2020, the Office of the Comptroller of the Currency (OCC) took the rare action of downgrading USAA’s CRA rating to “Needs to Improve” after it uncovered evidence of discriminatory and illegal credit practices. The agency also cited failures in its compliance management program leading to the violations, which cost the bank an additional $85 million in civil money penalties. The OCC found evidence of 546 violations of the Servicemembers Civil Relief Act and 54 violations of the Military Lending Act. Read more.

FDIC hits bank with a $1.35 million penalty for RESPA violations. In November 2019, the FDIC ordered a Seattle bank to pay a $1.35 million civil money penalty for violating RESPA. The bank had entered into comarketing agreements and desk rental agreements that resulted in the payment of fees to real estate brokers and home builders that did not bear a reasonable relationship to the fair market value of marketing or rental costs. The bank has since discontinued its mortgage banking business.


Flood insurance comes across as a simple regulation, yet every year it continues to be a significant source of civil money penalties—and those penalties can be expensive. Here are just the past six months’ worth of flood insurance fines.

Bank Size Institution Location Penalty
$5 billion Bank PA $105,000
$119 million Bank TN $4,000
$1.4 billion Bank IL $193,000
$200 billion USAA TX $382,500
$1.8 billion Bank AR $12,000
$16 billion State Farm Bank IL $547,000
$120 billion M&T Bank NY $546,000
$1.2 billion Bank WI $12,800

These are just a handful of lending compliance actions taken against financial institutions over the past three years. When you weigh the cost of one of these violations against what it would have cost to implement a strong compliance management system, it’s clear that investing in compliance offers a great return on investment. Make sure your institution is protecting itself from expensive compliance mistakes.

Michael Berman is the founder and CEO of Ncontracts, a leading provider of risk management solutions. His extensive background in legal and regulatory matters has afforded him unique insights into solving operational risk management challenges and drives Ncontracts’ mission to efficiently and effectively manage operational risk. During his legal career, Mr. Berman was involved in numerous regulatory, compliance, and contract management challenges and assisted in the development of information systems to better manage these efforts. Prior to founding Ncontracts, he was General Counsel for Goldleaf Financial Solutions, Tecniflex, Inc. and Imagic Corporation. Mr. Berman is a wellregarded speaker at financial institution conferences on risk management. He received his undergraduate degree from Cornell University and holds a J.D. degree from the University of Tennessee.