Chapter 38: Exercises — RegTech ROI: Measuring and Communicating Compliance Efficiency

Exercise 38.1: Cost Baseline Documentation

Type: Analysis and Documentation Estimated Time: 60–90 minutes Learning Objective: Apply the compliance cost audit methodology to map the true cost of a manual compliance process

Background

You are the Compliance Manager at a mid-sized UK building society — call it Hollybrook Building Society — with approximately 180,000 mortgage customers and 95,000 deposit customers. Hollybrook has a small but capable compliance team of eight people. The compliance function has never formally calculated the cost of its manual processes; costs have always been reported as headcount and vendor contracts rather than as cost-per-activity.

The CEO has asked you to prepare a cost baseline for the SAR filing process as a precursor to evaluating a case management platform that would automate much of the current manual workflow.

The Current SAR Process (as described by the team)

The SAR filing process at Hollybrook currently works as follows:

  1. Alert generation: The transaction monitoring system generates alerts on a rules-based model. Average 185 alerts per week. All alerts land in a shared inbox.

  2. Initial triage (performed by one of three AML analysts, rotating): Analyst opens the alert, reviews the transaction details in the core banking system, checks the customer's KYC file, and makes an initial assessment: escalate for full investigation, or close as false positive. Average time: 25 minutes per alert. False positive rate (estimated from the last six months of data): 88%.

  3. Full investigation (performed by the same analyst, escalated cases only): For the 12% of alerts not closed at triage, the analyst conducts a full investigation: expanded transaction history review (30 days), enhanced account review, PEP/sanctions re-check, adverse media search, documentation of findings. Average time: 3.5 hours per case.

  4. SAR decision (performed by Senior AML Analyst or Compliance Manager): Reviewed cases are escalated to the senior analyst or compliance manager, who reviews the investigation documentation and decides whether to file a SAR or close. Average time: 45 minutes per reviewed case.

  5. SAR drafting (performed by Senior AML Analyst): For cases where a SAR is filed, the senior analyst drafts the narrative, completes the NCA portal submission, and retains the case file. Average time: 2.5 hours per SAR.

  6. Quality review and sign-off (performed by Compliance Manager): All SARs reviewed and signed off before submission. Average time: 30 minutes per SAR.

  7. Record retention and filing: SAR filed, case retained, tickler set for any follow-up obligations. Average time: 20 minutes.

Team and cost data: - AML Analyst (3 FTEs): fully-loaded cost £58,000 per year each. 1,600 productive hours per year. - Senior AML Analyst (1 FTE): fully-loaded cost £72,000 per year. 1,600 productive hours per year. - Compliance Manager (1 FTE): fully-loaded cost £88,000 per year. 1,600 hours per year. (Note: the Compliance Manager spends approximately 35% of their time on AML-related activities across all tasks.)

Hollybrook files approximately 18 SARs per month.

Your Task

Part A: Build the weekly cost model

Calculate the total weekly cost of the SAR process at each stage, given the activity volumes and time data provided.

  • How many false positive investigations occur per week?
  • How many full investigations occur per week?
  • How many SAR decisions are made per week?
  • How many SARs are filed per week?
  • What is the total FTE hours consumed per week, by stage?
  • What is the total weekly cost of the process?

Part B: Build the annual cost model

Scale your weekly cost model to an annual figure. How much does the SAR process cost Hollybrook per year in direct analyst time?

Part C: Cost per SAR filed

Calculate the total annual cost of the SAR process and divide by the annual SAR volume to produce a cost-per-SAR-filed figure.

Part D: Identify the cost driver

Which stage of the process consumes the greatest proportion of total cost? What does this tell you about where technology could create the most value?

Part E: Limitations of this analysis

Identify at least three costs that are NOT captured in this process-based cost model. What categories of cost are excluded, and how would you estimate them if you needed a complete picture of total SAR process cost?

Discussion Questions

  1. The false positive rate of 88% means that 88% of investigated alerts turn out to be nothing. Is this good, bad, or typical for a building society of this size? What factors determine whether a given false positive rate is acceptable?

  2. If the Compliance Manager spends 35% of their time on AML activities, does this affect whether their time should be included in the cost baseline for a case management platform? Under what circumstances would you include or exclude partial-time senior staff costs from a process cost model?

  3. You have been asked to build this cost baseline as a precursor to a vendor evaluation. What risks arise if the vendor is aware of the cost baseline before the RFP responses are evaluated?

Exercise 38.2: Business Case Construction

Type: Quantitative Analysis and Written Communication Estimated Time: 90–120 minutes Learning Objective: Build a complete three-year business case for a described RegTech investment, applying the four value categories and NPV methodology

Background

You are a compliance consultant engaged by Cornerstone Financial Group, a mid-tier UK retail bank with approximately 600,000 customers. Cornerstone has been managing its regulatory reporting obligations — FCA GABRIEL returns, COREP, monthly PRA statistical returns — using a combination of legacy spreadsheet-based processes and a partly automated extract tool that produces raw data files which are then manually formatted and submitted.

Cornerstone is evaluating a regulatory reporting automation platform. You have been asked to build the business case.

Investment Details

Platform cost: - Annual software license: £210,000 in Year 1, with 3% annual escalation - Implementation (one-time): £380,000 - Data migration and mapping (one-time): £85,000 - IT integration work (internal cost, one-time): £55,000 - User training: £28,000 in Year 0; £9,000 per year thereafter - Ongoing vendor support and configuration: £62,000 per year in Year 1, with 4% annual escalation

Current state (baseline, documented): - The current process requires 4.2 FTE of analyst time allocated to regulatory reporting activities, at a fully-loaded cost of £68,000 per FTE per year - External consultant is engaged for two regulatory filing cycles per year (COREP-related reviews): £85,000 per year - Resubmission and error correction occurs on approximately 8% of filings, each costing approximately £1,200 in remediation time - Cornerstone submits approximately 240 regulatory filings per year - The current process has produced two FCA data quality queries in the past 18 months, each requiring senior compliance time equivalent to approximately £18,000 in management cost - Process risk: Cornerstone's compliance team estimates a 4% annual probability of material enforcement action related to regulatory reporting deficiencies, with an expected fine of £1.5M. The platform is expected to reduce this probability to approximately 2%

Expected post-implementation state: - Platform will handle automated generation for approximately 75% of regulatory filings (reducing human review to 20 minutes per filing for automated reports, versus the current average of 5.2 hours per filing) - Remaining 25% of filings (complex, judgment-intensive reports) will still require significant analyst time (3 hours per filing, versus 5.2 hours currently) - External consultant engagement eliminated from Year 1 - Resubmission rate expected to fall to approximately 2% - FCA data quality queries expected to cease - FTE requirement: 1.8 FTE (a reduction of 2.4 FTE from current baseline)

Your Task

Part A: Cost model

Build the three-year cost model (Years 0–3), itemising each cost line. What is the total three-year cost?

Part B: Benefit model

Build the three-year benefit model across all relevant value categories: - Cost efficiency benefits: FTE savings, external consultant elimination, error reduction savings - Risk reduction benefits: expected value of enforcement probability reduction; FCA query elimination - Regulatory relationship and revenue enablement benefits: describe qualitatively; quantify where you can

What is the total three-year benefit? What proportion of total benefits falls into the "high confidence" category versus "medium" or "low" confidence?

Part C: NPV and payback period

Calculate the three-year NPV at an 8% discount rate. Calculate the payback period.

Part D: Sensitivity analysis

Run sensitivity analysis at 75% and 50% of base case benefits. Does the investment remain positive-NPV at 75%? At 50%?

Part E: Recommendation memo (200 words)

Write a brief recommendation memo to Cornerstone's CCO summarizing your findings: is this investment economically justifiable? What conditions or caveats attach to the recommendation?

Exercise 38.3: Sensitivity Analysis

Type: Quantitative Analysis Estimated Time: 45–60 minutes Learning Objective: Apply sensitivity analysis to a provided business case and draw meaningful conclusions about risk and margin of safety

Background

You are reviewing a completed RegTech business case for a KYC automation platform at a fintech lender. The base case analysis produced the following results:

Costs (three-year total, including Year 0): £740,000 - Year 0: £310,000 (implementation + training) - Year 1: £143,000 (license + maintenance) - Year 2: £143,000 - Year 3: £144,000

Benefits (three-year total): - Year 1: £285,000 - Year 2: £310,000 - Year 3: £335,000

Base case 3-year NPV at 8%: Approximately £70,000 positive

The benefit assumptions underlying the base case: 1. FTE savings (2.0 FTEs at £62K fully-loaded): £124,000 per year — categorized as "high confidence" 2. False positive reduction (from 89% to 72%, at 320 alerts per week): £56,000 per year — categorized as "high confidence" 3. Risk reduction expected value (8% → 4.5% probability of enforcement at £1.2M): £42,000 per year — categorized as "medium confidence" 4. Revenue enablement (faster onboarding): £35,000 in Y1, £60,000 in Y2, £85,000 in Y3 — categorized as "low-medium confidence" 5. Regulatory relationship value: £28,000 per year — categorized as "low confidence"

Your Task

Part A: Benefit composition analysis

What percentage of total benefits does each category represent? Which three categories contribute the most?

Part B: Sensitivity by category

For each benefit category, calculate the impact on total 3-year NPV if that category delivers zero benefit (all other categories unchanged). Which single category elimination tips the investment into negative NPV territory?

Part C: Scenario construction

Construct a "downside scenario" that reflects a plausible pessimistic set of outcomes: - FTE savings materialize but one FTE is backfilled due to increased EDD volume: adjust accordingly - False positive reduction comes in at 60% of projected (not the full 89%→72% improvement) - Risk reduction benefit is zero (assume the enforcement probability estimate was too aggressive) - Revenue enablement benefits are 40% of projected (implementation delay and slow adoption) - Regulatory relationship value: zero

Calculate the NPV of your downside scenario. Is it acceptable?

Part D: Breakeven analysis

What overall benefit multiplier (applied uniformly to all benefits) produces an NPV of exactly zero? This is the "breakeven" benefit level — the point at which the investment is neither value-creating nor value-destroying. Express it as a percentage of base case benefits.

Part E: Written conclusion

In 150 words, summarize what the sensitivity analysis reveals about this investment's risk profile. What would you advise the CCO regarding benefit realization management given these findings?

Exercise 38.4: Board Presentation

Type: Written Communication Estimated Time: 45–60 minutes Learning Objective: Structure a one-page board executive summary for a RegTech investment outcome, applying the communication principles from Section 38.6

Background

You are the CCO of Fieldgate Bank, a specialist trade finance bank with £8 billion in assets and operations in the UK, Germany, and Singapore. Eighteen months ago, Fieldgate invested £1.85M in a suite of RegTech tools: a sanctions screening upgrade (£480K), an AML transaction monitoring system (£620K), and a trade finance-specific regulatory compliance platform covering DORA notifications, EMIR reporting, and AML obligations for trade instruments (£750K).

You are presenting to the Board next month. The Board members include: the Chair (former HSBC Managing Director), two independent NEDs (one former FCA Director; one entrepreneur with no financial services background), and two executive directors (the CEO and CFO).

Outcomes Summary (your data)

Sanctions screening: - False positive rate: reduced from 94% to 82% - Weekly screening volume: 12,400 items (unchanged) - False positive investigation time: 8 minutes per item - Analyst fully-loaded cost: £72,000 / year (1,600 hrs) - One OFAC near-miss averted (documented internally): estimated exposure £350K–£2.5M based on comparable enforcement cases - Annual license cost: £95,000; implementation was Year 0 only

Transaction monitoring: - Alert volume per week: reduced from 980 to 640 (partly better tuning, partly market conditions) - False positive rate: reduced from 96% to 85% - 4 SARs filed in the 18-month period that would not have been filed with the previous system (based on analyst assessment) - No SAR deadline breaches (two occurred in prior 18-month period) - Annual license + maintenance: £185,000

Trade finance compliance platform: - EMIR reporting: previously required 2.5 days per reporting cycle, now 4 hours - DORA incident notifications: first DORA notification filed (new obligation) — filed on time - AML obligations for trade instruments: 3 high-risk trade transactions declined in 18 months that analysts believe would not have been identified without the system

Your Task

Part A: The executive summary

Write a one-page (approximately 350–400 word) Board executive summary covering: 1. The three key messages (no more) 2. The investment overview (brief) 3. What was achieved 4. What you recommend next

Apply the communication principles from Section 38.6: translate compliance metrics into board language, avoid jargon, state the recommendation explicitly.

Part B: Reflection questions

  1. The one OFAC near-miss is potentially the most valuable single outcome in the entire 18-month period. How should it be presented in a Board document? What are the risks of overstating it? Of understating it?

  2. The former FCA Director NED is likely to be your most knowledgeable audience member. The entrepreneur NED with no financial services background is likely to need the most context. How do you write a single document that serves both audiences?

  3. You have 45 minutes with the Board. The executive summary takes five minutes to read. How do you structure the remaining time to maximize the quality of the Board's engagement with the material?

Model answers and discussion notes for all exercises are available in Appendix B: Answers to Selected Exercises.