Technology is advancing virtually every sector, and banking compliance is no exception. These days, rather than spending big on compliance, banks need to spend smart.
According to a 2016 study by economists at the Federal Reserve Bank of St. Louis, banks typically allocate between 2.9% and 8.7% of their non-interest expenses to compliance, with total annual costs ranging from millions for smaller institutions to over $200 million for the largest banks. The first step to optimising these significant expenditures? Understanding how spending relates to evolving external factors, including regulatory expectations, customer volumes, and financial crime risks.
By gaining a clear overview of these costs, large institutions and Tier 2 banks alike can better identify where costs can be optimised — all without compromising customer trust, regulatory compliance, or business continuity.
In this article, we’ll explore key cost drivers in compliance. We’ll also dig into how a proactive, strategic approach can transform compliance from a cost burden into a critical advantage for building stronger, more resilient operations.
Understanding bank compliance costs
Defining compliance in banking
Compliance is a process dedicated to ensuring that a bank’s operations, products, and services adhere to governing laws, regulations, and internal policies. Those include a broad range of regulatory frameworks covering anti-money laundering (AML) and counter-terrorist financing (CTF), as well as consumer protection and data privacy. Compliance helps maintain the financial system's integrity, protect customers, and uphold a given institution’s reputation.
In practice, the process involves identifying applicable regulations, developing internal policies and controls, and monitoring their implementation. Banks typically structure their efforts using models like the Three Lines of Defence, where business units, compliance officers, and internal auditors work together to manage compliance risks.
As regulatory expectations evolve, compliance programs are becoming proactive, technology-driven, and fully integrated into many banks’ business strategies, ensuring they can adapt quickly while minimising legal and operational risks.
The importance of compliance for financial institutions
By complying with regulatory requirements, banks do their part in preventing financial crimes such as money laundering, terrorist financing, and fraud. According to the United Nations Office on Drugs and Crime (UNODC), between 2% and 5% of global GDP is laundered annually.
Compliance is also critical for maintaining operational resilience and safeguarding systemic financial stability. With the rise of digital banking, cross-border transactions, and emerging financial technologies, regulatory environments are evolving faster than ever. Effective compliance programs allow banks to manage risk proactively, protect their operations, and maintain positive relationships with regulators and stakeholders.
The impact of regulatory penalties
According to Finbold, in 2024 regulators imposed $4.5 billion globally in bank fines for breaches of protocols related to counteracting financial crime, consumer protection, or specific operating guidelines. The most common violation was AML regulation non-compliance, including issues with transaction monitoring — which on its own exceeded $3.3 billion. Between 2000 and 2024, regulators worldwide imposed a total of $45.7 billion in AML and sanctions-related major fines.
These figures highlight that compliance is not simply a regulatory formality — it is essential for avoiding severe financial penalties, legal consequences, and costly operational disruptions.
For example, in 2024, TD Bank was penalised with $1.3 billion (about $4 per person in the US) — the biggest fine in US Treasury and FinCEN history. It was also required to submit to a four-year independent monitorship to oversee its required remediation. According to officials, the reason was repeated failure to comply with relevant AML regulations, which allowed ill-gained funds “from fentanyl and narcotics trafficking, to terrorist financing and human trafficking” to enter the financial system.
In addition to fines for not complying with anti-financial crime laws, banks can also be penalised for breaching customer data regulations. For example, in 2021, Spain’s data protection authority fined CaixaBank €6 million for failing to properly handle customer data consent in line with GDPR.
Beyond the fines, non-compliance can increase operational costs as banks scramble to remediate issues by hiring compliance staff, upgrading systems, and conducting audits.
Customer trust, business disruption, and financial performance
Perhaps unsurprisingly, compliance failures can significantly erode banks’ financial health and market position — not to mention their reputation. In 2022, after Wells Fargo was penalised for widespread mismanagement of bank accounts and other services, it had to book a $3.5 billion expense in its Q4 earnings, including costs from the regulatory penalty, customer remediation, and litigation. The bank’s share price also dropped.
Financial institutions that fall short in compliance or engage in unethical practices also often see declines in customer and investor trust and suffer significant reputational damage. For example, after it became clear that Wells Fargo had created two million fake bank and credit card accounts between 2011 and 2015, it suffered a major loss of customer confidence worth a potential $99 billion loss in deposits and an $8 billion loss in revenue.
Aside from direct financial penalties, regulators can also intervene with additional measures such as imposing an asset cap or license revocation, limiting a bank’s growth opportunities and hindering its ability to attract new business. These are usually temporary and are lifted after the bank imposes the necessary governance reforms.
The current state of compliance spending
As you can see, the stakes in compliance spending are pretty high. Banks' compliance expenditures vary dramatically based on size, with smaller institutions facing disproportionately higher costs as a percentage of their operations. In this section, we'll look at the different types of spending related to compliance, as well as how they compare across banks and within the EU.
A breakdown of compliance costs by category
When it comes to compliance costs, banks' expenditures can be classified into two main categories: reactive and proactive. Reactive expenditures usually result from non-compliance (e.g., a regulatory fine), while proactive expenditures are intended to mitigate non-compliance risk (e.g., investments in technology or staff training).
Banks typically allocate their compliance budgets across five main areas:
Non-compliance penalties: As strange as it may sound, when it comes to compliance costs, banks pay the most for addressing the consequences of non-compliance. As we detailed above, these generally come in the form of regulatory fines, business disruption, loss of revenue, or productivity decline.
Technology investments: As of 2020, banks were estimated to set aside around 40% of their total compliance costs for technology integration. This can include adopting RegTech solutions to automate and improve identity verification, transaction screening, reporting processes, and elevating their anti-financial crime capabilities.
Staff, training, and internal compliance procedures: Banks also spend money on designing and improving internal compliance procedures, as well as compliance staff training. According to a 2021 study sponsored by the Federal Reserve and the Federal Deposit Insurance Corporation (FDIC), compliance takes up around 10% of a financial institution’s personnel expenses, including salary and benefits.
Legal and auditing costs: Banks may allocate funds for external consultants or third-party auditors to periodically evaluate adopted compliance systems and processes, identify loopholes, and mark areas for improvement. The same 2021 study finds that compliance is responsible for 42.8% of a bank’s accounting and auditing spending, 41.8% of the expenditures on consulting and advisory, 22.6% of legal spending, and 17.1% of data processing costs.
Indirect costs: Financial costs aside, regulatory compliance can also require banks to set aside other resources — key among these being time. For example, in a 2023 study by the Bank Policy Institute, banks reported that 42% of C-Suite time and 43% of board time was devoted to regulatory or supervisory compliance. Furthermore, the survey found that the amount of employee time spent complying with financial regulations and responding to examiner mandates grew by 61% between 2013 and 2023.
A comparison of compliance costs across different banks
Large banks (over 20,000 employees) typically spend over $200 million annually on compliance, representing approximately 2.9% of their non-interest expenses. Despite these substantial absolute amounts, economies of scale allow larger institutions to spread compliance costs more efficiently across their operations.
Mid-sized banks face different cost pressures. Banks with between $1 and $10 billion in assets report compliance costs of 2.9% of non-interest expenses, while banks with less than $100 million in assets spend around 8.7% of their non-interest expenses on compliance duties. This disparity exists because smaller banks often need to comply with the same regulatory requirements as their larger competitors, despite having fewer resources to spread these costs across.
While data for the compliance costs of digital-only banks is scarce, these institutions often invest heavily in technology to automate processes. This approach can lead to significant upfront costs, though it may offer long-term savings and efficiency gains. Regardless, digital banks must navigate complex regulatory environments, and the effectiveness of their compliance strategies can vary based on their technological capabilities and regulatory expertise.
Compliance costs across the EU
Since the global financial crisis, the European Union has implemented various regulatory measures against financial crime that banks must comply with. While the broad requirements are set at the EU level and unified across the bloc, individual countries can have different supervisory approaches. For example, certain jurisdictions might transpose directives differently, or add additional national requirements to account for their individual market conditions.
European banks face substantial compliance expenditures, with costs varying significantly by country and institution size. According to LexisNexis research from 2020, the average annual financial crime compliance costs were traditionally the highest for mid- and large-sized financial institutions in the UK, Germany, France, Italy, and the Netherlands.
In 2023, the total cost of financial crime compliance for institutions in Germany reached $32.5 billion, while for those in France and the Netherlands, the figures topped $25.3 billion and $12 billion, respectively. In the UK (as of 2024), banks and fintechs purportedly spend £21,400 per hour fighting financial crime and fraud, pushing the UK’s annual compliance bill to £38.3 billion.
Predictions for compliance costs in 2025 and onward
Expected increases in compliance costs
Deloitte estimates that compliance operating costs have increased by over 60% for retail and corporate banks compared to the pre-financial crisis levels. In 2023, financial crime compliance costs increased for 98% of financial institutions in EMEA, and 99% of those in the US and Canada.
While the cost of compliance for banks may continue to increase in the short term, as technology adoption becomes more widespread and compliance procedure automation accelerates, expenditures are likely to plateau or even start decreasing by 2030. Furthermore, in its 2025 Work Programme, the European Banking Authority has pledged to work towards reducing the reporting burden of financial service companies by 25%, as well as bringing the cost of compliance down.
Factors that may drive up compliance expenditures
The main factors that may continue to drive compliance costs up include:
Labor expenditures: The need for hiring and retaining skilled compliance personnel to handle manual oversight processes, which currently represents the largest share of compliance budgets, will continue to play a major role.
Investments in technology: Technology adoption is becoming the norm in bank compliance, with more and more institutions looking to automate as much of their customer onboarding, screening, and reporting procedures as possible.
Third-party and vendor risk management: Banks increasingly rely on third-party providers for services like KYC verification, cloud hosting, and payment processing. Managing vendor compliance risk — including due diligence, audits, and contractual obligations — can increase operational and legal costs.
Cross-border regulatory complexity: Banks operating internationally must comply with multiple overlapping or conflicting regulatory regimes, potentially increasing monitoring, reporting, and legal costs.
ESG compliance requirements: New EU directives like the Corporate Sustainability Reporting Directive (CSRD) and the Sustainable Finance Disclosure Regulation (SFDR) require banks to collect, audit, and disclose ESG-related data, adding a new dimension to compliance spending.
Evolving financial crime threats: Rising levels of financial crime and more sophisticated fraud tactics require banks to continue to invest heavily in advanced detection systems, trained staff, and more intensive monitoring processes, driving up overall compliance costs.
The impact of technology on compliance costs
The role of AI and automation
Traditional compliance processes are increasingly being replaced or enhanced by automated RegTech solutions. Ultimately, adopting technology allows banks to shift from reactive, labour-heavy compliance models to proactive, intelligence-led frameworks.
This enables banks to streamline tedious processes, making them more efficient and less error-prone. Institutions that integrate AI and automation effectively are better positioned to handle growing regulatory complexity, ensure faster onboarding with increasing customer volumes, and achieve stronger, more scalable compliance programs. As a result, financial institutions can provide better experience to their customers, while optimising compliance costs.
However, it's worth noting that just as banks leverage AI to enhance compliance, criminal organisations use it to develop more sophisticated financial crime and fraud techniques. This creates an ongoing "AI arms race" that requires continuous investment in defensive technologies.
Cost-savings potential from technology
In the short term, technology adoption can increase compliance costs for banks. However, in the long run, the transition to AI-driven, automated procedures for processes like transaction monitoring, regulatory reporting, and customer onboarding is a viable strategy for unlocking significant cost savings.
A 2025 report by Napier AI forecasts that US financial institutions stand to gain the most from AI-powered financial crime compliance solutions, potentially saving $23.4 billion, followed by German and French firms with $14.2 billion and $11.08 billion, respectively.
Avoid the cost of non-compliance with smart automations
New AI-powered technologies promise to reduce the time and money spent on compliance-related activities by streamlining the process of real-time analysis, customer onboarding, and reporting.
Fourthline’s modular identity platform helps banks streamline their compliance processes and maximise the ROI in technology. It enables banking partners to tailor their compliance programs by choosing and paying only for the components they want and need. From standard identity verification to ongoing AML screening, Fourthline provides banks with everything needed to comply with regulations, future-proof operations, and keep costs at bay.
