Read this insight to understand how banks and financial institutions can build a technology enabled regulatory change management framework that can be aligned with the overall business and risk strategy and help in automating the entire regulatory change management lifecycle.Download a Insight
The “new normal” in the financial services industry is characterized by unprecedented regulatory volumes and complexity. Capital and liquidity requirements have increased, challenging historical levels of achievable return on equity. The roles of the C-level executives have also changed when it comes to governance and oversight. Key strategic decisions now require clarity and insight into the regulatory agenda, and executive oversight has become necessary to define responses to regulations. Resources, talent, and capital - already scarce commodities - are now required in significant measure to address regulatory change.
In this complex regulatory environment, a “fit” financial firm is one that can successfully incorporate regulatory change management into their governance of risk, strategic plans, and overall business and operating model. They understand that regulation needs to be managed not just as another process or function, but as part of the organization’s broader economic, global, socio-political, and competitive environment. This approach enables them to adapt to new regulations in an agile, swift, and sustainable manner.
Coping with Increasing Regulatory Volumes
Global firms are getting hit from all angles by regulations that impact multiple jurisdictions and risk areas. These regulations are constantly changing, resulting in numerous, complex, and interconnected sets of compliance requirements. The scope and timelines for compliance are often uncertain. There is also the cost factor - substantial funds are required for regulatory change management and restructuring.
At a governance level, many firms don’t have sufficient visibility into the impact of regulatory change on their organization because their processes are fragmented and managed in silos. Departments and individuals manage regulatory updates and compliance in their own way, which causes them to lose sight of the bigger picture.
The other challenge is sifting through the sea of regulations, and funneling the right rules to the right people at the right time. Many firms don’t have a “common language” to communicate regulatory changes and their impact.
Getting past these challenges means doing away with the silos, and establishing a “single version of the truth.” The management team should be able to comprehend the regulatory change, assess its impact on the organization, and measure the effectiveness of compliance.
This is easier said than done, as firms typically have to deal with hundreds of regulations affecting multiple business units and related processes. Trying to track all these regulatory changes, and measure their impact on the organization can be extremely challenging. However, adopting a systematic approach to regulatory change management, and integrating it with the overall GRC strategy within the organization will go a long way in making compliance easier, more integrated, and more transparent.
The Regulatory Avalanche
Each new regulation is hundreds of single-spaced, 3-column, 9-point-font pages
The Dodd-Frank Act alone requires nearly 60 million hours of paperwork for compliance
78% of banks have said they will or may need to change their nature, mix and volume of mortgage products in response to regulatory changes
Building a Regulatory Change Management Framework
To effectively deal with regulatory change, organizations need to have a framework that incorporates the following core elements:
Standardizing Regulatory Taxonomy: This part of the framework is characterized by well-defined roles and responsibilities for regulatory change management, both in the regulatory functions and the individual business lines. In addition, risk, regulatory, and business taxonomies are standardized across the organization, so that it is easy to implement regulatory changes. There are also clearly defined processes for managing regulatory change.
Centralized Regulatory View: Here, stakeholders have a comprehensive view of regulatory developments, external news, and industry group feedback, coupled with an internal view of how the regulation would impact the organization, or even how an organizational change would impact regulatory compliance.
Regulatory Change Planning: Methodologies are devised to prioritize the regulatory change, plan resources, align risks, and develop a business and communication strategy.
Regulatory Impact Assessment: This is the most important stage of the framework where the organization is able to align their strategy with the regulation, and analyze its impact on their business, their clients, and the overall market. Finally, they are able to coordinate changes across business lines in an integrated manner.
At every stage, it’s important to have metrics and reports that can provide key insights such as the current status of regulatory change management, the top issues and risks encountered, and resource planning gaps. Joining all these dots will enable stakeholders to make informed decisions on how to cope with the regulatory change.
Designing Effective Workflows for Regulatory Change Management
A well-defined regulatory change management workflow starts with regulatory affairs or compliance group scanning various regulatory developments, insights, and news to identify any changes that might impact the organization.
Once the changes are reviewed, summarized and categorized, the group then looks within the organization to identify risk events, results from control assessments, business changes, internal audit findings, and other relevant stakeholder inputs that can be linked to the regulatory change.
This data is funneled to key stakeholders to conduct an impact analysis, and determine what regulatory change projects need to be implemented. Thereafter, each project is tracked and monitored, right up to closure.
The Regulatory Change Implementation Process
As financial firms begin their journey towards implementing a regulatory change management process, here are a few important considerations. The first is to build a target operating model or concept for regulatory change management which is then aligned with business impact assessments, as well as frameworks and requirements at the business and functional levels.
The next step is to think about the automation of regulatory change management by using a technology solution. And finally, content in the form of risk, regulatory, and business taxonomies and inventories needs to be carefully formulated and planned.
The Role of Technology
Instead of struggling with cumbersome and bulky spreadsheets to manage regulatory changes, many financial firms are adopting technology to automate and streamline their regulatory change management process. With a single technology solution, firms can manage the entire process of tracking regulatory changes, notifying stakeholders, conducting an impact analysis, initiating actions plans, logging issues, and generating reports – all this, in an integrated, transparent, and highly efficient manner.
When it comes to tracking regulatory information, technology can automatically pull in new updates, insights, opinions, and curated content from multiple external sources such as RSS feeds, newsletters, and even customers. All this information can be instantly integrated and organized in a common repository.
Technology can also help standardize taxonomies across the organization, making it easier to map a regulatory change to business units, controls, policies, assets, and objectives, and thereby understand the impact of that change more clearly.
A solution that is sophisticated enough to understand these taxonomies and hierarchies can help in swiftly communicating the regulatory changes or updates to the affected business units. This is especially useful in global organizations that have to deal with regulations at both corporate and regional levels. By automating notifications to stakeholders at either level, firms can save significant time and costs.
The other benefit of technology is that it streamlines the process of conducting an impact analysis, assessing the risks of the regulation, reviewing and approving change management tasks, and then updating policies, testing controls, and remediating any issues that might arise. This systematic approach minimizes redundancies or duplication of effort.
Technology-enabled reports and dashboards add further value by providing comprehensive visibility into regulatory change management at multiple levels across the organization. They also enable users to slice and dice the data, uncover trends and insights, and determine areas of high risk or improvement.
Regulations aren’t going anywhere. In fact, they look set to increase in both breadth and complexity. The good news is that financial firms can find ways to thrive in this environment by implementing processes and systems that enable them to manage regulatory changes in a streamlined and integrated manner.