If there is one thing we can predict with 100% certainty, it’s that the burden of regulatory compliance will continue to increase over the course of the next few years. Although most commentators agree that all regulation has a worthy aim, achieving and maintaining regulatory compliance has significantly increased the cost of doing business.
Banks are already spending billions of pounds on infrastructure investment into regulatory compliance programmes, but the challenge of putting this spend to best use whilst maintaining core activities remains huge. Organisations within the financial sector need to begin re-evaluating how they interpret and analyse the impact of regulation, while recognising that adopting a strategic approach will be the most effective way of tackling the daunting challenge of ongoing regulatory compliance.
A multifaceted challenge
The regulatory challenge can be broken down into four distinct and separate components. A successful regulatory programme must address all of these issues:
- The growing volume and complexity of concurrent regulatory change
- The need for a governance structure
- Managing implementation costs
- Resource restrictions
In reality, financial institutions are at different stages of maturity with their legislative change programmes. However, those organisations that adopt a strategic approach to compliance will be empowered to tackle all these challenges simultaneously.
The growing complexity of regulatory change
Financial institutions need to rethink how they analyse the impact of regulation. This has to be done in a structured way to ensure consistency and to mitigate regulatory risk. Plenty of existing regulations evolve over time and this requires constant monitoring and review of business processes to ensure ongoing compliance.
There is a growing need for a systemic, standardised approach and a suitable governance structure, underpinned by a technical architecture that is flexible and fit-for-purpose.
The need for a governance structure
Within many financial institutions, individual business units or functions manage regulatory change programmes autonomously. The current wave of regulation is so large that this approach is no longer viable. A more centralised ‘command-and-control’ governance approach is needed to cope with enterprise-wide impacts.
Managing implementation costs
The growth of regulation is increasing the cost of doing business at a time when firms are under increasing pressure to cut costs. In the past we have seen firms be very ‘reactive’ to new regulation, often favouring the use of tactical fixes to solve the current challenge. This over-reliance on such methods can lead to major long-term costs, as ‘technical debt’ accumulates.
One way of reducing compliance costs is to replace tactical work-arounds by adopting a strategic regulatory change management programme that can provide a holistic view of all inbound regulation and the effect on the entire organisation.
Pressure on resources is one of the greatest challenges currently facing the industry. The increasing volume and complexity of financial regulations has been aggravated by shortened mandatory timelines; meaning firms have more to do, but less time to do it. This challenge is compounded by a lack of qualified individuals to implement ongoing regulatory change initiatives; an issue of concern throughout the industry.
The benefits of a strategic solution
A successful regulatory change management solution must encompass both technical and business processes. The concept of regulatory change needs to be embedded into a ‘business as usual (BAU) mind-set’ so that regulatory change is seen as an ongoing requirement rather than a necessary evil that comes and goes.
We believe that a well-planned and ongoing regulatory change management process should include the following components:
1. An understanding of the regulatory change cycle
Regulatory driven change is often cyclical in nature; as soon as one regulatory implementation has finished, another will begin or be in the pipeline. The best way of coping with this challenge is to establish a regulatory change framework. This will allow change to take place on an ongoing basis and facilitate a strategic approach.
2. The need for a regulatory document management process
A regulatory change management process should ensure that all records and documentation can be accessed from valid sources. To successfully manage regulatory documents it needs a dedicated regulatory document management system that facilitates the automated extraction of relevant documentation from multiple sources.
This system should have the ability to ‘tag’ and ‘track’ documents in accordance with a specific taxonomy; it will help in the codification of different regulations and provide much needed consistency and standardisation.
The document management process forms an intrinsic part of a strategic management solution. It’s important that this has a regulatory taxonomy that is configurable for each function and which can be stored centrally as the source repository, and be accessible across the enterprise
The document management component should also support configuration of document types that are inbound, including: rules, guidance, amendments, releases and regulations, and should also allow the source of the regulation to be captured, irrespective of source.
1. Impact assessment and interpreting the regulation
Once a regulatory document has been approved, an impact assessment is required. A robust impact assessment will enable financial institutions to make well informed cross-functional decisions on how to implement complex regulations.
After the document has been appropriately assessed, firms need to understand what the document relates to and how it will impact the firm’s processes. This analysis serves as a regulatory ‘rule mapping’ exercise that drives specific compliance requirements defined at a particular function in the organisation. A dedicated and experienced team of experts should be assigned to this task.
2. Process tool and business requirements production
Within the regulatory change management platform, the process modelling element should enable the mapping of regulations and their interpretations to business requirements, controls and policies. In this way, full traceability and lineage can be displayed so that it is clear where the regulation came from and where its impact will be most felt.
3. Reporting and demonstrating compliance
Reporting and demonstrating compliance require firms to have a comprehensive understanding and holistic view of workflows. In tracking and monitoring the workflow, the ideal system should be able to establish key milestones for completion, appropriately assign roles and responsibilities to key individuals; and have the ability to communicate and send alerts when required. Good workflow management will also provide an audit trail and demonstrate reporting capabilities. This increased need for transparency provides regulators with assurances that a firm is in control of its compliance programme.
With a suitable dashboard and reporting framework having been set up, it should be possible to identify key performance and risk indicators. These indicators can show auditors and regulators the level of compliance the organisation has with a particular regulation. The dashboard should provide functionality that is configurable, so that alerts are created on a daily basis when the organisation is not compliant.
It is increasingly evident that the need to adopt a strategic view of regulatory change has never been more pressing. The over-reliance on tactical workarounds is not a sustainable approach for financial institutions to take and this is why an enterprise wide regulatory change management approach should be adopted, since it allows an institution to move to a strategic and more efficient process for on-boarding regulation.
There can be no escape from continuous regulatory change; it is now ‘The New Normal’. However, embracing a strategic and holistic approach to managing this change will provide institutions with the chance to face the future with greater confidence.
By Tony Sodhi, Head of Legal, Regulatory and Compliance, GFT.