Tony Sodhi – Head of Legal, Regulatory and Compliance at GFT
Financial service institutions continue to face a difficult and uncertain future as they tackle a variety of competing challenges and issues that have emerged since the 2007/ 2008 financial crisis.
We have witnessed thousands of job cuts throughout the financial services industry, profits have dropped and operating costs have increased; whilst return on equity (ROE) figures for shareholders continue to disappoint. The decision by the UK to leave the European Union in last month’s referendum has only added to a growing sense of uncertainty. Predicting the future with 100% confidence is an impossible task, however one area that we know will remain near the top of the corporate agenda for the foreseeable future is that of regulatory compliance.
The depth, breadth and pace of regulatory change has resulted in financial institutions diverting billions of dollars of infrastructure investment into regulatory compliance programmes. What is now clear, is that regulatory compliance has become a strategic concern. Financial institutions need to quickly understand and recognise the urgent need to design, implement and manage efficient processes to on-board regulation and maintain compliance as part of ‘business-as-usual’.
Across the globe there has been a concerted attempt by financial institutions to tackle the regulatory challenge. Many have relied on the use of tactical solutions and workarounds to achieve compliance. Whilst these short term fixes may have succeeded in the past, they are not sustainable in the longer term. In ‘The New Normal’ environment of continuous regulatory change, a fresh approach is urgently needed.
Recognising the challenge
In order to better understand the regulatory challenge, we believe it should be separated into four distinct categories. These are:
- The growing volume, complexity and concurrency of regulatory change
- The need for a governance structure
- Managing the cost of implementation
- Resource constraints
Financial institutions will be at different stages of maturity in terms of their change programmes. Adopting a strategic approach is the best method to tackle the challenges highlighted above; addressing them simultaneously rather than individually, which has previously been the default approach.
A successful regulatory change management process must encompass both technical and business processes. Regulatory change needs to be embedded into the mind-set as part of ‘business-as-usual’ becoming part of the ongoing requirement rather than an individual necessary evil that comes and goes.
The change management process should seek to build a central source of regulatory knowledge and information that allows for a standardised interpretation of regulations and their impact, from both a cross-functional and a cross-product perspective. The change management process also requires the establishment of good governance structures and a framework that embeds traceability for reporting requirements.
The pace of regulation is increasing
The pace, volume and concurrency of regulation has increased to such an extent that financial institutions now need to reconsider how they analyse each and every new requirement as it arises. This should be done in a structured way that ensures consistency and mitigates against regulatory risk. Many of today’s existing regulations have evolved, and will continue to do so in the future. Financial organisations should be monitoring and reviewing their business processes to ensure ongoing compliance.
In many institutions, internal legal departments are tasked with the assessment and analysis of new regulations. This can often lead to problems where a practical knowledge of business processes is required to ensure sufficient accuracy is achieved. All too often, subject matter experts are diverted from core business activities to assess exactly how particular regulations affect specific business processes and controls.
Overall, there is a need for a systematic, standardised approach and a suitable governance structure, underpinned by a technical architecture that is flexible and fit-for-purpose.A well-planned and ongoing regulatory change management process should include a framework that allows for ongoing change and facilitates a strategic approach that is less costly and disruptive then tactical workarounds.
A crucial element of a robust regulatory change management process is to ensure all records and documentation can be accessed from valid sources. Managing regulatory documents successfully requires a dedicated regulatory document management system that facilitates the automated extraction of relevant documentation from multiple sources. This strategic document management system should allow documents to be tagged and tracked in accordance with a given taxonomy, meaning that any specific regulation can be analysed from a functional perspective. An interpretation of the regulation that is relevant to each function can then be correctly undertaken, along with subsequent business requirements and required changes.
The document management process is an intrinsic part of a strategic change management solution. It is crucial that this has a regulatory taxonomy that is configurable for each function, which can be stored centrally as the source repository and be accessible across the enterprise. The document management component should also support the configuration of all inbound document types, including: rules, guidance, amendments, releases, and regulations. The source of the regulatorydocumentation should also be captured and recorded.
Furthermore, firms need to examine how regulatory documents are approved and how impact assessments are carried out. A strategic system should be cross-functional and cross-regional. Having a robust impact assessment will empower a financial institution to make well informed cross-functional decisions on how to implement complex regulations.
Once the document containing the hierarchy of regulatory changes has been accepted and is assessed for materiality, an analysis of what the document relates to and how it impacts the firm’s processes and controls need to be completed. This analysis serves as a regulatory ‘rule mapping’ exercise that drives specific compliance requirements defined by a particular function in the organisation. A dedicated team of experts that consistently undertakes and performs this task will be able to complete it to a high quality, in the shortest possible time.
The need for a governance structure
In many financial institutions, individual business units or functions manage regulatory change management programmes autonomously. This federated model works best if a specific change only affects that particular part of the organisation. However, the current ongoing waves of regulation are directed at the entire enterprise and require a more centralised governance model.
An optimal governance structure should be designed to promote clear lines of communication, transparency and traceability. This will help establish accountability, ownership and responsibility throughout the organisation and facilitate an active engagement with the relevant regulatory bodies.
The core challenge is about creating a central source of knowledge and information. It is clear that the creation of a holistic ‘regulatory dashboard’ is the most effective way of achieving this goal.
A successful strategic change management programme will achieve a holistic view of all inbound regulations and demonstrate how they affect the entire organisation. A regulatory dashboard can help visualise this impact, enabling drill-downs into the specific areas that are most affected. In this way financial institutions can plan to remove information silos that pose an obstacle to strategic compliance.
Once a suitable dashboard and reporting framework have been created, it should be possible to identify key performance and risk indicators that will demonstrate, both to auditors and to regulators, the level of compliance that the organisation has with a particular regulation. The dashboard should provide functionality that is configurable, so that alerts are created on a daily basis when the organisation is not compliant – this then becomes a powerful tool not only to demonstrate compliance, but also to keep a full audit history.
There is no universal solution for regulatory change management. All financial institutions are at different stages of maturity with their specific compliance programmes. However, we believe that the time is right for a new approach that harnesses the power of proven technology to address common issues.
A structured regulatory change management programme delivers much more than mere compliance. A well designed programme can help financial institutions become more confident and responsive to new business opportunities and help achieve a permanent reduction in compliance costs. A financial institution with a strategic view of regulatory compliance can confidently regard regulatory change as ‘business-as-usual’ and become more customer focused and profitable in the future.