Guest Contributor: Stephen Taylor, Senior Market Manager, U.S. Enterprise Risk & Compliance, Wolters Kluwer Financial Services
In Greek mythology Sisyphus, the King of Ephyra, was punished by the Gods for his wrong doing. His sentence? Roll a very heavy boulder up a steep hill, only to watch it roll back down. Repeat this action for eternity.
Sometimes, the compliance world feels as if it has been punished by the Greek Gods. Regulations are released and implemented, only to change again. This process seems never ending.
Across the financial services industry, regulatory and industry change is inevitable. But in recent years the volume of change has expanded since the financial crisis. Dodd Frank shook things up significantly. Thousands of changes have been announced on top of thousands already underway.
All rules are important, but some are more important than others. And, because of the volume and velocity of change, it’s easy to miss the crucial changes in all the noise. The most critical changes are the ones that can affect the operational effectiveness of an organization, especially those that can lead to regulatory censure, reputational damage, internal losses, and lots of finger pointing by senior management.
Many organizations have experienced sleepless nights over the developments proposed by the Volcker rule. Likewise, the regulation of OTC derivatives, globally, is causing considerable heart burn. Multiple agencies are involved in these developments, sometimes proposing exactly the same changes but in different documents. The margin for error is huge especially since for many this is uncharted territory. Developing even a basic understanding of the requirements is difficult. But then, figuring out how to implement these requirements against firm-specific trading and compliance processes can cause anxiety in its purest form.
For many, managing regulatory change is done manually. Organizations will go to a regulator’s website and see what’s new. For organizations regulated by multiple federal agencies and states, this is a very onerous task (Sisyphus might think he got off lucky). Add the global dimension into the mix, then the resource requirements for manual tracking are huge in time and are costly. But tracking the regulations is one thing; understanding which ones are relevant and how they impact the business is entirely another, which makes this task a very high risk process.
There is no easy way around the challenges presented by such an environment of regulatory change. Employing a manual process is not the answer. It takes more than a group of dedicated individuals to roll this particular boulder up the hill. Those firms that are becoming successful at managing regulatory change employ technology to do a lot of the heavy lifting, but, again, technology without the right initial planning, processes and culture may prove pointless.
When thinking about success, firms should consider doing an audit of the rules that will affect their business. For some, especially the larger institutions operating in multiple jurisdictions across multiple product lines, this is a massive task. Unfortunately, there is no way around it. Regulators demand that organizations know the rules they are beholden to and how they are managing these compliance obligations. This task shouldn’t be seen as one to simply satisfy the regulators. Mapping the rules that affect your business can have significant up stream benefits in the fullness of time. And it could mitigate regulatory action.
Once firms understand their obligations, the obligations can then be mapped to policies, procedures, lines of business, desks, functions, jurisdictions, groups and individuals. Again, this is a huge initial undertaking but one which can ultimately save considerable time and cost when it comes to managing ongoing changes.
Once the mapping is complete, it most likely will be immediately out of date. In fact, for some, it can become out of date during the initial mapping process! This is when technology blended with the appropriate regulatory content can become incredibly beneficial. With the right platform and the right content update feeds, maintaining the compliance infrastructure can be more easily achieved than trying to manage it all through Excel pivot tables.
Critical to success is the ability to quickly identify what has changed in the external environment, what are the key elements of that development, where they are mapped to the business, what is the potential impact (if any)? Then finally, who is on the hook to ensure the right implementation plans are initiated, tracked, chased and ultimately closed out. Each phase needs to be carefully managed and each phase needs transparency, so the entire end to end process is visible to program managers.
There are professional publishers that can help alert firms to the regulatory changes, but few technology systems that can easily identify where these changes could impact the business and then provide the right workflow tools to manage each obligation through to implementation in a meaningful way. This is the most difficult piece. Getting visibility into the rule changes isn’t enough. Firms need to pull this obligation through the business and clearly demonstrate that relevant action has been taken. The ultimate verification is that controls have been put in place to mitigate any potential risk and that these controls have been positively tested.
But if you need a PhD in Astrophysics to use the solution, then the business will not adopt the technology and as a result you could have a huge white elephant staring at you for years to come. One of the biggest roadblocks to implementing software is its ease of use… or lack of it. Firms need to pay particular attention to this. If an end user can see how the technology can save them time and effort, then they are more likely to use it and a virtuous circle is created. Make it difficult to use and this creates a barrier no amount of training will cure.
Creating that virtuous circle of effective regulatory change management is critical to success. For this to happen, there has to be the right “tone at the top.” Having the right culture for compliance is crucial and this can be improved if it’s demonstrated that effective compliance is not to be seen as an ineffective cost center, but as a way of running an ethical business which not only can improve the strategic direction of the organization but can improve the firm’s reputation within the market.
Sisyphus may still be rolling that boulder up the hill, but now is the time to ensure your regulatory change management program isn’t.
Need a Reprint?
Leave a Reply