Banks and other financial institutions are struggling to comply with regulatory requirements. The speed of regulatory change and the difficulty in determining the affected products, processes, units, departments, and systems makes this something of a puzzle for financial institutions. The situation is complicated by the fact that the previous regulations are still implemented, and solutions are outdated and inefficient with numerous manual processes.
Improving regulatory change management is a journey that evolves alongside the maturity of the solutions and service models available. The first step of the journey to regulatory efficiency starts by asking four main questions around regulatory intelligence:
The first question is obviously “what regulations are coming and what is the impact to our business and IT landscape?”. Unless we understand what is on the horizon with regard to new regulations, we will always be trying to “catch up” after the regulations have already become binding laws.
The second question is then “how do we turn regulation into action as efficiently as possible?” It is one thing to understand what regulatory changes are in the pipeline, but quite another ballgame to understand how these can be mapped onto products, processes, and systems – in other words, which parts of our organization and value chain are affected and how.
The third question is “how do we know that we comply with all regulations and how do we give proof of compliance to regulators?”. The challenge is to keep track of all the changes and business requirement implementations for products, systems, business units, policies, controls, etc. and once those are implemented, to monitor and report how well the controls are working. Typically, monitoring and reporting are highly manual. and therefore, giving proof of compliance is time consuming.
The fourth question is “how do we optimize compliance and regulatory processes?”. This is the question that’s frequently overlooked; it is quite possible to manually track all the regulatory changes as they are made, map these onto processes, identify the systems affected and product portfolios that are impacted. However that would be prohibitively expensive, not to mention, inefficient.
All of this sounds straight forward, right? However, when we add complicated and siloed organizational structures, out-dated and scattered IT-systems and all product and process dimensions to the picture, the puzzle get trickier. Organizations can easily be overwhelmed by the manual work and lose track of the status of regulatory compliance.
The best way for solving the regulatory puzzle is to build an overarching, organization-wide end-to-end regulatory change management process, which, in an optimal situation, is supported by the GRC-platform and third-party solutions where relevant. If you are interested in hearing more on how to do it, join us for a webinar on 12th October, and stay tuned for our upcoming blog posts.
Katja Mäkelä
Director, Non-Financial Risk & Operational Excellence
BearingPoint Finland
Simo Manninen
Manager, Non-Financial Risk Management
Elina Aakula
Senior Business Consultant, Non-Financial Risk Management