As financial markets continue to evolve, regulatory change management has become an essential yet complex task for financial institutions. The challenge lies in continuously monitoring, managing, and adapting to both minor and major adjustments in regulatory obligations.
This month, RegTech Insight hosted a webinar bringing together a panel of industry experts to review Practical considerations for regulatory change management. The panel included Nicole Hansen, Director in Risk at NatWest Group; Linda Gibson, Director & Head of Regulatory Change at BNY Mellon | Pershing EMEA; and Priscilla Gaudoin, Head of Risk & Compliance at Ruleguard.
The webinar opened with a poll question (see figure 1 below) to the audience: “How confident are you that your regulatory change management framework will pass a close regulatory examination?”
Whilst the audience was voting, the panel addressed the numerous regulatory changes across various jurisdictions and the strategies firms should employ to stay current and compliant with upcoming deadlines.The panel emphasized the importance of enterprise agility and the three-lines of defense model:
- First line: business operations monitoring
- Second line: compliance & risk management
- Third line: internal Audit.
They noted that a rapid pace of regulatory change and increasing complexities challenges firms to proactively adapt and integrate compliance into business processes (first line of defense) optimizing the use of technology and fostering a culture of collaboration and continuous improvement.
Regulatory horizon scanning for changes in a complex and fragmented landscape is complicated, particularly when regulations diverge, such as the U.S. markets moving to T+1 while the UK and Europe are still evaluating. A single view of all upcoming regulations and deadlines is essential and the panel emphasized the importance of focusing on regulations with sufficient definition and rigor to fully understand the exact implications and timelines.
Whilst the audience poll indicates that most delegates were confident in their regulatory frameworks, the majority recognize there remains work to be done.
Figure 1
A second audience poll asked went deeper asking, “What are some of your organization’s main challenges with managing regulatory change?”
Figure 2
Noting the high scores for Interpretation and integration, the panel noted that firms can usually understand regulatory requirements and how to achieve compliance on day one, but challenges arise further downstream when issues with controls in business-as-usual (BAU) processes become apparent. An examination of enforcement actions highlights inadequately defined and/or integrated controls as a root cause in the majority of cases.
The panel advocated for appointing a transition manager as a best practice to ensure a well-planned handover to business-as-usual operations, with clear roles and responsibilities agreed upon. Symptoms of poor regulatory governance can be identified by late identification of regulatory changes, stress on change management programs, hurried or incorrect implementation, and deficiencies in governance.
A discussion on collaboration between compliance and other functions emphasized that regulatory change programs should not be led solely by compliance departments. Effective collaboration with IT, operations, legal, HR, and vendor management is essential, with executive sponsorship and support critical to ensuring everyone knows what is expected of them in their specific role. Establishing a comprehensive regulatory change program must include participation from all process and line-of-business owners to fully identify workstreams and assign ownership.
Training and support for employees during regulatory changes is critical to maintaining adequate first-line-of-defense in the lines of business. The panel stressed the importance of tailoring training programs to the firm’s unique requirements (there is no one-size-fits-all) and making them interactive. Bespoke, face-to-face training using relevant business cases and scenarios has proven more effective than generic computer-based training. Ongoing training and refresher sessions ensure that employees are up to date with regulatory expectations and can apply them in their roles.
The panel considered the benefits of third-party technology, especially for regulatory horizon scanning and tracking changes across multiple jurisdictions. These tools can help automate the monitoring of regulatory updates. The latest tools analyze vast amounts of unstructured regulatory text data and provide alerts to compliance teams. Whatever tools are chosen, maintaining audit trails that demonstrate how firms have assessed and responded to regulatory changes is a key requirement for both internal audit and regulators.
The panel cautioned that while RegTech solutions are valuable, they are just the starting point, and additional sources are necessary to get a balanced view. Participation in industry associations and maintaining an ongoing dialogue with regulators helps firms gain a broader perspective, understand what their peers are doing, what regulators are expecting and where they stand.
Fragmented technology, manual processes, and the lack of a common taxonomy and data lineage hinder effective data management. One panellist observed that despite regulatory requirements like BCBS 239 being in place since 2013, many firms still struggle with compliance due to data issues. The importance of validating the quality of source data cannot be overemphasized. The potential of technology, particularly AI, to assist in compliance decision-making is entirely dependent on the quality of the data feeding it. Getting the data right is critical to a functionally adequate regulatory change management process.
In closing, the panel noted that no individual firm can hope to get their head around everything that’s going on across the regulatory ecosystem. Most firms, whether through an office or some other representation in another part of the world, will be touched by multi-jurisdictional regulatory complexity somewhere along the line. The emerging role of artificial intelligence (AI), particularly generative AI (GenAI) and large language models (LLMs), in regulatory change management offers significant opportunities for streamlining compliance operations, subject to regulatory clarity on explainability and data quality demands. AI can automate monitoring and alerts, interpret and summarize complex regulatory requirements, and assist in impact assessments. However, the need for a human-in-the-loop will always be necessary – in compliance, at least!
This webinar was sponsored by Ruleguard
Subscribe to our newsletter
