Firms are working harder than ever to proactively assess and interpret multi-jurisdictional regulatory initiatives, and drive delivery of complex changes across all aspects of the operating model. This task is made more challenging as deadlines for regulatory compliance are often tight and rarely negotiable, with non-delivery resulting in regulatory sanctions – which could include a fine or a restriction applied to the firm’s ability to do business.
Throughout 2016, firms can expect significant regulatory developments in the Fourth Money Laundering Directive, Markets in Financial Instruments Directive II (MIFID II), Data Protection and the Capital Markets Union. Moreover, the regulators are now increasingly focused on how firms adhere to both the letter of the rules and to the spirit of the regulation, and are expecting them to demonstrate real and ongoing changes in their culture.
Organisations will need a very broad range of skills, including governance and risk management, recovery and resolution planning, consumer protection, and anti-money laundering specialists. As regulatory developments hit everyone in the industry at the same time, it will be increasingly difficult to secure the right skills at the right time. Equally, even when those people are in place, their task is made harder because the new regulatory requirements often apply to several business lines or functions, providing a real challenge in both identifying the key stakeholders and then in coordinating the work required to devise a combined solution.
In our experience, the average overrun for a regulatory change project is almost 25% of the original budget and schedule, although this can greatly increase in many of the larger, more complex projects. In response to this unprecedented volume of global regulation, more and more firms are tailoring their delivery approach to the nuances of regulatory change by taking the following actions:
Firms should start by designing and establishing an appropriate governance structure that can take responsibility for programme execution and its constituent risks. This governance should provide appropriate insight and enable coordination across all the relevant lines of business and jurisdictions. This structure then needs to be supported by people with regulatory subject-matter expertise and firm-specific delivery experience who can ensure informed decision-making.
New rules can often take several years to develop, and follow a rough timeline which is often delayed. Whilst rules are being developed, they often contain substantial areas where the industry is uncertain as to their meaning and how to respond. Firms therefore have to base their plans on a set of significant assumptions, but they also need to constantly check and manage those assumptions. In our experience, this requires active engagement and communication with regulators and a sharp focus on the impact of any changes to assumptions as soon as they happen. This process should involve both regulatory and delivery experts, supported by horizon scanning to ensure the firm is alert to developments which could change their assumptions.
To successfully manage to a fixed deadline, firms need to start work on the areas with the longest lead time, and identify the implementation dependencies between regulatory initiatives and other relevant discretionary programmes. In our experience, these are often IT-related or involve cross business line agreement. Those disproportionately challenging areas should be identified early and flagged to the lobbyists for discussion with the regulators. If programmes are managed in isolation then time will be wasted and decision making can be impaired, with the result that key demands may fall between the cracks.
Another critical change in approach lies in the need to embed regulatory controls and staff behaviours. Usually, between 80% and 100% of a regulatory change project’s budget is allocated to its launch. In this new world, there should be a greater emphasis on the post-launch change activities. This will reflect the regulators’ expectation that firms identify the desired outcomes and to test that they have been embedded into the business and culture. That requires early engagement with the impacted staff and a robust handover to business as usual, with a defined process in place to ensure employees are provided with the necessary support, reminders and mechanisms required to truly embed the right behaviour into the organisation.
The regulatory change budget tends to be viewed as ‘non-discretionary spend’ and justified as the cost of staying in business. As a result, costs are tracked but not scrutinised and potential benefits are not considered as part of the business case, resulting in missed opportunities. Firms need to recognise that regulation drives good practice, effective control, competitive advantage and strong performance. That means they should seize the opportunity to use the responses to these new regulations as a lever to make strategic changes. To do this, the framework for regulatory change delivery must be closely tied to the firm’s overall strategy.
Increased regulation is going to remain a fact of life for financial services organisations and it undoubtedly presents real management challenges. However, by tailoring their delivery approach, firms can both meet the regulatory requirements more effectively and secure added value for their business.
To harness the operational and reputational benefits from regulatory change, speak to one of our experts today.