The financial services industry is continuing to face a period of unparalleled regulatory change, with the volume of new rules at a global, regional and local level showing no signs of abating. With a wave of fines and lawsuits costing banks $260 billion since the 2007-2008 crisis, and 44 legislative initiatives currently in the European pipeline for banks alone, firms are working harder than ever to proactively monitor, assess and interpret multi-jurisdictional initiatives, and drive delivery of complex changes across all aspects of their operating model.
From our analysis, we found banks are typically spending 60% to 70% of their annual change expenditure on regulatory change. However, as shareholders increase their demand for higher returns (not least due to declining cost to income ratios), the regulatory portfolio has come under pressure as an area where costs must be cut without compromising compliance.
Moreover, as an increasing number of change programmes get underway, the regulators have turned their attention towards how firms are managing their programme delivery risks – commonly referred to as ‘execution risk’. This is most evident in their requirement for those firms impacted by UK Structural Reform (Bank Ring-fencing), to self-assess their own risks and formally submit their delivery plans. For other programmes, questions are being asked about the management oversight of change, the top execution risks, the concentration of changes on the organisation – particularly upon the provision of critical business services, and the level of contractor reliance. There is clearly a growing concern about the ability of firms to cope with the volume of change underway.
However, currently change is being delivered in the same reactive and siloed manner adopted during the financial crisis. Cross portfolio management is not always in place, and the answers that regulators are looking for are not always readily to hand.
More and more organisations are starting to realise that the post-crisis way of delivering regulatory change is no longer fit for purpose. Those organisations responding to these challenges are making the following improvements:
A thin portfolio management layer can act as a health monitor for the portfolio, improving the speed at which delivery issues are identified, escalated and resolved. However when this layer is operated by resources that understand regulation, programmes delivery, the business model, and risk management, then this layer can start to add much more value. Thematic risks and delivery efficiencies can be flushed out which would otherwise have gone unnoticed. Relationships with the programmes can be formed which go far beyond fortnightly progress reporting. And new insight can be gathered and used, such as; the level of contractor reliance or the collective change risks to our critical business services.
In addition, improving the link between the senior managers performance scorecard and programme performance may not be popular within organisations, but this is becoming a more common regulatory expectation.
Ensuring a complete overview of the upcoming regulations – including those which impact in geographies outside of where they are written - is not easy. Impact assessing those initiatives, which often affect multiple business lines in multiple geographies further increases the challenge. Firms are investing effort in ensuring there is an effective horizon scanning operation, supported by appropriate tools and that initial impact assessments are completed early and repeated as regulations mature. Firms are recognising that early engagement with the delivery teams is essential to enable lobbying activity, consultation responses, and a timely programme kick off.
Regulatory change programmes often present a different set of challenges to internal discretionary initiatives. Work often has to commence without a full set of rules or detailed technical standards – such as with MiFID II, regulatory expectations can change mid-flight, heightened cross business line coordination is often needed, fixed deadlines are common, and the delivery of compliance – which can often include embedding staff behaviours - is essential to avoid regulatory sanctions. Firms are starting to consciously consider all of these differences and actively mitigate against them to reduce their execution risk and increase delivery efficiency.
Part of this includes identifying the areas of programme delivery which are prime for streamlining and standardisation, such as the production and rollout of mandatory training, and identifying those areas which require cross Business Line coordination, such as the design and delivery of cross Business controls and compliance approaches.
Firms are recognising the importance of establishing a change infrastructure that is continuously tailored to the nuances of regulatory change. Common improvements include; enhanced assumption management techniques – to cater for the fact that delivery often has to commence before the regulation is finalised, ‘how to delivery regulatory change’ training for those staff operating on long running regulatory programmes, and a tailoring of the internal change delivery methodologies.
Against this backdrop of increasing regulatory change, cost down pressure, and increased regulator scrutiny, making enhancements to the overall regulatory change environment can often ease - at least some of - the burden on firms.
Read more about our insights on regulatory change.