Getting Ahead of Regulatory Changes:
Yes, It Can Be Done.
In the wake of the 2008 financial crisis, governments and regulators around the world have imposed a seemingly unending series of new regulations on financial institutions (FIs) – think Basel, Anti-Money Laundering (AML), International Financial Reporting Standards (IFRS), and proposals to amend capital market legislation in Ontario to regulate benchmarks like the Canadian Dollar Offered Rate (CDOR) and the Canadian Overnight Repo Rate Average (CORRA), to name a few.[1] The focus on financial safety for consumers, markets and the world economy continues to generate new regulations that are hard to predict – who would have thought FI sales practices would be a focus across North America two years ago?
They keep coming, and they matter. All of them cost money. “Small” changes can cost $20 million for an FI to comply, while larger ones are upward of $100 million, and even more if the program goes off the rails. Regulators often require such programs to meet tight deadlines, after which the work does not stop, but rather continues in a different form as the organization learns to work under the new regulatory regime. Some regulatory changes in reporting (e.g., IFRS) affect bottom-line reporting directly. Rarely does an executive get excited by compliance – or at least, before they learn their organization might not be able to comply, at which point everyone gets excited and agitated. Until then, everybody wants to go to the party – that is, be compliant with regulatory changes – but nobody wants to stay and clean up – that is, put in the time and effort required to implement these changes.
At Optimus SBR, we run very large programs for financial services companies; we’ve completed 25 such implementations in the last year alone. We know that every organization responds to these challenges and implements solutions differently.
Based on this experience, we offer below an overview of four challenges, and four solutions for FIs working to stay on top of regulatory changes today and tomorrow.
Four Challenges
FIs do many things well – they operate at a great scale, pool capital for investment, and price and allocate risk, supporting robust financial markets and economic growth. They do all this repeatedly and, for the most part, without much drama. So why should they struggle with regulatory change? There are several reasons.
It’s always more work than you think.
Regulatory change programs typically require the cooperation of multiple divisions or departments – often Risk, Finance, IT, Business Intelligence, not to mention HR or product lines. To further complicate matters, these change programs are often misidentified as simple regulatory or accounting projects. In reality, these are actually large, complex, multi-function projects or programs.
At first, FIs often suppose they need to coordinate with others who already have what is needed to proceed. Then, slowly, they’ll realize they don’t have the critical components, such as analytics and modelling tools, or data in a form that’s usable to genuinely impact the critical path to delivery.
In the meantime, the regulator’s deadline hasn’t changed. You will find that no one person knows everything the organization needs to know, precisely because this is highly complex and new terrain. But the organization will need to draw on its collective wisdom to get all this knowledge in one place and will need to do so well before the deadline. Often this means an enormous amount of work, and many organizations do not realize this until it is too late.
Your current organizational design and infrastructure was not built for this.
Regulatory compliance creates new responsibilities and accountabilities that can cut across organizations. The Sarbanes-Oxley Act, for example, meant many FIs’ Enterprise Risk divisions found themselves responsible for calculations that directly affected financial statements, which had previously been regarded as the sole preserve of Finance departments, to increase accountability and ensure that financial disclosures are accurate and controlled. The Sarbanes-Oxley Act also affected contributors to disclosures, requiring them to design, run, and evidence controls for auditors.
Regulatory programs often drive changes in accountabilities, working relationships, and much else besides the initial requirements. Infrastructure – be it physical, organizational or electronic – that has sufficed for years or decades is often deemed inadequate for new activities and tasks, and there’s no time to replace it before the regulator’s deadline.
And just to complicate things further, many of the new requirements are now calling for augmented historical information. Data that was never previously collected or subject to quality control is now required. Teams are left scrambling to complete a puzzle with pieces that don’t fit or don’t exist at all.
A lot of energy is spent trying to keep your eye on the right prize.
When organizations do get Risk, Finance, IT, Business Intelligence and product people in a room together, they often find it difficult to focus on the regulatory concerns, compliance requirements, and parameters that are important. Finance cares about the details balancing correctly. Risk is focused on the biggest enterprise risks, monetary or otherwise. Business Intelligence is worried about the accuracy of the data and flexibility of analytical tools.
Depending on the change in question, the regulatory division might be concerned about things that are immaterial. Controls and auditors may follow frameworks that require new focuses, some of which may not be the critical path for the project.
In other words, everyone is having a hard time getting on the same page when it comes to what actually matters, which in this instance, is what the regulator requires.
To further complicate things, divisional or department concerns, and localized focus may obscure the real work at hand or mistake it for the core need rather than knock-on implications that will need to be dealt with later on. And between corralling the disparate information in an environment that wasn’t designed to handle this, you’ve got enough work to do without getting distracted by secondary concerns.
It’s a marathon and a sprint.
Deadlines to implement regulatory changes are beginnings, not the end. While cobbling together the infrastructure, data, reporting, and organizational know-how to comply is no small feat, it typically takes many months, or years, for these capabilities to become business as usual. Just as you let out a big exhale crossing the regulator’s finish line, you can see you still have a much longer road ahead of you – better take a deep breath.
Depending on the scale of change and impact on workflows, organizational designs and target operating models may need to be adjusted. Integration with other standard reporting and governance controls may be required.
In short, organizations need to find a way to make living with the new regulatory change sustainable. This requires knowledge transfer, transitioning people and knowledge from programs and projects to operations, and ensuring everything can be executed repeatedly.
Four Solutions
Take another deep breath. Despite the number of big challenges and a looming deadline, you can come out on top if you execute on the following.
Get with the Program.
To make sure everyone appreciates how much work regulatory change can be, take it seriously and lay the foundations early. Set up a large program with many separate but interrelated projects or workstreams. Many organizations can run projects – few can run programs effectively.
By doing this, you and your organization will begin to understand the end-to-end change requirements and their severity, the impact on the business, and the challenge of meeting the regulator’s timelines.
If you have been through an experience like this, you already get it. If your colleagues have not, or have not had to live with the consequences, they will not. They will need to change how they work and who they work with. You need to set up a program to help them do this.
Figure out what is going to happen once you hit the gas.
Part of the reason people don’t realize how much work a new regulation can create is because it may not affect aspects of the business that are typically gauged to determine whether something is “big” – e.g., dollars, employees, branches, transformations, number of products affected, and so on.
New data and reporting requirements can still require a massive effort, even if the book of business in question is small. The same goes for the number of products affected – major changes to a few products or new data collection requirements can drive enormous amounts of work. Sometimes, it is simply a higher order skillset or level of execution that is needed. When a VP asks, “So, how big is this?” there’s often no immediate answer.
One way to find an answer is to conduct careful discovery grounded in fact. As we said, no one person in the organization knows everything needed to gauge the extent of the work required. Domain expertise matters. Data expertise matters. In general, depth matters, so it is worth diving in early to get a handle on things.
You can’t boil the ocean, so don’t.
You can’t make wholesale changes to your organization in response to every new regulatory directive. However, you can figure out where change can happen, and where it is unlikely to be successful in the short term.
Once you have set up a program and completed your discovery sessions, you need to assess the organizational and resource constraints you will have, and what changes to ask of key stakeholders.
On the bright side, this can help create a burning platform – large change in the face of constraints creates more concern than an ambiguous amount of change and loose talk of how to address it.
Find your Switzerland.
You need someone in charge who understands the amount of work required and its complexity, and who is also seen as a neutral third party. You also need a consistent gauge of where the organization is in the implementation life cycle.
Internal parties are technically capable, but a department or division may be seen as biased and have blind spots. Third parties can offer better transparency and reporting of problems, because their careers and reputations don’t suffer the same way from reporting bad news as internal resources might. Also, neutral third parties can more easily ensure equal voices across divisional lines.
Call the Program Management Experts
Must-do projects like regulatory changes can seem overwhelming and daunting, but it doesn’t need to be. With some careful forethought and the right expertise, regulatory programs can extend beyond just staying onside with the regulator, and set your organization up for long-term success.
In the meantime, if you need help preparing for this hard work, give us a call, or send us a note.
Carolyn Kingaby, Senior Vice President, Financial Services
Carolyn.Kingaby@optimusssbr.com
416.649.9219
Peter Snelling, Senior Vice President
Peter.Snelling@optimussbr.com
416.649.9128
[1] See Government of Ontario (2018). A Plan for the People: Ontario Economic Outlook and Fiscal Review, Toronto: Queen’s Printer, p. 57.
Business Intelligence Road Map to Smarter Decisions
If your organization is having difficulty deriving greater insight, understanding, and intelligence from your data, you are not alone. Data is everywhere. But accessing, organizing, and making sense of it can be daunting.
Power BI vs Tableau – Which is Better?
Although Tableau and Power BI are similar business intelligence tools, there are key differences that organizations should be aware of when considering analytical requirement
6 Essential Data Visualization Best Practices
We have identified 6 Essential Data Visualization Best Practices. Adhering to these best practices makes it easier and faster for users to gain insight from large volumes of data and thereby make the best decisions for their business.
Optimus SBR Named as 2021 Great Place to Work
Optimus SBR has been named as Great Place to Work for a third consecutive year.
Executing on Round 2 of Municipal Modernization Program Reviews in Ontario: Should You Approach Them as a Marathon or a Sprint?
Our overview of areas of focus for the second round of the Municipal Modernization Program, Service Delivery Reviews themes, and advice on how to execute with the funds made available for this investment.
Optimus SBR named to the Growth List for 8th Consecutive Year!
Canadian Business named Optimus SBR on the 32nd annual Growth List!
Adapting in a New Era of Corporate Travel
Travel is one of the most impacted sectors hit this year due to COVID-19. Organizations need to begin to take a critical look at what corporate travel will look like in a post-COVID world.
Optimus SBR Named as 2020 Great Place to Work
For the second consecutive year, Optimus SBR is thrilled and honoured to be named on the 2020 list of Best Workplaces in Professional Services, and as one of this year’s Best Workplaces™ in Canada. This year, we’ve also been named to the inaugural list of Best Workplaces in Ontario.
The Driving Need to Reassess Processes & Controls Related to COVID-19 Responses
COVID-19 has thrust a massive amount of change onto financial institutions. Conducting a review of the processes and controls put in place during these unprecedented times is critical as financial institutions face an increasingly complex risk environment.
Pivoting When the World Changes: Getting the Most Out of Municipal Service Delivery Reviews in the New COVID-19 Reality
Municipal services matter, and not just the ones that people see. The ones that keep things humming behind the scenes matter too. And never has that been more apparent than during the COVID-19 pandemic.
How to Improve Analytics Capabilities and AAIM for Success
With technological advancement rapidly reshaping how we do business, a company’s ability to leverage data to make more informed decisions is the key to staying competitive in today’s market.
Whether your organization is beginning their analytics journey or is further along in its analytics maturity, an objective analytics capabilities assessment focused on using data to make better decisions is an important first step to achieve your analytics goals.
Optimus SBR Named 2022 Most Admired Corporate Cultures™ Winner!
What a thrill it is to be honoured as a 2022 Most Admired Corporate Cultures™ Winner! This award celebrates the Bold Attitude and Entrepreneurial Spirit each of us embodies.
