The continued relentless pace of change and the need to implement layers of often mismatching cross-border regulatory requirements have begun to beg the question as to the extent to which compliance and risk officers can help their firm to “future-proof” changes made, and in turn get the very best value out of the substantial investment continuing to be made into systems and technology.
Firms often have a love/hate relationship with their IT systems. Continuing investment in all aspects of information technology is an essential part of corporate life but entire change capacity and capabilities are being utilized to simply keep up with the changes required by evolving rules and requirements. All too often, for some firms there is no IT capacity left to develop new business ventures, fix manual workarounds or smoothly aggregate multiple disparate existing systems. Businesses and their boards, supported by the risk and compliance functions, need to develop a better way through the twisted jungle of regulatory change management. Firms can come at the concept of “future-proofing” from both ends of the issue – first by seeking to manage regulatory change itself and then by seeking to ensure that the implementation of any future changes are designed, as a matter of course, to be as flexible as is feasible.
Perhaps the most obvious means of future-proofing for firms is a deliberate strategic approach to manage the future regulatory agenda through lobbying. If a firm does not already have a lobbying program in place it may want to consider investing in developing an ability to influence the external regulatory environment. While lobbying is a medium- to long-term investment, the current mismatch and divergence of rules between jurisdictions are proving to be expensive and distracting for firms, with the issues in the derivatives marketplace between the EU and the U.S. a particular case in point. For any investment in lobbying to be successful, firms need to have both the resources and a deep understanding of the evolving stance and approach taken by regulators around the world. It was particularly apparent in the consultations around the revamp of the European Markets in Financial Instruments Directive that firms reporting that change would be expensive or compliance difficult were not able to influence the proposals. Policy makers are focused on the protection of customers and firms need to base their responses and suggestions for alternate approaches on the premise of the need for consistently good customer outcomes. The world of financial services regulatory change has become utterly customer centric and firms need to find the best ways to influence regulators to ensure that any new approach results in a workable rulebook which delivers in practice on the required customer protections.
At the other end of the change process is the overarching need to build an inherent level of flexibility into all technological compliance solutions with the central guiding tenet that firms are always going to need robust, comprehensive and repeatable evidence for all customer-facing activities. There are several elements to this, not least of which is the need for risk and compliance officers to have a comprehensive understanding of their firms’ current systems. Risk and compliance do not need to become instant IT experts but they do need to understand what the firms’ systems can and indeed cannot do. Specifically, risk and compliance need to be close enough to the technology to be able to work with IT on the design specifications and requirements for any and all regulatory-driven changes. Many firms have already tested this theory as part of the work undertaken to become compliant with the U.S. Foreign Account Tax Compliance Act (FATCA) when not just U.S. citizens were reviewed for complete know-your-customer documentation but the opportunity was taken to review (often on a risk-based approach) the entire client database to cleanse and refresh the information held as well as fill any gaps.
The ability to future-proof regulatory change is not a panacea for all ills but it does return at least a measure of control to firms struggling under the sheer volume and complexity of the regulatory change agenda. Ideally, future-proofing should become a virtuous circle whereby the impact of future change is made more practicable through a firm’s lobbying efforts and any resultant change can be implemented swiftly and easily through systems which are designed to be inherently flexible. Only then can firms return to the widespread use of systems to improve and innovate business activities rather than having all IT capacity absorbed in simply keeping the firm compliant.
Learn more about Thomson Reuters Risk Management Solutions
Discover more insight by professionals, for professionals in the Know 360 app