Implementing Regulatory Change: a Blueprint for Success
As the global crisis in the financial markets takes its toll, at more and more firms questions are being asked about what the regulatory future will look like. But the recent announcement from the Basel Committee that it is to press ahead with specific regulatory measures as quickly as possible signals the likely future: a tougher regulatory regime for financial institutions. As well as new regulations coming into play, regulators will enforce existing requirements with more rigour, and tougher supervision will drive most of the remedial work firms undertake.
It’s a trend that is already observable. And if the amount of regulation and the level of scrutiny is changing, then so are its inherent characteristics – with important implications for institutions attempting to adapt to the new regime. In the UK, we are now entering the era of principles-based regulation, moving away from the ‘box-ticking’ exercises of the more recent past. The UK’s Financial Services Authority (FSA) will set the direction for a particular regulation and leave the question of how it will actually be implemented, and what standards are to be applied, to the market participants themselves.
That means that there will be a greater focus on analysis and interpretation. The days of taking the rule maker’s bible and dropping its directives wholesale onto the organisation are beginning to fade. That adds considerably to the already major challenge that banks and other financial institutions face when it comes to regulatory change. In the principles-focused world, translating requirements into activity puts the onus on firms to interpret the regulation in their own way. And having taken a view on the regulation and, by definition, created a uniquely tailored version of it, the organisation then has to prove compliance. All of which creates uncertainty within any compliance programme.
It also lends itself to budget over-runs. With no boxes to tick and no to-do lists to mark up, it is all too easy for a compliance programme to turn into a lumbering, over-budget behemoth; with no idea of its own boundaries and no real sense of direction it lurches from one crisis to the next. To add to the problem, it’s not that uncommon for other smaller, less essential projects to sneak in under the radar and somehow get caught up in the whole compliance circus.
Finally, the new principles-based approach has implications for financial institutions’ relationship with regulators. The FSA, and its equivalent bodies elsewhere, is not a scary beast to be placated with tacit obedience. Instead it is an organisation that can and should be negotiated with, to find the best workable solution. Major players already have a strong relationship with regulating bodies, and this needs to be maintained, or emulated, in the principles-based environment. These issues alone indicate that the methods used for implementing regulatory change need to be re-examined and, if necessary, re-designed.
The first, and obvious, move is to look at attitudes towards the regulator. Ongoing dialogue is key to successful implementation of principles-based regulation and finding the right balance between influencing the FSA, interpreting what comes out of the regulation and then negotiating the firm’s position is essential. Certain market participants are already very good at negotiation and, as a result, are able to put in place a workable compliance programme without encumbering themselves with excessive, costly and unwieldy processes.
They are also able to shape regulation moving forward. Banks that are adept at using their own networks, or a consortium of other market participants, can influence the regulator’s position. The benefits of this proactive, rather than reactive, stance can be seen in the lobbying work of the British Bankers’ Association (BBA) in response to both Basel II and MiFID. Although much of the regulation has been guided by the FSA, it has been influenced significantly by industry opinion expressed through BBA committees and working groups of participant banks.
External relations are therefore crucial – and defining a clear strategy for communicating with regulators and peer institutions at the start of any regulatory change programme is essential. But equally important are internal relations – particularly among the people who are running regulatory programmes.
To date, the responsibility for delivering regulatory programmes has typically been held either within the business function that is most affected by the new rules or where the majority of the technical subject matter expertise is located. This raises two problems. The first is that when functional boundaries are crossed it can lead to blurred accountability or, in the worst case situations, business functions being left out the loop during the early planning and analysis stages. The second is that areas with little change experience can end up owning major programmes of regulatory work.
We see this in practice, where risk, finance and compliance professionals have taken the lead role, since they understand even the most obscure aspect of a new directive and the legal ramifications of non-compliance. But their true comfort zone has been in the implementation of more prescriptive regulatory directives that have had limited scope for interpretation.
The problem is that ‘regulatory’ experts do not necessarily know how to deliver change, especially when principle-based regulation requires the full scope of the programme to be clearly defined and managed. Their particular set of analytical skills are not always those required to introduce the new processes, and often the new technology, necessary to support the practical application of those principles-based directives. The result: a regulatory programme that may well spiral out of control.
This is the fundamental point to successful compliance projects. At heart, they are change programmes that can deliver strategic improvement to a firm’s operational processes or even market position, not just exercises in compliance, and they should be managed and treated as such. Again, Basel II serves as an illustration: is it about producing an end report to be submitted to the FSA to meet a compliance requirement? Or is it an opportunity to improve internal capital management processes and build cohesive operating principles that enable risk, finance and treasury departments to co-operate effectively in order to manage capital?
If it’s the former, then the regulatory change programme can happily stay in the hands of content experts. But what if it is a means to wider strategic improvements? Then it belongs firmly in the hands of change experts. Finding that balance between content and change delivery expertise is often the deciding factor between a successful and troublesome programme.
When compliance projects are treated as change programmes, then the fundamental principles of change management can be applied. Senior management are engaged from the outset and have oversight of the whole programme – something which is key to any programme’s success. The scope of the programme is set at the start and managed carefully through dialogue with regulators, industry bodies and internal management. Strategic and tactical goals are established, along with success indicators, timelines and benchmarks.
However, the subject matter experts cannot be confined to the sidelines. When decision-making authority is in one place but those who understand the subject matter are elsewhere, then the project is doomed to failure. Specifically, a small steering group of ‘architects’ should be convened at the start of the programme to translate regulation into specific requirements, and should continue to be the ‘guardian’ of these requirements throughout the programme.
This group must include both regulation and change delivery experts and be empowered to make cross-functional scope, design, and boundary decisions. It should work closely with IT, operations and ‘business as usual’ people from the outset to ensure continuity and communication between teams and to establish a common understanding of the business impact of the regulation throughout the organisation.
There are choices to be made in any regulatory compliance programme: how to manage the regulator; whether to aim only for compliance or use the programme to make strategic enhancements to operations; and what the balance between content expertise and change delivery skills will be. However, these are choices that must be made at the beginning of the programme to define its scope and head off unnecessarily distracting and diversionary questions later on. That way you get an efficient, well organised and clearly defined change programme that has a specific end-goal in sight and the right level of engagement from all relevant experts to deliver practical and robust processes, procedures and systems.
This is the reality for delivering regulatory compliance in the future. The flow of legislation is likely to increase, finance, risk and operations are likely to become more closely aligned, and banks placed under greater scrutiny than ever before. Organisations that can put in place a successful blue print for delivering strategic change in response to regulatory demand will, without doubt, be those best placed to continue delivering benefits to shareholders and customers – whatever the future holds.