Delivering Regulatory Change - Lessons Learned
Project Managers used to take great delight in their stock joke 'the only constant is change'. Maybe that should be updated to 'the only constant is regulatory change'. The last few years have seen a wave of regulation wash over the investment management industry with RDR, AIFMD, FATCA, EMIR, KIID, MIFID II and CASS - an alphabet soup of acronyms. Whilst we have to accept that new regulation is a constant, we are hopeful that by applying the lessons that we have learned so far, implementing regulatory change should be less onerous going forward.
Our top "lessons learned" from having helped our clients implement a wide range of regulatory change initiatives are as follows:
1. Avoid "analysis paralysis"
The regulatory change project plan is a well-trodden path starting with analysis of the regulation by external advisors, legal and compliance teams. Technical analysis needs to be solid enough to allow the strategy for responding to the regulation to be shaped but not so protracted that it jeopardises the ability to respond.
2. Focus on how regulation impacts the business model
Too often time and resource is spent on sifting through the regulation itself rather than identifying the key impacts on the business. Step around the minutia of the regulation and focus on understanding the impact that it has on the business model at the earliest opportunity.
FATCA required extensive tax treatment analysis but its real impact was on client on-boarding, data collection and reporting. Analysis of the downstream impacts is often lost in the fug of trying to guess the regulator's intentions.
3. Prepare a business case
Regulatory change budget tends to be viewed as "non-discretionary spend" and justified as the cost of staying in business. Often as not regulatory change costs are tracked but not scrutinised and potential benefits are not considered as part of the business case and not realised as a result.
4. Look for opportunities
As the regulatory change budget is increasing at the expense of 'other' change budgets it is more important than ever to consider how regulatory change can be used to improve the business model. For example, consider AIFMD as a chance to tighten up corporate governance; RDR was a vehicle to clean-up pricing models and almost all regulatory change is an opportunity to improve data quality and introduce data governance for the longer term benefit of the organisation.
5. Look for synergies across regulations
Related to above point but deserving of special mention. Regulatory change has often been delivered as discrete projects operating in their own silos resulting in replication of technology and processes and increased costs. Regulatory change is best run as a portfolio of change, thereby allowing common themes to be identified and synergies across regulations to be realised.
6. "Sticking plaster" solutions are not sustainable
The external deadline driven nature of regulatory change projects means that 'interim solutions' are often seen as the norm. Work-arounds, 'Spanish-customs', and 'off the side of the desk' solutions are justified because the only objective is to be compliant. Well that's the issue - how long can you remain compliant with these solutions in place? If that is the end result of all regulatory change, then that is a lot of 'sticking plaster' holding the business together. Recognise that an 'interim solution' is exactly that and commit to delivering a strategic solution, even if it may be after the deadline date.
7. Recognise that organisational change may be necessary
The net result of regulatory change has often been that business units are left performing non-value added regulatory tasks on top of their day jobs. This creates a high regulatory and operational risk environment, one that Compliance and Internal Audit teams are soon going to discover as they monitor the ongoing compliance of the business with the multiple regulations that are now in effect.
We are seeing a tension within the business where business units are now unable or unwilling to carry the burden of the new operational processes and procedures created by regulatory change, and the Compliance teams, who are neither staffed nor trained to perform the operational activities, are calling the business out for unacceptable regulatory and operational risk. So what's the solution? One option to consider is establishing a capability ('Operational Compliance') that sits between the business and the compliance functions, taking the non-value add functions out of the business, performing them centrally and giving compliance the assurance that regulatory requirements are being met. (How to approach the setting up of an 'Operational Compliance' function is something that we plan to explore in a future issue).
Applying the lessons
There will always be the next big regulatory project to occupy management time and absorb business resource. At ISC we are hopeful that by applying lessons learned, that the pain of regulatory change will start to ease and will deliver business benefit over and above the intended impact of the regulation.
At ISC we have extensive regulatory change experience; are highly familiar with the regulatory project plan and have the expertise to help support investment managers identify the opportunities to improve the business that regulatory change can facilitate.
If you would like to follow up on this topic, please contact firstname.lastname@example.org