I am sure that anyone involved in financial services will agree that the unprecedented level of regulatory initiatives and change since 2016 (such as SM&CR, AML, MiFID 2, GDPR) have tested (and in many cases are still testing) management, resources, technology and budgets to the maximum.
Undoubtably, most will appreciate the principles driving the need for the regulatory changes and understand that they have been designed to improve transparency, risk management, market and business conduct, fairness to customers, and data security in the longer term, and ultimately strive to prevent financial services meltdowns.
However, implementation of these regulatory changes has been incredibly expensive, complex and time consuming for all firms, potentially resulting in a shift of focus from business operations and negatively impacting progress on their existing risk and compliance initiatives or priorities for 2018.
As a consequence:
Q. How many firms are behind on their risk management activity such as risk and control assessments?
Q. How many firms are behind on their compliance activities and monitoring?
Q. How many firms have no budget in 2018 or resource for any risk and compliance framework improvement initiatives?
Q. How many firms have had to reassign resource from their risk and compliance teams to the regulatory projects implementations, weakening the risk and compliance management?
Q. How many people feel regulations like MiFID2 and GDPR, in the short term, have not enhanced fairness, conduct and risk management?
Q. How many people feel they have not embedded the new regulations past the point of tick box exercises?
Q. How many people feel that they have regulation ‘fatigue’?
Well, if your answer to any of the questions above is ME!!!, then I can assure you that you are not alone.
The real question that needs to be asked is what do you do about it?
Regulatory change is not going to stop, how do you get back on track and how do you ensure that you firm is better able to respond to future regulatory change without stopping the ‘Business As Usual’.
The FCA recently published their 2018/2019 business plan and it is apparent from review of their cross-sector priorities that the expectation is for the regulatory change to be implemented alongside your other risk management and compliance activity, with focus on firms’ culture and governance, Financial Crime and Anti-Money Laundering, data security and treatment of customers.
How do you get back on track?
The response has to be:
• Perform a clear roles and responsibilities model identifying the appropriate RACI (Responsible, Accountable, Consulted, Informed) for the risk and compliance activities that must be performed in 2018,
• Risk-based prioritisation for the tasks that need to be performed in 2018
• Clear, owned and achievable action plans for controls that are broken, and activities that have not yet been performed
• Simplified and transparent reporting- ensure valuable resource is spent reporting on ‘what is important’, not on ‘what we have always reported’
How do you ensure you future regulatory change does not result in highly expensive project teams, and prevent you performing and improving your BAU risk and compliance activities?
• Design and implement an appropriate and effective Target Operating Model for Risk and Compliance Management in the 1LOD and 2LOD to ensure the adequate capacity and capability to support your operations, strategy and regulatory environment.
• Converge your risk and compliance management processes – Compliance, Operational Risk, Conduct Risk to one common framework and data model.
• Improve your enterprise risk and control data model and implement standard risk and control libraries
• Implement a risk and compliance database that will manage all your risk and control data, aligned to regulatory rules, policies and produces timely, value add reporting
• Review and improve Governance and Reporting
With the correct structure, processes, tools, and resource capability, your firm can meet the existing and future regulatory obligations and avoid expensive remediation.
How can 1RS help your firm?
Contact 1RS today to find out more