By some counts, as many as 350 new rules will need to be promulgated over the next four years to effect the regulatory reform changes mandated by the Dodd-Frank Act. Although these rules are only directly applicable to financial institutions doing business in the United States, significant new rules and regulatory policies are also being issued in other major financial markets across the globe. The new rules will further extend what has already become a very intrusive regulatory climate and will alter the manner in which some financial services companies do business as well as the products and services they provide to their clients.
Challenges and Opportunities
Managing this degree of regulatory change will be a formidable undertaking for many companies, from large, global financial institutions that may need to reconcile conflicting requirements of their myriad regulators to U.S. retail banks that may be most interested in the changes that will be adopted by the Consumer Financial Protection Bureau.
Financial services companies that address these changes effectively will have a clear advantage. Those that fail to manage the process well will likely find their companies noncompliant and their risk management practices called into question by their regulators, customers and shareholders.
Our Point of View
The process of preparing for the extent of regulatory reform that is expected over the next several years is a significant undertaking for many companies and should be managed as a formal project. Keys to successful execution will include:
- Performing an initial, comprehensive “regulatory reform risk assessment” that, among other considerations, identifies the potential impact and timing of expected regulatory reform initiatives on a company’s operating model and products and services, and identifies what changes will need to be made to comply as well as the associated timeframes and expected cost. These changes must address, among other considerations, the impact to existing technology, the corporate governance model and organizational structure, business processes, reporting, and monitoring and testing. Management must consider not only the direct costs of making the required changes, but also whether certain provisions put at risk the viability of select products from a business perspective; in the latter case, it may make more sense to eliminate or outsource such product offerings rather than incur the costs to bring them into compliance.
- Effective tracking and analysis of proposed changes and updating the risk assessment, as appropriate. Given the number of changes at hand, it will be critical to group similar requirements into a manageable number of work streams, rather than attempt to address each specific change in a piecemeal fashion.
- A detailed project plan with defined objectives, clearly assigned responsibilities, key success factors, milestones and checkpoints. This will not only serve as a guide to the company, but also will demonstrate to regulators and auditors that the company has a well-conceived roadmap and approach.
- A regulatory reform project management office (PMO) and a steering committee with executive sponsorship and representatives from across the company, including risk management, legal, compliance, audit, human resources, technology, finance and accounting, tax, and the business lines.
- A formalized reporting and escalation process to keep all parties informed and to surface quickly any obstacles or challenges to cost-effective compliance.
- A communication and awareness plan for educating affected parties – employees and customers – about the changes being made or planned, and establishing and reinforcing clear accountabilities for process owners to comply.
- A plan for ensuring that “everyday work” still gets done while implementation efforts are underway.
While it may be tempting to some companies to wait until final rules are issued, in many instances the direction of change is already clear. Successful implementation will require resetting the company’s priorities (e.g., determining what technology changes take precedence, de-emphasizing certain businesses, etc.) and incurring costs that boards of directors and executive management need to understand as soon as possible to set the company’s strategy.
Failure to address the regulatory reform challenge proactively exposes companies to noncompliance and increased cost and, most importantly, loss of market share to competitors that are proactive in their compliance efforts.
How We Help Companies Succeed
Protiviti’s Global Financial Services Team understands the inherent risks our clients face and the challenges of developing and maintaining effective regulatory compliance programs as well as implementing so many regulatory changes in the coming years. With delivery capabilities in the major financial markets, we draw on our proven project management skills, our knowledge of the financial services industry, and our deep competencies in risk and compliance, technology, finance and business processes, to assist our clients in:
- Understanding the regulatory requirements and their impact on a company’s business
- Developing actionable project plans
- Serving as the PMO or assisting the company’s existing PMO to manage implementation
- Assisting with the development of policies and procedures, monitoring and testing plans, and training.
We were engaged by a diversified global financial institution to lead a PMO to evaluate its global compliance program, recommend improvements and, upon approval, direct the implementation of these improvements. Protiviti worked seamlessly with company management in multiple locations to prioritize regulatory needs and redesign the company’s approach to managing and monitoring its compliance risk. We then assisted the client with the successful implementation of program enhancements.