Part Two: Regulatory Change Management
What is a Regulatory Change Management Program?
The next part of our “Day in the Life of a Compliance Officer” blog series is going to take a deep dive on one of the most complex and dynamic pieces of the Compliance Management System, Regulatory Change Management. The Change Management Program outlines how a bank identifies, evaluates, implements and validates changes related to a regulation or updates coming from an agency. Regulatory changes can come from any number of sources from the state or federal level, and even from supervisory agencies. The banking industry is one of the most heavily regulated industries, and the process has only become more cumbersome after the Dodd-Frank Act in 2010. The Dodd-Frank Act was the government’s response to the financial housing market collapse in 2008 and outlined a variety of mandated reform efforts and consumer protection initiatives. The most significant outcome was the creation of the Consumer Financial Protection Bureau (CFPB) to oversee the current regulations and develop and implement the reform outlined in the Dodd-Frank Act. Other federal agencies that regulate the financial services industry include: the Department of Justice (DOJ), the Financial Industry Regulatory Agency (FINRA), the Treasury (TREAS), the Federal Financial Institutions Examination Council (FFIEC), and many more. Trying to sift through all the news and updates from the bureaus and agencies can be time-consuming and challenging to filter through the irrelevant noise coming from mainstream news and unaccredited sources. We will zoom in on this aspect of information collection in Part Three of this blog series.
The first step to understanding regulatory change management is understanding how the system works. Which starts with the process of creating a new regulation. This starts with a proposed rule, which is open for a comment period and then the comments are reviewed, a final rule is published, and an effective date is assigned. Supervisory agencies then develop an examination manual to monitor compliance within the industry. The CFPB was established to have authority over the majority of the federal financial regulations, and they are the primary supervisory agency for large institutions, but regulations can also be generated by Housing and Urban Development (HUD), Federal Reserve System (FRS), or the Securities Exchange Commission (SEC) just to name a few. The Federal Deposit Insurance Corporation (FDIC) supervises state-chartered banks, the Office of the Comptroller of the Currency (OCC) supervises national banks and thrift institutions, and the National Credit Union Administration (NCUA) supervises credit unions. The United States undoubtedly has an incredibly complex financial regulation system and oversight as it pertains to banks and businesses.
How are Compliance Professionals currently dealing with Regulatory Change Management?
Since there are so many different agencies implementing rules and publishing best practices that affect the banking industry, it can be tricky to keep track of it all, particularly because the agencies are disjointed from one another, even if they are providing guidance, making enforcements or proposing new rules on the same topic. Signing up for email alerts with an agency, a supervisory agency, State regulator, and State or National Banking Associations can help by sending the updates directly to your inbox, but you still have to sift through the various emails and identify what is relevant to your business. This is not a trivial activity. At larger entities, the responsibility of tracking and monitoring changes is an entire role in and of itself. The reason it is important for a Change Management team or Compliance team to monitor this is to follow which stage they are in the rulemaking processes (such as Prerule Stage, Proposed Rule Stage, or Final Rule Stage). Most importantly, the updates and press releases provide an idea of what the bureau is focusing on and where their priorities lie. Proposed rules offer the opportunity to get a sneak peek of what the agency is working on. Of course, reading a proposed or final rule is time-consuming, as most of these regulations are lengthy and complicated, but it is necessary to understand if it is a subject that pertains to your business, so you can keep close track of the developments. Interpretations of proposed or final rules can be obtained from a variety of sources but it often comes with a hefty price tag. The more recent advances in RegTech solutions offering automatic data collection from dissimilar regulatory sources, automatic aggregation, clean-up, parsing, normalization, topic classification and summarization of regulatory documents offer unique opportunities to significantly reduce, if not diminish the Change Management burden portion of a Compliance Officers job.
Once a regulation has been disseminated, the next step is to evaluate it and determine how it affects the bank’s internal functions. The Compliance Committee is the perfect place to present the new regulation and open dialogue between departments. A Compliance Committee is a group comprised of the Compliance Officer, representatives of the Board of Directors, and all branches of bank operations such as Lending, Deposit, Investment or Information Technology. A summary of the rule can be presented and discussed to determine which changes will impact operations and staff. An action plan can be created to identify what changes need to take place and when they need to be completed and who might be responsible for different requirements of the rule.
Here are some questions to consider when creating an action plan, prioritizing action items and delegating action responsibility if applicable:
- updating policies and procedures,
- identifying staff members who will be responsible,
- is new software needed, should vendor demos and quotes be obtained,
- when should training be completed for management and employees,
- controls to prevent errors,
- creating source documents for regulators to outline procedures,
- how will compliance be monitored, and how will non-compliance be reported and managed.
What is the Future for Regulatory Change Management?
The action plan is a living document and should be reviewed at each committee meeting to monitor and track individual open action items and to monitor the progress of the preparations to ensure a smooth implementation. As new situations, updates, information or complications arise, the plan should be updated to address and resolve the questions posed.
After implementation, it is essential to monitor and report how internal systems respond to the changes. Monitoring can help to ensure that the bank is in compliance and any noted deficiencies can be indicators of procedural weaknesses or vulnerabilities in internal controls. Regular reports at Compliance Committee or appropriate sub-committees can address findings and issue corrective action to ensure swift compliance. The board of directors should remain in the loop as challenges arise so they can be informed and assured that the Change Management System is operating as it should.
With all the moving pieces and gears that are a part of the Change Management System, some tools can assist in lessening the burden for Compliance professionals who are tasked with navigating the ever-changing regulatory environment. The current environment of regulators churning out new or evolving regulation continuously, as often as 1 new regulatory document every 12 minutes, seems to only be increasing. Regulatory technology or “RegTech” offers solutions at every step in the regulatory change management process, which is clearly an area ripe for disruption. Stay tuned for Part Three of this blog series for a closer look at Regulatory Intelligence and Monitoring regulatory changes.
Check out Parts One and Three here:
Check out our blog on SaaS RegTech for more information about RegTech solutions.
Try the Compliance.ai Regulatory Intelligence solution to help manage regulatory change and stay in the know on all things related to financial regulatory compliance. You can sign-up in seconds and get full access to the product for free for 30-days.