The alarm clock buzzes, and it’s time to face the day ahead. Feet touch the cold morning floorboards and that first sip of coffee hits the soul. Dressed and ready for the commute to work but each day is different from the one before. How can you know what to expect?
For a Bank or any financial institution, addressing regulatory requirements is one of the top priorities. Regulatory Change Management is a dynamic daily responsibility within the Compliance Management System, which we covered in Part Two of this blog series, and relies on aggregating content from a variety of sources in order to complete. A typical morning in the office for a Regulatory Change Manager or Compliance Officer starts with sorting through all the daily information updates and emails. Scanning through your inbox, which by 9:00 AM is already filled to the brim with unread messages, then deciding whether to read, bookmark for later, forward, or delete is a tedious process. There could be, and often there is, a laundry list of regulatory updates and information buried in emails from federal or state level banking organizations, news publications, and other sources. A substantial part of the morning consists of reading and organizing these emails, and that’s just the tip of the iceberg.
Track: Dissimilar content from disparate sources
The emails might point to information located on government websites that require further research and investigation. Visiting and searching on individual agency websites like the CFPB, FDIC, FinCEN, Fannie Mae and the Federal Registrar, to name just a few, could take the rest of the morning – and that’s just finding the information. On the CFPB site, one must check Policy and Compliance under the rulemaking heading and read both Final Rules and Proposed Rules. Then in notices and opportunities to comment to determine the open comment periods. Under another section, enforcement actions can be reviewed. Now to the next agency, FDIC has its own website and section on Laws and Regulations with sections on policy, press releases, speeches, testimony, articles and enforcement actions. The FFIEC also has sections for press releases, enforcement actions and a “what’s new” section. Fannie Mae has a featured news section for single-family lenders for servicing and selling guide updates. FinCEN has advisories, bulletins, fact sheets, filing information, SAR stats, statues and regulations, news, speeches and enforcement actions. The Treasury covers OFAC and financial sanctions lists, economic policy, consumer policy and tax policy. This list is monotonous and redundant and could take days or even weeks to comb through. Not to mention, you could very well still miss something important. For example on December 9, 2015, the Highway Bill, which is issued by the Department of Transportation, included changes to the Gramm-Leach-Bliley Act (GLBA) which requires that financial institutions provide annual privacy notices and other securities laws. Many compliance professionals missed that one since it wasn’t located on any radar that a Regulatory Compliance Manager would regularly monitor. It was categorized under the Department of Transportation even though it applied to financial institutions.
Everyday the search for regulatory information and updates piles atop the day before. The ability to sift through the ever-growing pile determines whether a bank or financial institution will be able to be proactive or reactive in the compliance environment.
Normalize, Organize & Classify: The Monotonous Part
The next step is making a list of regulatory releases and then prioritizing them; creating a spreadsheet to track all of the changes and again, sorting by priority and upcoming deadlines, like comment close dates. It’s easy to spend an entire eight hour day just tracking down and then organizing regulatory changes. In fact, many of the large national banks with total AUM above $5B will have a role specifically to track and organize regulatory changes and updates, often called a Regulatory Change Coordinator.
The first step toward a streamlined operation is identifying the sources you need to follow then creating a manual flow to track activity. As a Compliance Officer at a Community Bank in Illinois, there are a variety of topics I need to stay abreast on, including Bank Operations, BSA/AML, Commercial Lending, Consumer Lending, Credit, Cybersecurity, Debt Collection, Deposits, Lending, Mortgage Lending, and Privacy. Since I am at a regional bank, I only need to track regulatory activity in Illinois and federally based on my bank’s charter and otherwise, as relevant. Here is an example list of agencies and news sources that I subscribe to and have bookmarked in my browser:
Federal: CFPB, Fannie, FDIC, FFIEC, FinCEN, OFAC, Treasury
Mainstream News: American Banker, The Economist: Finance and Economics, The Hill: Finance Policy, The Hill: Finance Regulation
On average, I receive 30 to 40 newly published documents from the 7 Federal Agencies I am tracking. Some I get straight in my inbox, whereas other documents I have to track down. Some are press releases and news updates, others are proposed rules, notices, and final rules. I organize this collection of content into an excel spreadsheet with columns to track the document type, comments close date, effective date, publication date, title, link, and source. Then I need to determine the related topic or product for each document, log it in the spreadsheet then decide which person or department should review the document. I add a separate column for the number of pages of each document so I have an idea about how long it will take to read. The spreadsheet is an important tool to roadmap the entire process but, it is tedious to maintain. Often I spend 4 hours in the morning going through this routine and preparing the spreadsheet with the latest regulatory updates, and I haven’t even read any of them yet. From that point, the skeleton of the research is done, but I still have to take what is given and develop it further.
Again, larger banks often need to divide this process between various distinct roles. For example, at a national or international bank, there would likely be a Regulatory Change Coordinator tasked with doing only the organizing responsibilities I just mentioned. Other organizations will designate various compliance roles per product, like a specific AML/BSA Compliance Officer or a Mortgage Lending Compliance Officer. However, at a small to midsize regional bank, or at a community bank, the compliance team normally consists of one to three people, responsible for all the bank’s products and the entire compliance management process.
Today, I had 34 published documents, including 2 final rules. Both final rules are 86 pages in length, and one is effective 4/1/18 and the other 4/1/19. Priority can be assigned to the closest pending final rule. Based on the average adult reading speed of 300 wpm (Nelson, 2012) and the average page word count for a regulation in the federal register of 1,100 words per page (Starr, 2013), it would take roughly 5.25 hours to read each of the final rules. To read all 34 of the source documents, it could take me at least 15 hours. Let’s assume it takes an entire day each week just to sift through emails and search separate websites for information. Here’s a back of the envelope cost calculation: The average rate for a Regulatory Change Coordinator/Manager in the US is currently around ~$115/hour, then on average $3700 per person per month is devoted to simply researching and organizing regulatory changes. The larger the number of products, geographies of operation, charter for your organization and the size of the compliance team, the higher this cost (and the complexity) gets. And, this does not even include the often hefty cost associated with actually reading and analysis of the documents to understand and explain the impact of the changes on the business to the rest of the organization. Additionally, this doesn’t include the federal and state level legislation and statues that compliance teams need to review as part of their ongoing regulatory research and analysis. No wonder many financial compliance teams specify “the ability to hire” qualified AML staff their second biggest challenge in meeting compliance goals. See the chart to the right published in 2016 from PwC’s Global Economic Crime report.
Don’t miss our interactive Regulatory Intelligence Calculator at the end of this post to see for yourself how much manual Regulatory Intelligence is costing your firm.
Read, Analyze, Plan
Tracking and organizing regulatory changes is just one aspect of Regulatory Change Management. Once all of the information is organized and categorized, the work is reading, analyzing and then developing an implementation plan. Reading and understanding the new regulatory landscape is an important aspect within the change management process and often the most time-consuming. Luckily there are promising technologies within Legal Tech and RegTech that promise to provide automated and intelligent summaries of complicated regulatory documents. This wouldn’t reduce the need to thoroughly read the document, but it could significantly save time by providing a level of immediate analysis about what the document pertains to and extract some key information. Once the content is read, an evaluation can assess the inherent impact on the business.
Collaborate and Disseminate: Get the word out
Once the impact has determined which branches of the organization will be affected, the Regulatory Change Manager can engage the appropriate senior management. Performing a residual impact assessment can help address any gap analysis required to comply with the upcoming regulation. The last phase is implementation and testing new controls to ensure that the new systems are in place and working as they should. Adjustments can be made periodically based on testing results to further ensure compliance.
Technology to the rescue!
A great portion of the costs associated with how we manage regulatory changes today could be spent on innovative technology to streamline the process, not to mention the amount of precious time being saved could be applied toward implementation strategies. Regulatory Managers could re-focus their time on reading regulations, developing training and conducting a gap analysis, if they took advantage of a technology solution that automated part of the work.
Automation and innovative technologies, such as Artificial intelligence, could offer a streamlined way to stay current on regulatory changes in real-time while organizing the new information and notifying users to ensure that nothing is missed, and to help separate noise, chatter from consequential regulatory document relevant to a business. This is a growing industry referred to commonly as RegTech, which serves a variety of purposes within the Regulatory industry and framework. There are a variety of RegTech solutions that specifically address the challenges of Regulatory Change Management and others that specialize in a broader Compliance Management solution. Considering how tedious, costly, error-prone and frankly repetitive some of the tasks above are, it’s good timing to take a close look at such RegTech solutions.
Try our Regulatory Intelligence Calculator to get an estimate of how much manual regulatory change management is costing your firm each month.
What if there was an easier and more efficient way to achieve Regulatory Intelligence without all of that painstakingly manual process?
Compliance.ai’s Pro Edition platform does all the searching, compiling and organizing for you. Compliance.ai applies machine learning and artificial intelligence to automatically curate real-time regulatory information from a variety of sources: Federal and State level agencies, rules, executive orders, notices, enforcement action, and regulatory publications from the press and independent agencies. In addition, you can further customize results by applying topical filters. Gain actionable intelligence and personalized notifications through Compliance.ai to save your compliance team’s precious resources. Try out a free 30-day trial for yourself. Click here to sign up. No strings attached!