In the 10 months between 01 January 2019 and 31 October 2019, the UK’s Financial Conduct Authority (“FCA”) published a total of 1,583 regulatory news stories and updates across 53 FCA publication topic areas (See Chart 1)
Let’s consider the key processes in managing regulatory compliance and change:
- Keeping up to date with regulatory changes: On average a new regulatory development is published every 7 minutes across global regulators. Being able to ensure this is captured, processed and understood is important for ensuring you stay on top of your regulatory obligations as the consequences of missing an applicable regulatory publication can be high.
- Identifying the requirements from a rule or change: Compliance against regulatory rules requires an understanding of what the rules means to your business ecosystem and what actions need to be performed in order to meet compliance. Regulatory rules come with specific obligation and actions that need to be extracted, understood and implemented to meet compliance. Wouldn’t it be great if every rules you had a checklist list of actions/obligations that you needed to follow and implement in order to be compliant?
- Maintaining compliant policies, procedures and controls: Regulatory compliance requires financial institutions to maintain a set of relevant policies, procedures, controls and governance structures to demonstrate that they have an understanding of their regulatory obligations against rules set for the business they do. A medium sized bank typically has in excess of 3000 controls and 1000 policies globally that need to maintained.
- Understanding gaps in compliance in procedures and controls from changing rules: As a regulatory change is published, financial institutions quickly need to understand the gaps between their current controls and the obligations under new rules. Imagine tracking those 3000 controls and 1000 policies manually to identify which one has been affected by a single rule change.
- Identifying relevant compliance owners for regulatory remediation actions and rules: Whether it is letter from a regulator to remediate non-compliance against a rule or a change required to be implemented against a new rule, the compliance actions and tasks that need to be performed to meet compliance need to be assigned, tracked and audited to completion across accountable owners across an organisation to demonstrate regulatory compliance. Our experience shows this is what regulators are really looking for.
- Maintaining a library of applicable rules, linked controls and ongoing actions : Imagine the power you can harness if you can maintain a digital, fully searchable library of all rules and linked policies and controls. Better yet, imagine if you can implement AI and ML on this digital library to intelligently search for the impact a rule change has on that metadata