Will increasing complexity break your existing Regulatory Governance approach?
Organisations have become used to regularly assessing their regulatory compliance, implementing remediation plans and evidencing all of this to regulators. Many are now turning their focus to reducing the cost of compliance. However new regulations are still coming in and increase reporting requirements will add further complexity – potentially breaking the Risk Governance models in some organisations.
Is your organisation ready?
Read on to find out how you can turn this challenge into an opportunity to transform and mature your Risk Governance operating model, decreasing costs and increasing quality and transparency.
Where are organisations today?
In the post-crisis world, Risk & Compliance organisations have been deluged with regulatory attestations, remediation activities, embedding and evidencing. On top of this, most organisations will also have potentially overlapping audit points and findings from operational risk assessments. More often than not, these activities are managed separately, often using spreadsheets, risking inconsistency and potentially giving conflicting information to regulators and management.
Faced with these increasing and often duplicative reporting demands, many banks are looking for ways to streamline and reduce the cost of achieving, and demonstrating, compliance.
So what should organisations do?
Additional regulations are still coming (AML4, elements of CRR2) and the regulatory bar is always rising in terms of increased scope and granularity of compliance reporting. The current model is no longer sustainable, in terms of headcount/cost, quality and timeliness.
It is time for a step change
I recommend that organisations use this challenge as an opportunity to transform the way they approach Risk Governance. This should begin with a holistic review of their regulatory maturity that encompasses organizational aspects, architecture, methods, data and reporting.
Once organizational, process, data and reporting requirements have been established, organizations should look to leverage ‘RegTech’ solutions (Ascent, RegHub.IO, etc) to help them manage the assessment and evidencing of compliance. These can not only address the additional regulatory complexity, but simultaneously increase overall quality and decrease costs by introducing:
- Automated or utility regulatory horizon scanning – Use of machine learning based systems to identify and categorise upcoming regulations and score for relevance. Potential use of utility models that centralise regulatory analysis.
- A single version of the truth – one view of compliance status and remediation actions by regulatory requirement, entity, desk or business line
- Workflow driven compliance processes – assign individual requirements to individuals for compliance assessment or remediation planning. Centralise the collation and versioning of evidence.
- Standardised and automated reporting – Automated production of regulatory deliverables such as annual model attestations, including compilation of evidence packages.
The increasing complexity of assessing and evidencing regulatory compliance is likely to strain the Risk Governance models of many organizations to breaking point. Organisations should use this opportunity to build out regulatory maturity, using RegTech as a catalyst to increase capability and quality, whilst decreasing overall costs.