Regulatory Headaches? Operationalize Compliance and Call Me in The Morning.
Keep these criteria in mind as you assess your regulatory risk management program and compliance management systems.
10 August 2016
Your regulatory risk program has grown rapidly. You now have compliance staff in twenty locations with teams of regulators always on premise. You feel overwhelmed interfacing with dozens of business units, regulators and other parties. Documents are the life blood flowing through your organization. You do your best to make sure all documents are complete, accurate and timely, but on occasion wrong documents are shared, deadlines are missed and confidential information is leaked.
If this sounds familiar, you are not alone. Since the global financial crisis we have seen an unprecedented rate of regulatory change. For example during a two year period, there were over 10,000 regulatory changes in the United Kingdom, according to Wolters Kluwer. Another example is the United States, where there has been over 15 million new words of regulation.
In addition to new and changing regulations, consider the increasing fines and penalties. Over a seven year period, 20 large banks paid $235b in fines in penalties, according to Thomson Reuters. This has fueled demand for compliance professionals. It is not uncommon to hear about large international banks with 25 to 35 thousand employees in compliance related roles.
Now that most of the regulations have been finalized, in areas such as capital and liquidity, resolution plans and risk data aggregation and reporting, it’s a good time to review the effectiveness and cost of your regulatory risk program.
Key operational challenges where you are likely to find opportunities include:
- Manual controls such as a checklist, logs and signatures are time consuming and prone to breakdowns
- Version controls such as numbering conventions and distribution protocols become less effective as frequency of versions and number of recipients grow
- Evidencing business decisions continues to be an area of uncertainty when determining individual accountability
- Eliminating boundaries creates informational barriers between business units, geographies and technologies
Don’t forget, many of your regulatory documents are classified as confidential supervisory information. For these documents you will need another layer of information security controls. These controls are not optional, rather they are codified in each regulatory regime in which you operate.
Using a mental checklist, quickly compare how your regulatory risk program incorporates the following criteria:
- Single Platform to seamlessly manage all regulatory documents with internal and external parties across all business units, geographies and technologies
- Operational Controls that systematically create and store metadata for your regulatory documents to evidence accuracy, completeness and timeliness:
- Documents shared, with whom and when – evidencing business decisions and escalations
- Activity reports at the group, user, workspace, folder and document levels
- Comments accompanying documents
- Information Security including encryption at rest, in use and in motion
- Enterprise Standards to enforce best practices for collection, creation, review and distribution of regulatory documents
Keep these criteria in mind as you assess your regulatory risk program and compliance management systems. Interested in learning more about how Intralinks can help? Visit our business solution for Regulatory Risk Management.