Despite insights gained from managing regulatory change, most banks still lack a holistic approach or framework to respond to these regulatory issues. Instead, banks take a reactive approach to regulatory response.
Rather than ‘firefight’ against regulatory change, banks can adopt a more holistic, cohesive regulatory response, one that is underpinned by a more agile organisation, a more balanced risk-reward corporate culture and a more consistent change methodology.
Drawing on our experience in Axis Corporate, we believe a solid approach should include the following steps:
Develop a more balanced risk management corporate culture
Defining a risk appetite is essential to developing and embedding a balanced risk culture. Adopting a clipboard approach to Risk, Compliance or Internal Audit is no longer enough, as even a slight breach by a single individual or team can threaten the entire organization’s stability. With fines and penalties increasing, banks’ corporate culture must dramatically change to make employees more aware of the risks affecting the business.
While most banks have already succeeded in making employees well aware of issues and objectives, more effort is required to embed a corporate risk management culture aimed at making employees as sensitive to GRC issues as they are to commercial objectives. To succeed, any major corporate culture change needs to be supported by a change in values, appropriate training and effective controls and tools.
Adopt a common ‘portfolio’ approach and methodology to address regulatory issues and changes
Adopting a common ‘portfolio’ of change and methodology can target efficiency, consolidate data and aim to reduce the size of the burden. Banks can no longer finance an ever-growing regulatory change portfolio or disparate set of projects, as they need to allocate (or defer) budgeted funds for new strategic transformation initiatives.
Banks and their advisory partners should explore regulation overlap, align with business priorities and aim to merge regulatory programs — for instance, by reviewing regulations related to MiFID II, Dodd-Frank and European Market Infrastructure Regulation (EMIR) to identify common changes, and then leveraging precious expertise and resources to address multiple and comparable requirements.
In addition, the profitability of some activities is seriously affected by regulations. A common regulatory change methodology should take this into consideration and assess business, operational, financial and customer impacts to help banks make the most strategic choices.
Implement a business-risk partnership model
As regulation is now central to banking activities, strategies should be closely tied to it. Governance, risk and compliance (GRC) professionals should therefore be business partners involved in each step of business strategy development and implementation. Typically, GRC professionals only deliver advisory opinions. But banks should instead implement a framework or model to encourage a business–risk partnership so as to put business strategies, risk management and compliance at the heart of the organization.
Anticipate regulatory changes with constant horizon scanning
Banks must stay ahead of regulatory trends. An effective strategic and organizational plan relies on a strong capacity to anticipate key changes. Banks need to engage experts and take measures to grasp the full landscape of regulations, understand their implications and foresee changes to the business.
Successful banks assess the future regulatory landscape across a 2–3 year period through comprehensive and thorough horizon scanning, impact assessments of the business and consultation with regulators.