6. Be More Swan: Practical steps for a sustainable solution: Control
In this edition of our Regulatory Change mini-series we look at three effective steps in the control of Implementing Regulatory Change which form part of the 9 step framework to Be More Swan.
Take proactive steps to drive a long term sustainable approach to compliance.
Build a flexible regulatory resource pool
Coordinate and plan client engagement
Create a regulatory processing factory
7. Master your data
A strategic approach to data is required to manage the wide-ranging compound impact of the overall regulatory agenda on the data landscape of market participants. This is important to both provide the accurate data that is critical to the success, and to provide the flexible capability to set up and change new regulatory reporting requirements.
New regulations are causing continual introductions of new ‘master’ data, the core information that financial organisations hold, re-use and trust to be correct. Regulations often require data to be reported at levels of both abstraction and granularity that disparate systems do not easily allow. The inevitable tactical solutions, with manual processes and spreadsheets, and the inevitable consequent human error and duplication complicate the picture further.
We recommend taking a fundamental review of the data infrastructure, the approach to storing client reference data and how you maintain the corresponding support systems.
Data management checklist
A centralised master data strategy defining where new master data will sit (e.g. CRM versus trading systems), and related internal and external data flows.
Invest in systems that allow strategic data controls (e.g. workflow tools, business rule validations, audit trails, and automated writing to master reference data systems).
New data requirements defined at the start of each new regulatory implementation (including the storage, maintenance and sharing approach).
Data sources, verification needs and options for updating from supplementary sources captured, and data refreshed on a regular basis.
Good practice and control built into every process (including second person validations, clear ownership of data points and processes for reviewing data issues).
Data quality KPIs are clearly understood and managed.
Business as usual teams trained in processes for updating master data and inputting new master data.
8. Think BAU from the start
Regulatory implementation initiatives almost always have two parts. The first, known as the project, uplift or remediation phase, is to make the existing business (e.g. clients, trades, documents) compliant. The second phase is to ensure that the new regulator y regulations are met on an ongoing basis, both for existing and new clients – the ‘BAU’ or business as usual phase.
To avoid complicating transition, we have found it is important to focus on the BAU phase from the start.
Preparing for BAU involves transitioning processes and functions set up in the project into the BAU teams. It may also involve setting up a new service to clients or even a new department.
BAU transition planning checklist
A transition plan for each regulatory initiative, identifying the optimal point for handing over each task.
Coordinate the BAU transition approach across the whole regulatory change project portfolio, assessing where it makes sense for roles and tasks to sit together.
A set of robust checkpoints ‘gates’ that governs transition, with business sign-off at each stage.
Project phase teams and processes set up to allow easy transition into BAU, with department subject matter experts involved to support the approach.
Technology opportunities used to support transition (e.g. workflow and automated controls).
Training programmes run before, during and after go-live and dual operating periods used effectively.
9. Control, monitor and assure compliance
The ultimate aim of regulator y change is ensuring compliance. However, the nature of implementation can paradoxically lead to high potential for ‘breaks’, or instances of non-compliance.
Some tactical systems, processes or workarounds are inevitable. New processes are often untested in a BAU environment. Controls to manage the associated risks are of paramount importance. Further underpinning this need, regulators, and increasingly clients, look for a demonstration of a robust set of controls and risk management measures.
Compliance control, monitoring and assurance checklist
Monitoring processes for non-compliance (including both reporting and technology controls).
Exception reporting and escalation processes, including key criteria and tolerances.
Strategic controls implementation projects included on your regulatory roadmap.
A formal review process to quality assure process for weaknesses.
Measures taken to proactively avoid non-compliance (e.g. preventing non-compliant accounts from trading).
The Quality Assurance function and subject matter experts involved in shaping controls during implementation.
A plan to engage with regulatory, clients, trade repositories and other external parties.
In the next edition we will conclude our mini-series with some final points to consider in “Strategic solutions to Be More Swan.”