Some years ago, a sales executive for whom I provided compliance support called me from the
airport right before boarding an international flight. The conversation went something like
this: Sales Exec: “I forgot to tell you that we’re looking to do business in China. I’m about to fly
to Beijing. Are there any regulatory issues I should be concerned with?”
My response: “I don’t know, Chinese prison, maybe?”
The gap between this colleague’s expectations for doing busi-
ness in China—and actually having a passing familiarity with
the Chinese regulatory environment—was striking. Yet it’s a
phenomenon we see all too often, given the growing number of
regulations impacting the banking world these days. Nostalgia
for the good old days is simply that—nostalgia. We have entered
a new world of regulatory compliance. In today’s highly regu-
lated banking industry, there are approximately 1,200 regulatory
agencies overseeing banking on a global basis that deliver an
output of about 2,000 regulatory changes daily. Or, to paraphrase
Dorothy in her transformation from drab black-and-white into
a Technicolor-enhanced Land of Oz, “our business isn’t just in
Kansas anymore.” Instead, it is wherever the business takes us.
That statement holds true for an increasing number of banks as
they expand in multiple jurisdictions and, accordingly, become
beholden to the laws and regulations of each, whether local, state,
federal, or beyond.
“If We Walk Far Enough, We Shall
Sometime Come to Someplace.”
The Need for a System
Compliance officers are required to be specialists in all of the
various businesses that a bank encompasses. That means we’re
responsible across multiple jurisdictions, sometimes representing seemingly innumerable regulators. In the last few years, our
responsibilities within the Compliance Department have grown
exponentially. And if we represent a global organization, we need
command of the laws and regulations that affect bank commerce
in all of the countries where we operate.
In order to be compliant, we need to help ensure our bank
has a dependable methodology that continuously monitors and
captures the ongoing flow of new regulatory information and
updates. That methodology should incorporate the fundamental
elements of a regulatory change management program. It should
also include—not least of all—a rigorous staff training component.
Training can go a long way in giving you confidence that you
have the right strategy in place and this will help empower you
to deal with whatever additional regulatory considerations your
sales team may spring on you!
The key to developing and maintaining a regulatory change
management program is through establishing a shared methodology that is consistently applied—and which is repeatable—
throughout all lines of the business.
This article will:
■ ■ ■ Highlight some key considerations for the development and
continuing growth of a regulatory change management program;
■ ■ ■ Introduce the concept of a regulatory library;
■ ■ ■ Examine the most common methods for managing regulatory
■ ■ ■ Look at some of the new technological advances in this area; and
■ ■ ■ Identify some best practices that you might consider for your
The Regulatory Library:
Creating Your Yellow Brick Road
If you have been in a compliance role for any length of time, this
will not come as a great shock to you—there are very few shortcuts
in compliance. The first step in establishing a regulatory change
management program—or any program—at your bank should be a
thorough regulatory compliance assessment of your business. This
assessment should take into consideration the entire business, its
affiliates, customers, locations, people, departments, and products.
The question that we’re looking to answer with all of those areas
in mind is: Do we have a complete list of all of the jurisdictions,
regulations, and underlying laws to which we are beholden? Once
this assessment is complete, you will have an inventory of all of
the jurisdictions, regulations, and underlying rules with which
your firm is required to comply, down to the citation level. This
inventory is your bank’s regulatory library.
The regulatory library forms the foundation of your regulatory
change management program. A regulatory library that is kept up
to date helps ensure that you will firmly have your arms around
all of the regulations that are your responsibility. Once you have
established this foundation, then all new regulations and amendments should be vetted through that inventory and mapped to the
applicable business unit, product line, or even policy/procedure.
It would be inefficient for the Compliance Department to track
and evaluate new rules and rule changes that were not applicable
to the business. A regulatory library helps you to establish a fence
around those rules you care about.
Forks Along the Yellow Brick Road
Once your bank’s regulatory library is established—and you are
confident that you’ve included the appropriate rule book for every
product, regulator, and jurisdiction—the next step is to consider
how you will keep your regulatory library current, and determine
how future regulatory changes will be monitored and assessed
throughout the organization. Ensuring that you are effectively
managing regulatory change remains in the top three risk assessment concerns of banks. 1 Every bank, large and small, worries
about and struggles with implementing change.
Given the increasing role that technology is playing in helping
banks manage their regulatory compliance obligations, there are a
broad range of approaches that can be used to implement regula-