Risk management has been transformed beyond recognition in the past few years. The regulatory wave unleashed by the 2008 financial crisis has created a need for a new layer of operations for implementations of these legal requirements. Most banks are already improving their operations by throwing teams at the ‘deep end’ of run-the-bank and change-the-bank functions. I believe they should be diving deeper.

The increased consumption of budgets for regulatory projects demonstrates that operations cost-management is directly related to a bank’s ability to react to new compliance requirements. Although each new regulation is issued separately, implementation usually impacts the same systems and processes within a bank. Understanding the overall impact of regulations on the value chain of a bank’s operating model is crucial to business excellence.

In addition, the regulator has drastically reduced implementation periods. In the past, banks had decades to think and rethink implementations. Even failure of a large-scale project like Basel II was manageable, as implementation timelines were sufficient to try again. Applying change to operational systems and processes within a given timeframe is now a central cornerstone when assessing a bank’s ability to compete in a highly regulated environment.

With more regulations pressuring banking transformations, streamlining operations in the following dimensions is imperative:

1. Reduce complexity, everywhere. The less skin you show, the less vulnerable you are. Banks should get rid of structured products that require extensive operational overheads, such as standalone databases, processing engines and reporting modules.
2. Rationalize processes. Think Blue Ocean* and start redefining existing processes. Aim for minimal delivery processing time and establish internal service level agreements to pursue them.
3. Implement flexible infrastructure and resources. Since changes during projects occur frequently, operations need to be able to adapt overnight. Think long-term when choosing systems with regard to modifiability. Also plan for internal as well as external resource availability.
4. Optimize project lifecycles. Regulatory requirements have evolved as did project management frameworks. Respond to continuous change demands with flexible project and development frameworks, e.g. Agile Development methods.
5. Last but now least: Think scalable. Given current and upcoming regulations, business models based on non-transparency and high-spread components are likely targets for regulatory sanctions.

As well as their IT counterparts, business units need to enhance their operating models, not only to improve the impact on operations but also to innovate and share a view on the new compliance layer. A Regulatory Change Agenda, agreed between CRO, COO and CFO gives direction and focus to staff and helps with setting budget and resourcing priorities to accomplish compliance missions, however impossible.

*A strategy that, in broad terms, advocates ignoring existing structures and inventing from scratch (based on ‘Blue Ocean Strategy’ by W. Chan Kim and Renée Mauborgne, Harvard Business Press, 2005)