We live in interesting times
For any change professional in financial services the relentless onslaught of regulatory change is a challenge. Of course, regulatory change is not a new thing, but the pace, scale, reach, complexity and uncertainty surrounding it has been unprecedented
in recent years.
The biggest self-deceit that many firms commit is to believe that there will be less change next year than this. This has not been true about ordinary business change for a long while and is certainly not true about regulatory change. There is already a
huge amount in progress and even more scheduled over the next five or so years. This is all at a time when firms are facing pressure on revenues (some created by the same regulations) and the need to respond to an ever evolving market place while keeping a
tight control on costs.
Regulatory Change is different
With a "comply or die" element, regulatory change has become something of the cuckoo in the nest. In order to apply limited resources and management time, other more creative (and revenue generating?) initiatives have had to be curtailed or dropped completely.
Many firms admit that something around 2/3 of their change effort is currently devoted to regulatory change. From the remaining 1/3 there will always be the mandatory, maintenance work that must be tackled, leaving little left to build and grow a business.
Only 30 or so years ago few firms had formal change teams or methodologies. Instead it was common to apply older, more experienced and (for one reason or another) available resources who knew the business and could "get things done". These were trusted,
safe pairs of hands that often self-managed.
Since then the industry has widely embraced and adopted a more structured approach to change, taking onboard project m a n a g e m e n t techniques that come largely from the world of engineering and construction. These bring a discipline to the business
of change and create frameworks through which projects can be consistently assessed and prioritised. They also help younger and less experienced staff learn about the world of change and projects.
Despite this, today even these methodologies are struggling. Many firms are faced with too much to do with too few resources, massive complexity and too much uncertainty.
The classic response of just doing what we do, but doing it harder does not make it any better, nor does the other traditional response of breaking a problem into smaller pieces in the hope that it becomes easier to deliver. The features that make regulatory
change different remain largely un-addressed and in order to resolve the problems we need to understand them.
We see that there are six main problems.
1. Few clear end dates. Traditionally a project has a clear beginning and a clear end. For business change one or both of these are under the manager's control. While this is a simplification it is broadly true.
In contrast, regulatory change has taken on something of a relentless form. Many reforms have multiple, complex, and phased implementations with dates that are often more aspirational than anything else. Just ask anyone when Dodd Frank will be complete?
Or EMIR? Or FATCA? Or AIFMD? It is unlikely that a date can be articulated in anything, but vague terms, let alone agreed upon.
2. Shifting sands. The environment that will receive the implemented regulatory change(s) is moving at every step. In a "normal" project many outside elements are fixed ie they will likely be largely the same after you deliver the project as they
were before you started.
In contrast much regulatory change affects whole markets. Most if not all of your clients, competitors and service providers will also be changing in ways that are not yet clear and may be indeed be unpredictable. Added to this and just to make things more
difficult many regulatory changes interact in poorly understood ways.
3. No shortcuts. While these are industry wide changes, they are not suitable for a "cookie cutter" approach. The nature of a firm, its products, existing infrastructure, clients, operating model and strategic aspirations mean that each implementation
is very individual. There is little opportunity to look over a competitor's shoulder to learn from their solution and use it. As a result, consultants are struggling to deploy their usual "build once, use many times" approach with their clients.
4. Late clarity. We know that the Devil is in the detail and while the intent of a new regulation is often signposted well in advance, the details required to design a solution and plan for its implementation are frequently very late.
Linked to this, many changes demand the creation of as yet non-existent market infrastructure and data sets. Examples range for the issuance of Legal Entity Identifiers, through trade repositories for EMIR, newly defined Depositories for AIFMD, Swap Execution
Facilities under Dodd Frank, etc, etc. These are often created late in the process, lagging the markets’ need to understand them.
5. Falling confidence in regulatory resolve. It used to be taken as true that a regulatory date was an immovable point in time. This was the ultimate trump card a change/project manager could play in demanding both attention and resources. It was
also very black and white, you comply or you don't.
More recently, and in response to the scale and complexity of change that firms are trying to satisfy, we have seen dates being deferred or eased through the introduction of extended transitionary periods.
Additionally, at least in the UK, we have seen expectations tempered down to "best endeavours". While both pragmatic and realistic, this softening of requirement tends to detract from the focus that is needed to tackle these difficult problems.
6. Many of the regulations are connected or at least impact on others. Some changes are global in intent, but have necessarily required local codification and implementation. Unfortunately many have also fallen under the influence of national political
interests and few have been coordinated in either detail or timing.
Even within a single regulatory jurisdiction, one change often relies on another and impacts yet other, eg EMIR, MiFID, CRD and AIFMD.
We suggest that there are four things a firm can do to ensure that it tackles regulatory change more effectively and more efficiently. They are
- Separate governance
- Organise into themes
- Use of a regulatory architect
- A focus on “right timing”
This paper will now explain what is meant by each of these and why they are necessary.
Firstly, separate governance. This means that the planning, oversight and, as far as feasible, delivery of regulatory change be separated from other, more usual business change.
Why is this important? Well while running a single book of work may seem attractive the criteria used to assess regulatory change and business change are very different as are the mindsets required to lead the two sets of work.
Many firms waste huge amounts of precious effort trying to manage and prioritise across the whole book of work. Applying the same financial templates and measures to every undertaking, and looking for the same levels of discipline in documentation and forecasting
in every case rarely works well. While not suggesting that regulatory change should be given a free rein, placing standard requirements on them can be hugely frustrating and often impedes the necessary decision making and desired progress.
Separate governance can allow for more relevant processes and effective decision making for each book of work and a clearer understanding of the respective undertakings and associated issues.
For some firms they may like to create this as a broad programme. A key advantage is the ability to bring sharper focus and make stronger, more joined up arguments for resource and management attention. This should not be under- rated. Budgets will move
and requirements will change. This is the reality of regulatory change and the measures of success are different.
To be clear this paper is certainly not suggesting anarchy and recognises that all change will come together under a COO or similar, just that regulatory change warrants some special attention.
Now to themes. The typical response is to look at each regulation separately, designing a solution to address it covering people, process and systems (including data). So often this is just a scramble and the solutions are rarely designed with any
great consideration of other current or coming regulation. Also, once that piece of work has been delivered it is all change as old project teams are disbanded and new ones created. So much corporate knowledge is wasted in this churn of staff.
While it is true that often the details of future regulations are not clearly known, the direction of travel usually is. It is also true that most of the regulatory changes are going to involve/impact many of the same stakeholders. They will need new data
and systems. They will almost certainly require new reports and possibly infrastructure. Business process and clients will be impacted in some way and there will be quite a lot of communication and /or training.
Maybe you can start seeing the themes? Of course the precise set will depend on the firm and its business footprint, but to put all the reporting under one team (or at least as few as possible) allows for improved continuity and “heads up” management, and
This can look similar to a programme structure, but needs more agility as it must be taken as a given that new requirements will be added.
Next we have the use of a regulatory architect. This is probably the biggest and possibly most important gap for many firms. It also offers the biggest benefit if addressed.
The earlier roles of systems, business and, more recently, data architect came to prominence when the complexity and level of change around their areas of expertise became a critical impediment to the business. This was usually preceded by missed opportunities,
unnecessary duplication and wasted effort, accompanied by more complex and difficult interactions with key stakeholders, such as clients. This is most obviously evidenced in operational inefficiencies.
The same symptoms can now be seen around regulatory change. The more traditional “slice & dice” approach is struggling to deliver in the first place and then components fail to integrate well.
What is needed is someone with their “head up”, constantly surveying known and expected regulatory requirements and then building, adapting and safeguarding a vision of how a firm will ensure compliance with the many demands it faces.
When creating a new building the architect is the person who creates the vision of what will be built, capturing that vision and communicating it to other stakeholders. They then oversee delivery of the various elements such that together they create that
same vision. Along the way problems will inevitably be encountered and the architect will make the decisions that overcome the issues while holding true to the original vision. The parallels are clear.
This complexity and scale of regulatory change means that most firms need a regulatory architect, someone who creates and owns the vision of how the firm will become and stay compliant. Compliance certainly has a key role in interpreting the intent and impact
of any new regulation, but as an independent function, will not take responsibility for the design and delivery of solutions.
Similarly most project managers are too close to the detail and driven to deliver, that they cannot be expected to either grasp the big picture or to remain faithful to the longer term view when faced with immediate problems
This new regulatory architect role should be accountable to the COO. While Compliance guard the boundaries with the regulators, the regulatory architect is responsible for ensuring the business operates compliantly and efficiently. In a more complex environment
this will probably need support from the equivalent of a Central Design Authority.
Success will be measured by the quality and clarity of the target regulatory model supplied by the architect to the change teams and the subsequent support of business analysts and project managers.
Additionally the architect will provide assurance to the firm’s executive that the solutions being built are both adequate and appropriate to known and expected requirements.
The last item is a focus on right timing. By this we mean scheduling the components of regulatory change not too soon that there is not enough understanding of the details and thus low confidence in the proposed solution, but not too late
that there that it is impossible to deliver in time. The objective is to create the greatest confidence in first time delivery.
Traditionally change moves through phases with design not really starting until requirements are known and agreed, and the build not starting until design is fixed and signed off. The nature of emerging requirements and the “fixed”ish nature of the dates
means that this simple approach has not been possible for many regulatory changes. Instead determining the right time to do things and indeed when not to do something has become important.
The right time is something unique to each a company and each change. It is driven by its business size, shape, structure and footprint along with its strategic intent. Getting it wrong can be expensive in terms of wasted effort or missed compliance, but
getting it right helps a business make the most of its change capacity.
Having separate governance can help provide the right focus on and expertise for assessing the right times.
Is this just theory?
We don’t think so. While we are not aware of anyone taking each all four steps, there are firms taking some of them.
Some larger and more complex firms have gone some way to separating the governance with specific and well-structured programmes that often report into the sub-committee of the Board.
The same programmes often have the look of themes about them. This can have unnecessary fragmentation when individual business units are not joined up as well as they might be within a theme, but that is often cultural and a function of organisational design.
A number of smaller firms have recently given a focus to right timing. This is frequently due to their lower resource base and the need to husband it well. The smaller firms are often nimbler in their eventual implementation so can push the timing envelope
We are not aware of anyone employing a regulatory architect, but we suspect it won’t be long before we see the job title out there.
George Santayana (1863 - 1952) said "Those who don't learn from history are doomed to repeat it". Today we are living the history of regulatory change every day and have a real chance to learn from it.
Together we can choose to do things better and this paper lays out our suggestions on pragmatic things any firm can do.
Please do let us know if you agree or not and indeed share any other thoughts you may have.