What is regulatory change management?

The evolution of regulatory change

What is regulatory change management?

Regulatory change management is the process of anticipating, capturing and implementing regulatory changes across financial services. Regulatory changes come in different shapes and sizes – from in-force, black-letter laws to softer guidance, down to blogs and speeches. Published regulatory content equals regulatory change, in one way or another – and financial institutions must keep up.

Since the global financial crisis of 2008, regulators across the globe have worked feverishly to create a watertight regulatory system that can withstand global crises and economic risks like never before. In turn, the regulatory landscape has grown more complex than ever, with regulatory changes being published at a volume and pace that can no longer be managed by humans alone.

Regulatory compliance is essential to safe-guarding consumers, the economy, and preserving public trust. Given the potential consequences of missing regulatory updates, financial institutions are obliged to pay close attention to regulatory changes in the industry. With that in mind, it’s vital to create a robust compliance framework that holds up under the magnifying glass.

The evolution of regulatory change

In the UK, the first regulatory measures in banking were imposed in 1979 with the creation of The Banking Act. It was introduced in order to harmonize standards in banking and license certain institutions. 

Until 2008, financial regulation existed – of course – but was not necessarily adhered to. The presence of global financial regulators was seldom felt, and regulatory scrutiny was a far cry from what we see today.

Post-2008, regulators moved to implement new regulations and guidance, to set firms back on course for compliance. As such, compliance teams were built out en masse to ensure than financial institutions were not only capturing regulatory change but implementing and abiding by it too.

In a bid to manage evolving regulatory demands, Fintech – and indeed RegTech – were born. Of course, as technology was created the pace of regulatory change only increased. And as financial institutions innovated, regulatory change evolved even further.

At each of these regulatory milestones, the standard operating procedures (SOPs) were adapted in order for financial institutions to remain compliant. This is regulatory change management.

Regulatory change management

As many will remember, much of the initial processes for regulatory change management were rooted in manual effort. Traditionally, regulatory change teams were appointed to capture every regulatory change that occurred, read it, and understand whether it was relevant to their business. These teams often focussed on Excel-based tasks, which were extremely manual – but also required huge amounts of human hours. As such, these manual processes have often been found to be inadequate or “operationally ineffective” by financial regualators.

At its core, regulatory change management (RCM) involves meeting the demands of regulatory change and the implementation of updated compliance processes. A good RCM strategy has four main components:

  1. Anticipating, capturing and tracking regulatory changes
  2. Determining impact of changes to your existing company obligations
  3. Updating the necessary controls or policies within your company
  4. Implementing the business changes in order to comply

Let’s break it down…

1.Anticipating, capturing and tracking regulatory changes

Changes to regulation in finance are announced by national and global bodies pre-emptively; meaning they give you a set time frame to implement the necessary changes. At a very rudimentary level, firms can find out about regulatory updates by trawling the websites of the regulators that govern their business. For instance, in the UK the Financial Conduct Authority (FCA) announced the Financial Services Act (FSA) this year, which set the parameters for UK financial regimes going forward after Brexit. 

While this process seems simple in the abstract, in practice it is time consuming. CUBE found that in the last 6 months alone, the UK saw 5,460 regulatory insights published – in America it was 32,737 – and in China it was 13,516. It’s hard to imagine a scenario in which manual processes alone could manage this volume of regulatory change. Especially if you then consider that many financial institutions are obliged to meet cross-border regulatory expectations.

2. Determining impact of changes to existing company obligations

When considering regulatory obligations, you should have a few supporting frameworks that are already in place. For example, the Know Your Customer (KYC) schema or Personally Identifiable Information (PII) both ensure that you are compliant in verifying the identities of your customers. Of course, each separate area of regulation must have its own systems.

3. Updating the necessary controls or policies within your company

Updating these frameworks to fit new regulations requires critical thinking – this is where compliance and legal teams add real value. Forget the spreadsheets and PowerPoints; you’ll need a robust paper trail in case of auditors. In fact, the FCA have previously noted their disappointment in previous reporting deficiencies. Consider documenting:

  • What changes are being suggested
  • Who is responsible for implementing them
  • Why you’ve chosen one route over the other

4. Implementing the business changes in order to comply

Finally, it’s time to implement a company-wide change in procedure. Taking ownership is important during this stage as it can be complicated and avoiding mistakes is key. Many financial regulators have issued regulations to hold individuals to account for their specific roles and responsibilities. While you’re obligated to take note of external prudential regulation, monitoring internal adherence is also important.

RegTech for regulatory change management

Historically, there have only really been two routes available when looking to manage regulatory change; manual or automated.

A manual regulatory change management process will typically require a dedicated employee or compliance team with legal knowledge. These highly skilled individuals will spend their time – often hundreds of hours – trailing the regulatory internet to fill our spreadsheets that patch together an auditable trail for implementation. This is time consuming, laborious and often error prone (you need only to look at regulatory enforcements to see how gaps begin to show).

The more effective, efficient and arguably more sensible approach would be an automated one. One in which technology carries out the labour intensive, manual work and leaves highly trained individuals to do steps 3 and 4 above – the critical thinking and high-value work.

Automated Regulatory Intelligence

As we move forward, the industry is seeing a third option emerge. One that uses Automated Regulatory Intelligence (ARI) for regulatory change management. This is a hybrid model. It offers cloud-based regulatory change management that easily integrates with existing systems. However, instead of just automating regulatory change management this is intelligent automation. In essence, automation that harnesses artificial intelligence – including machine learning, natural language processing, robotic processing automation – to provide regulatory intelligence.

RegTech firms – such as CUBE – are taking the end-end regulatory change management process and intelligently automating it. So not only does it track, capture, and monitor regulatory change – technology is able to intelligently make sense of that regulatory change to suit individual business profiles and preferences. More than that, it is able to make inferences and intelligently link regulatory changes across different books and regulators – to spot trends and make predictions rooted in data. It can then map regulatory change to a businesses policies and controls.


To find out more about CUBE’s intelligent regulatory change management, click below.


Related resources

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

Regulatory Risk Management: How will Executive Order 14028 change the cybersecurity landscape?

What is Executive Order 14028 and who must comply with the US regulation? And will it affect the cyb...

What is the US’ Community Reinvestment Act?

What is the US’ Community Reinvestment Act?

Are you aware of the latest updates to the Community Reinvestment Act in the US? Learn more about fi...

What regulations are there for the payment services industry?

What regulations are there for the payment services industry?

Discover the regulations shaping payment services, from PSD2 to AMLD6. Stay compliant with CUBE's in...

What is the CISO (Chief Information Security Officer) responsible for?

What is the CISO (Chief Information Security Officer) responsible for?

CISO's face a number of challenges with regulations constantly changing. Learn more about some of th...

View More