Financial institutions often rely heavily on teams of compliance analysts to manually scan for new and upcoming regulatory change across numerous regulatory sites, from speeches to discussion papers and consultations. However, this approach is resource-intensive and often results in a reactive, rather than a proactive, response. As a consequence, information can get overlooked and even missed. Furthermore, given the increasing rate of new regulation emerging across areas such as ESG, Crypto, Operational Resilience and Artificial Intelligence, organisations must consider a more effective solution.
What should financial institutions do to address this challenge?
Simply put, financial institutions need to leverage RegTech solutions to further enhance their regulatory change monitoring capability and embed these solutions into an enhanced regulatory change operating model.
But that’s easier said than done, when there are so many solutions in the market and lack of client awareness of what they need and how they intend to manage regulatory compliance. We have set out three core steps firms need to take to further enhance their regulatory change monitoring capability.
1. Explore the various RegTech solutions available
As a first step, assessing the available RegTech solutions available in the market is crucial, starting with identifying those that help with managing regulatory change. This will help firms build awareness of their regulatory landscape, identify emerging changes through regulatory horizon scanning for insights and prioritise where to focus regulatory compliance in response.
One key decision in choosing the right solution is to understand whether it needs to address detection or response management. This is important because it can distinguish between two different solutions; namely regulatory intelligence solutions that help detect regulatory requirements and changes on the one hand, and governance, risk and compliance (GRC) solutions that go a further step to translate regulatory changes into specific impacts across an organisation on the other.
Regulatory intelligence solutions, such as those offered by CUBE, Corlytics, ComplianceAI, Wolters Kluwer and Waymark, are solutions typically focusing on providing regulatory content. These solutions scan for upcoming regulatory updates. In a nutshell, these platforms provide access to a consolidated regulatory database of the latest emerging regulatory developments from a single user interface, as they are published by regulators and issuing bodies.
Governance, Risk and Compliance (GRC) solutions, such as those offered by Archer, MetricStream, ServiceNow, IBM OpenPages, SoftwareAG and LexisNexis Risk Solutions. These solutions provide a enterprise risk management capability rather than a horizon scanning tool. GRC solutions host organisational risk and control libraries and provide a connected, intuitive, and holistic approach to risk, compliance, audit, and third-party management. They help overcome organisational silos and facilitate increased collaboration across teams, business units and functions on GRC topics.
Some GRC solutions offer further integration with regulatory intelligence solution. CUBE is currently integrated with GRC solutions MetricStream, LogicGate and 6 Clicks, whereas LexisNexis is integrated with GRC solution ServiceNow. This combined solution provides the best of both worlds as well as enabling traceability of changes with risk and controls, policies/procedures and regulatory reporting with collaboration and workflow solutions. The power of such a solution is that it allows for easy and complete traceability of regulatory obligations throughout the organization, including committees and individuals.
2. Review target operating models
Although, RegTech solutions can deliver efficiencies to regulatory monitoring , financial institutions must review their target operating models so that the RegTech solution is fully integrated into the full regulatory change management process. Redundant manual horizon scanning should be replaced with a more intuitive automated regulatory monitoring process. Roles and responsibilities within the regulatory change review process should be defined and where possible automated via alert triage rules to ensure increased workflow and collaboration across regulation change review. Only a solution that fits in with the wider organization operating model will deliver the intended benefits.
3. Ensure ongoing Regulatory Coverage
Finally, regulatory coverage will evolve and expand over time as new themes emerge as a response to new emerging risks. Financial institutions must ensure they have processes in place to capture these new emerging risks, flag relevant content and take appropriate action to identify and respond to impacted risks, controls, processes, policies and procedures.
Ensuring the effective use of RegTech solutions to enhance regulatory change monitoring capabilities is easier said than done. Only a solution chosen based on the underlying needs of the business, embedded within a tailored operating model, with an organizational awareness and adaptability to ongoing regulatory change will yield genuine benefits. And not just benefits – this ongoing monitoring is increasingly crucial not just from a compliance point of view, but also to ensure ongoing competitiveness and future viability.