A strategic approach to regulatory risk management

Overview

A recognition has emerged among both domestic and foreign banks that regulatory risk is a critical part of an organization’s risk framework.  Regulatory risk extends beyond the colloquial definition of a change in laws, rules, and regulations that may impact how business is conducted to include monitoring of the regulatory rulemaking environment, impact on policymaking, and overall regulatory relations management—that is, managing relationships with your regulators. Such relationship management extends beyond tactical examination flow and responding to requests; instead, it embraces a larger, more significant role that includes a comprehensive regulatory policy, and regulatory strategy approach. Accordingly, it becomes perhaps more important than ever that foreign banking organizations (FBOs) gain an early understanding of new regulatory developments at the proposal stage and work with the business to understand how to build the requisite capabilities for new regulatory requirements while continuing to meet the business’ strategic objectives.  While doing this, it is important to inform your regulator of how your business and risk strategy are aligned to execute requirements to sustainability (that is, how you will get there).

Regulatory Strategist

It is critical to evaluate how the “Regulatory Affairs/Management/Liaison” function, which would need to migrate toward a more strategic role, serving as a Regulatory Strategist (or RS), interacts successfully with Compliance, Risk, and the other support functions to help “run-the-bank” activities in a streamlined and coordinated manner. In addition, a more developed sustainable and strategic regulatory relations program that provides a capability-level understanding of applicable regulations is key to increasing efficiency and reducing compliance-related risks. In so doing, compliance with such regulations can support the business’ strategy, and thus become a revenue enabler rather than a cost center. Such an approach should center on how an institution can incorporate regulatory change strategically into business-as-usual practices, rather than simply responding to regulations on a reactive basis without consideration for the business strategic implications.

As the business has a strategy, so should risk and compliance and the regulatory affairs/management/liaison function.  The business, Compliance, and this regulatory function need to be aligned so that the organization and senior executives understand the discussions, supervisory interaction, and regulatory calendars, and how they align to key internal communications.  The regulatory communications plans should be strategic, take into account the tactical, while also aligning roles and responsibilities through the three lines of defense including Internal Audit.  For global organizations, the local jurisdiction needs to coordinate with the parent/head office on communications plans, regulatory commitments, and regulatory strategy.  It is incumbent upon the local jurisdiction to ensure that the home office is properly informed and advised on US regulatory matters as this is a part of their strategic remit, in order for home office to be best positioned to support US operations.  The Regulatory Strategist should be well-positioned to have an understanding of the key strategic initiatives inclusive of their investment dollar requirements and regulatory impact.  More holistic solutions can be achieved armed with this knowledge and insight.

 What is the role of the Regulatory Strategist?

Increasingly, banking institutions (both FBOs and US-headquartered bank holding companies) have considered the Regulatory Strategist role to be an integral part of the executive management team as they look to enhance their communications with regulators, and effectively represent their franchise. The Regulatory Strategist serves as a conduit for identifying, escalating, and mitigating areas of regulatory concern by partnering with the business to execute on its strategy successfully and be compliant in doing so.  As a result, many of the executives holding this position and/or in charge of this function have been raised significantly in stature in their respective organization. Leaders with broad knowledge of the organization’s operations — and who understand regulatory points of interest — have become the top contenders to lead these efforts.

In practical terms, the organization’s Regulatory Strategy function should act on behalf of executive management and the board of directors as a central point of contact with regulators articulating the alignment of business, risk and compliance strategy. As such, he or she serves as a trusted liaison for regulatory risk management matters. In-house policies should clearly articulate the Regulatory Strategist’s process for engaging with the organization’s regulators, so that there is coordination with other executive leaders as situations warrant.  In addition, the Regulatory Strategist must have sight of the firm’s strategy and be integrated into executive management and board’s protocols to be effective.  The Regulatory Strategist should look holistically at the regulatory environment (both in the US and globally), synthesize external factors across regulators, and target how the banking institution interacts with its regulators across jurisdictions to (1) create a relationship map across regulators and internal stakeholders and (2) develop a regulatory watch list for emerging trends, issues, and requirements/regulations, regulatory examinations as two basic tools along with detailed tracking of meetings, information, and issues.

Most importantly, this function/role needs a clearly defined mandate and operating model for the Regulatory Affairs/Management/Liaison function. Where does this role start and stop relative to Compliance and other related functions that may perform aspects of regulatory impact analysis/regulatory management?  This tends to be a fragmented space and needs to be part of a holistic regulatory change, strategy, and policy function.  The key is integration and clear accountabilities for each group to ensure and end-to-end view.

It is important to note that the establishment of this function does not preclude other members of executive management and certain business lines from communicating with the organization’s regulators. In fact, the executive management team should develop its own relationships with regulators and work under common protocols and standards that are established by this function. That said, the Regulatory Strategist can coordinate and enhance those communications to reduce the possibility of regulatory misunderstanding or inconsistent messaging, without controlling communication only through the Regulatory Strategist. Having this regulatory relations/liaison role can help to ensure that the organization speaks with one voice to its regulators — a voice that is consistent and transparent. In turn, the RS should understand the implications of regulatory messages and help to interpret them back to the business.

Another key objective for this role/function is to enable integration of data across multiple sources, including self-identified issues, industry analysis, internal audit issues, regulatory findings, compliance monitoring and testing results, operational risk data, and project reporting on implementation of regulatory change areas, among others.   Data from these sources can be leveraged to strategically look at themes and senior-level issues that provide a dashboard for review.  This function can enable this data to drive impact analysis, set policy decisions, and look end-to-end across business, functions, and regulatory requirements.

Posted by Peter Reynolds, Advisory Managing Director, Deloitte & Touche LLP, Irena Gecas-McCarthy, Advisory Principal, Deloitte & Touche LLP, David Wright, Advisory Managing Director, Deloitte & Touche LLP, Richard Rosenthal, Advisory Senior Manager, Deloitte & Touche LLP, and Alex LePore, Advisory Senior Consultant, Deloitte & Touche LLP on October 12, 2016

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s