Embracing Fluid Compliance
The Dodd-Frank Wall Street Reform and Consumer Protection Act is well known by financial companies providing retail and commercial banking, asset management and capital markets services. Introduced in 2010, the bill proposes the most substantial reform to the financial services industry in over 50 years and requires significant changes in how financial companies run their business. With sixteen titles, and more than 240 rules, Dodd Frank is the most expansive regulatory endeavor that has faced financial organizations so far, which is saying a lot for one of the most highly-regulated industry sectors in the U.S.
Given the magnitude of Dodd-Frank, it’s not surprising that defining all 240 of the required rules is taking lawmakers a long time. Since its beginnings in 2010, 4 years ago, it’s estimated that somewhere between one-fourth and one-third of the rules aren’t yet set in stone. For companies that have to plan how they will comply with these rules, this is a major challenge. Not only is it difficult to anticipate how the finalized rules will affect them, many companies find themselves in reactive mode, scrambling to respond to piece-meal changes as they come. They’re also missing the big picture of how the finalized rules interact.
With this constant influx of new rules, how can companies manage change to minimize the disruption to normal business?
Managing change requires being able to fully understand how regulatory requirement changes affect processes and vice versa, at least. Even better, is the ability to anticipate how other related business factors are affected as well. Take this example: Section 942(b) of the Dodd Frank Act requires asset-backed securities issuers to disclose specific information to investors about the assets (purchased and bundled loans), including if and when payment terms change. Envision being able to know exactly which processes would need to be modified to include steps for collecting payment term information and dispersing that information to investors.
Further imagine being able to see which systems were currently collecting similar information that could possibly be shared with the new processes to meet the regulation. Finally, picture being certain about which employees are participating in these processes so they can be informed of changes and trained on the new way of working. The way that these pieces all work together in an organization is called the business architecture. Understanding these intersection points in your business architecture will assist in doing impact analysis to report on the many effects of a single change and minimize unanticipated or undesired results.
Regulatory Change Management 101
As soon as a new rule is received and understood, look at the process activities that it affects. Identify how that particular process interacts with other processes, either up or downstream. Some of these processes may be reused by different parts of the organization, especially if the process is part of shared services.
Resources, both systems and people:
Examine which systems are currently supporting workflows that may need to change. Make sure the people involved are informed, trained and able to perform the modified or new tasks. This particular set of impacts will also help anticipate costs, especially if new systems design is needed, or new skills must be acquired.
Other requirements, risks and controls:
There will be additional requirements many processes already meet - regulatory or other - and must continue to meet after whichever Dodd-Frank rule-of-the-moment is applied. Many controls and business rules may already be in place, some of which may no longer be relevant in a post-Dodd Frank world. Figuring out which controls are still necessary and removing those that aren’t will allow keeping processes as lean as possible.
Goals and strategies:
The processes that are changing will also impact business goals that they help achieve. Much talk at this moment is around how to make sure business processes are measured against achieving business outcomes - these business outcomes should be captured as goals. Any changes, even at a detailed level, should be analyzed, even simulated, to make sure that business outcomes won’t take a hit.
By following these rules of thumb, you’re setting yourself up to better address the fluid nature in which these regulations are being doled out, and will be poised to better manage all of the change that comes with them. Dive in and try to get the best view possible into how these changes affect your processes early on, and you’ll learn to anticipate how other business factors come into play as you go.
VP of Marketing and Product Management