Overwhelming... Consuming... Inundating... All are adjectives describing the recent flurry of regulatory changes that are piercing the fabric of an institution's compliance management program.
Where do we start? How do we integrate into our current process? Who is involved? What is considered a successful navigation through this maze to ensure the compliance management program is strong in this area?
I always say, "begin at the beginning," so let's break this down into "bite size pieces."
First, search the regulatory agencies' websites, sign up for the regulatory alerts via email, and subscribe to a compliance advisory program such as Temenos Compliance Advisory services to ensure you are promptly updated on the upcoming changes.
Once you have been informed of the pending regulatory change, assign the change to an individual for accountability from start to finish, then create an action plan.
The action plan should include a risk assessment before and after implementation of the change(s); a timeline for implementing changes; creation of a team from various departments across your institution; review of policies and procedures; review of vendor and third-party products/contracts and deliverables; development of a training program; and ongoing monitoring.
Once you have completed a risk assessment, the action plan team should review and identify areas that will be affected by the change. For instance, will it affect the loan area, deposit area, or all areas of the institution? Are there specific disclosure changes that must be made; customer notifications; changes to your Loan Operating System or Deposit platform? Will you need to obtain additional deliverables from your third-party vendors for your various lending and/or deposit applications?
Now that you have identified affected areas, assign responsibility to staff in those affected areas and include that in your timeline. The timeline should include the various steps required to successfully implement these regulatory changes and identify any areas where you need additional staff to meet your deadlines. Communicate frequently with those staff members that have been assigned pieces of the implementation project. Use the timeline to assist in reporting progress to the Management Team and Board.
When third-party vendors must be involved in the regulatory change, don't wait!! Contact your vendor and require information on their action plan and timing for providing the required changes to their products to provide compliant solutions for your institution.
Begin training on the changes of the regulation during the implementation process. Then you will also provide training on the internal procedures that are created to implement those new changes. Require accountability and "buy in" from all departments involved.
Monitoring the process and auditing the end result are necessary to ensure you have covered all of the required changes during the implementation area. By monitoring the process along the way, you are able to uncover any problems that may arise and implement solutions to ensure a smoother transition.
Once you have implemented the new changes, don't forget to conduct another risk assessment. This risk assessment will assist you in determining areas where you may need to have stronger controls or more frequent monitoring/auditing.
Now that you have dissected this piece by piece, you have a process developed to assist you in implementing regulatory change going forward.