Compliance, Regulations, Regulatory Compliance, Risk

How to Respond to the Regulation Avalanche

As follow up to my previous blog on how the avalanche of regulation can stifle innovation in banks and credit unions, I wanted to share some ideas to start the discussion on organizational steps that you can take to enhance the risk and compliance culture. Maturing the processes internally, requires education – and while that takes time and effort, it can pay off by streamlining decision making. By getting started now, you should avoid being buried in the avalanche.

Assess Your Organization’s Risk Appetite

Each organization has developed a culture and risk appetite that can be influenced by internal and external factors.

Recent data breaches and cyber-attacks have shifted the attention to corporate governance. Enforcement actions, risk committees and regulatory audit pressures advance the need for financial institutions to assess internally their risk posture. Governance models should be risk-based – and right sized based on the market landscape.

The regulatory burden however has accelerated a focus on stringent controls, without identifying the operational and business readiness steps needed to help financial institutions innovate and advance their marketing efforts. Investing in people, process, and education at all levels can improve the “Risk IQ” internally. That can result in more effective decision-making, and advancing speed to market for innovative products and services.

Prepare for Digital Revolution in Marketing

As recently published in the ABA Bank Marketing and Sales magazine, an Accenture survey showed that 78% of marketing executives believe corporate marketing will undergo a fundamental transformation over the next 5 years. Big Data, analytics, mobile, digital marketing, are advancing at an avalanche pace. Most banking organizations may not be equipped to prepare the roadmap that enabled the digital technology revolution and the risk management governance culture to meet compliance obligations.

The survey also conveyed that most company’s may not have prepared the organizational readiness to operationalize the new technologies to deliver value to customers. Any new technology brings up the risk question – just like innovation brings up compliance.

Enhancing Your Risk & Compliance Culture

While the pendulum for shifting governance and oversight has forced a more conservative approach, that correction can be balanced by broadening the risk acumen and organizational agility with an intentional strategic plan. Accountability is a critical success factor in the new landscape of demonstrating how risk is addressed.

Organizations need to move behind checklist compliance to truly managing risk. Taking steps to invest in readiness for executives to make informed business decisions, and manage risk without halting innovation is an important element in risk process maturity.

Here are five simple things your organization can do to help minimize the stifling of creativity while meeting the burdens of regulatory compliance:

  1. Create a Risk & Compliance Education & Awareness Plan: Develop an internal communication plan for all levels of the organization, to expand acumen on changes in regulation and regulator expectations. Executives will need to have more familiarity with the governance processes, and how they are evolving. Identify your internal stakeholders who manage different areas of risk, and define what types of training or education they may need to help them in the governance process.
  2. Broaden Executive Management Reporting: With expanded risk & governance committees, assess internal scorecards and dashboards to ensure that the “hows” are being monitored and addressed. Governance is an ongoing process, not a once and done event. Consider starting quarterly educational scorecards for Audit Committees to broaden their industry awareness of changes in expectations and the organizational action in process to respond to market events. Look at the makeup of current decision makers and even Board Members, to identify what gaps in functional experience could make enabling technology and product innovation simpler to execute. Identifying the “Digital Director” can help streamline the navigation for technology innovation, and mobile opportunities.
  3. Broaden Tools to Enable Consistent Governance: Risk process maturity comes from repeatability and scoping. Understand the decision makers for changes in nature and structure of process, and embed compliance requirements up front in the design phase. Ensure feedback loops are in place from your customer complaint process to not just “react” to complaints, but to show ownership in the risk monitoring. Structure standardized templates that directly speak to “how” compliance has already been address in product release plans.
  4. Practice your Risk Posture Positioning: Proactive risk and compliance management requires taking a bit of the fear, uncertainty, and doubt off the table. Figure out how to tell the compliance story to your internal stakeholders, the board, and your regulator. Practice how you would defend the decisions made and how you met the compliance burden.
  5. Clarify Roles & Responsibilities: It can take a village to manage risk & compliance in financial services. Ensure that lines of sight and organizational accountabilities are clear, so that ownership for governance is understood. If products or services are outsourced, ensure that the third party risk management governance model and process is updated to account for non-IT risks.

We need regulation in financial services, to avoid the repeat of the mistakes seen during the Financial Crisis. The structuring and marketing of financial products and services needs to continually evolve, but at a much faster pace due to the pace of technology innovation. The avalanche of regulation and the corresponding delays in product enhancement are an “ice-bucket” wake up call for financial services. As an industry, we need to understand how regulation can stifle innovation and take steps to address the fear, uncertainty and doubt within our organizations and identify ways to tip the scales and creating a more balanced governance model for compliance and innovation.

Linnea Solem is the Chair of the Shared Assessments Program and is Chief Privacy Officer, Vice President Risk and Compliance for Deluxe Corporation. Linnea is a management professional with 20+ years financial services experience in areas eCommerce, technology, business development, marketing, information practices and risk management. She is a Certified Information Privacy Professional and led Deluxe’s compliance initiatives for Y2K, GLB, Check 21, and Red Flags Legislation. You can connect with Linnea on LinkedIn.

Reposted with permission from Deluxe Blogs