The recent feedback report from the Jersey Financial Services Commission (“JFSC”) has caused me to reflect on my experience running large regulatory transformation programmes. “Change is a constant” – but how do you effectively embed any change to avoid some of the pitfalls experienced by 80% of the respondents?
The statement that “comprehensive changes” are needed will cause many hearts to sink. Haven’t we been changing constantly for as far as we can remember? What else do we need to do to demonstrate compliance? How will we ever be able to onboard the volume of clients / customers that we want to when the number of hoops that our clients need to jump through increases on what seems like a daily basis? In many organisations the tension between new business and compliance has created an impasse. Yes, there are always challenges but it really doesn’t have to be this way.
1. Understanding your standards – the report calls for policies and procedures to be updated in line with legal changes. In my experience, the real challenge comes in embedding the changes within your business to ensure that the new legal requirements are reflected in everything that you do NOW. The aim of any remediation programme will be to apply the policies of your organisation to your book of business. If your policy is unclear or your staff don’t fully understand or know how to apply the new policies, then the act of updating your procedures will be pretty futile. Think about how you train your staff in the changes – make it interesting and engaging (this is possible!), and ensure that you have a plan to monitor how effectively the change has embedded.
2. Consistency of approach and involving BAU – If an organisation needs to undergo a significant remediation exercise, the temptation is to ringfence the effort to a discrete team. Yes, this enables the rest of the office to get on with business as usual (“BAU”) but it’s BAU that will need to understand the new standards (and how this materially impacts how they go about their business). It is no good focusing on your already existing clients without considering how you are going to need to treat future clients – failure to do this will result in a constant cycle of remediation. Consider how you train your BAU staff (your onboarding team, for example, should receive the same attention and training as your remediation project staff) and whether you need to enlist the support of BAU to guarantee the success of the project. The knowledge and expertise of the Relationship Managers is invaluable to your remediation exercise: they need to be engaged and motivated for its success.
3. Reporting – Many of the pitfalls could be the result of ineffective reporting. It may feel as though you’re applying Enhanced Customer Due Diligence (“ECDD”) / Simplified Customer Due Diligence (“SCDD”) correctly, but if you can’t quantify this, how can you demonstrate that in your reporting? Competing systems can produce disparate data sets that don’t seem to talk to each other. I cannot emphasise enough how important it is to arrive at a “single version of the truth” in your regulatory reporting.
4. Data management – One of, if not the, biggest challenges facing any regulatory transformation project is the lack of a consistent data management approach. Staff members may have an encyclopaedic knowledge of their clients, but unless this is effectively documented such that any legitimately interested party could demonstrate the requisite understanding of the client and their risk, this knowledge is for naught. I wonder how many of the relevant parties who completed the JFSC exercise felt that they had performed ECDD, but the reality was that while they understood the client perfectly in their heads, this just didn’t stack up in the documented evidence. Failure to effectively manage your client data clearly poses significant risks such as inadequate responses to Subject Access Requests or Production Orders to name but a few.
5. Governance – You will be making changes to the way that you run your business in order to comply with regulatory changes. This requires senior level ownership. The scope and implications of these changes must of course be documented and agreed to with the relevant stakeholders. Your compliance monitoring programme will be essential to assessing the effectiveness of this change and must be able to feed back any observations efficiently.
Plenty of food for thought is provided by the recent JFSC report: this may spark a need to consider remedial action. Any lessons learned from that action must be instilled within your processes to ensure ongoing regulatory resilience.
Teneo is able to support your organisation through every stage of regulatory transformation. We adopt a holistic, hands-on and senior led approach which bridges leadership, front office, compliance and supporting functions to ensure that delivery has a lasting impact.
