The continuously growing number and complexity of new regulations (e.g. CRD IV/CRR, Risk Data Aggregation, AnaCredit) in combination with shorter implementation cycles pose increasing challenges for banks. The impact of this mega trend is not merely limited to individual parts of the banking organization but rather affects the entire bank substantially, i.e. all bank management-related functions together with the related IT departments. This means that regulatory requirements have profound effects on bank strategy/management, IT architectures and operations and, thus, directly influence a bank’s competitiveness.
The pressure to comply with regulatory requirements, which supervisory authorities put on banks, leads to significant increases in costs and decreases in profitability. As a consequence, banks were forced to implement cost-cutting measures. In our experience, such measures typically apply a top-down perspective and rely on benchmarking, which entails severe budget cuts in regulatory and IT departments. A shortage of resources impedes the monitoring and analysis of new regulatory initiatives, which forms the basis for a sustainable planning of the bank’s functional and IT architecture as well as procedural and organizational structure. Without thorough preparation, the implementation of new regulatory initiatives becomes a short-term endeavor that is only feasible by means of ad-hoc planning, hiring external support services and accepting interim solutions and manual workarounds.
Resulting structural, procedural and architectural modifications of a bank’s organization increase the workload of regulatory and IT departments. This has particularly strong effects on daily operations, handling complex ad-hoc reporting requests (e.g. stress testing, quantitative impact studies, asset quality review) and conducting project-oriented work. The costs rise continuously and thus, the cycle starts again, as growing costs force banks to initialize further cost-cutting measures, which, in turn, complicate the implementation of new regulatory requirements even more (Figure 1).
Escaping this vicious circle not only requires banks to fundamentally rethink their modus operandi of managing regulatory requirements, but also necessitates a redesign of traditional bank organizations. The goal is to gain excellence in regulatory management as a distinct competitive advantage.
A MULTI-STAGE, INTEGRATED APPROACH FOR ACHIEVING EXCELLENCE IN REGULATORY MANAGEMENT
Stuck in their current organization but at the same time forced to realize profound changes, banks need a clear direction. They need to be equipped with effective measures for setting-up a future-oriented organization that can achieve excellence in regulatory management. For this purpose, the regulatory roadmap provides an integrated and multi-stage approach that enables banks to manage the flood of new regulatory requirements more effectively (Figure 2).
The roadmap addresses the bank’s entire organization, covering all relevant external and internal areas of interest such as (upcoming) regulations, external regulatory reporting, bank management functions or ad-hoc requests. In addition, it provides guidance for all activities that are relevant for regulatory management. These activities range from monitoring and analyzing regulatory requirements to defining the adequate organizational structure, processes and IT landscape (i.e. architecture, applications/software systems and infrastructure). In this context, considering short and medium-term time horizons makes it possible to realize quick wins and ensure that achievements are sustainable. Understanding the regulatory roadmap as a continuous, inter-divisional process, there are two basic prerequisites: acknowledging regulatory management as a significant function for bank management and raising the awareness of the need for organizational change.
(A) INITIALIZING ORGANIZATIONAL CHANGE FOR STRATEGIC REGULATORY MANAGEMENT
The regulatory roadmap defines the overarching master plan for a consistent and transparent monitoring, analysis and implementation of new regulatory requirements. It integrates short-term and medium-term perspectives and applies well-proven standards and best practices. Historically grown organizational structures, which are often rather rigid, do not provide a solid foundation for implementing the required strategic realignment of the regulatory management. Therefore, it is recommended to perform an initial analysis of the existing organization based on the following general questions:
- What are the lessons learned from previous implementations of regulatory requirements?
- Did the bank comply with its standards regarding functional and IT architecture? Did the current standards support or complicate achieving regulatory business requirements?
- How many manual and/or interim processes were implemented and why?
- On average, how much external support did the bank need over the last years? How much of this external support was dedicated to performing internal tasks, which are normally covered by the departments’ daily work?
- How much external support was needed to cope with complexity-related issues and ad-hoc requests (stress testing, quantitative impact studies, group requirements, etc.)?
- According to B-1, B-2, B-3, what are the reasons for this situation and what could be a solution?
- What would be the ideal extent and scope of regulatory management?
- What degree of centralization for internal and external reporting is required?
- How should the new organizational structure and processes be designed (both from a business and IT perspective) in order to fulfill the regulatory requirements?
- What degree of automation needs to be achieved to manage regulatory requirements in a (cost-)efficient way (with the constraint of rapid adaptability)? Which quick wins have a significant impact by reducing manual workarounds and costs?
- Which skill level is required in the departments in order to ensure that the needs of the different areas can be fulfilled? To which degree does the available team meet the required skill level? How can staff be trained to achieve a higher skill level?
In our experience, the responsible employees are usually able to name the specific reasons that have lead to the given situation and, more importantly, they also manage to develop possible solutions to start a change process. On this basis, the bank can initiate a reorganization of the existing regulatory structures. This makes it possible to meet future needs regarding daily operations, handling complex ad-hoc reporting requests, analyzing the future flood of regulatory provisions and conducting project-oriented work.
All involved parties have to be aware that changing an organization towards strategic regulatory management is a cumbersome and tedious undertaking that needs to be realized in many small steps and requires a great deal of persistence. We believe that this change leads to a significant added value that the regulatory reporting department can achieve for the bank, strengthening its profitability and competitiveness.
(B) MONITORING AND ANALYSIS OF REGULATORY REQUIREMENTS
Within the new organization, the monitoring and analysis of regulatory requirements is a major task to find the right starting point for projects, realize synergies, avoid manual workaround and interim solution. For these purposes, the bank has to know, which regulatory changes will influence the entire bank and start to plan the implementation of those topics within their standard processes. So the first tasks are to ensure the
- monitoring of all future regulatory initiatives coming from European Central Bank, the Basel Committee for Banking Supervision, the local supervisor, etc. For this purpose, zeb has developed a product called zeb.regulatory.monitor.
- identification of really hot topics in terms of business- and IT impact. Such services could also be licensed via the zeb.regulatory.radar.
Regulatory monitoring and analysis is strongly supported by the zeb.regulatory.monitor and zeb.regulatory.radar. Both tools support banks with identifying relevant regulatory publications, determining their bank-specific relevance, assessing their implications and forwarding them to the responsible bank departments. They apply a short and medium-term perspective to provide the bank with a realistic and comprehensive picture of the upcoming tasks, which can serve as a starting point for progress in regulatory management.
(C) ANALYZING REGULATORY IMPACT ON FUNCTIONAL & IT ARCHITECTURE
New regulatory requirements typically affect nearly all management-related bank functions and operations. Moreover, the IT landscape – especially all architectural components along the data processing chain that are relevant for reporting purposes – is affected as well. Depending on the bank’s organization, the interplay between business and IT (i.e. the functional and IT components) can be structured in very different ways, with varying degrees of complexity, heterogeneity and maturity.
Based on the analysis of the regulatory requirements, the development of an integrated target architecture connecting the functional and IT requirements is supported by:
- a catalog of functional requirements that provides a complete and detailed list of regulatory requirements based on relevant dimensions in the context of reporting (basic report information, functional area, relevance, methods, frequency, remittance date, group-related, applied accounting standards, etc.). This catalog serves as the basis for designing the functional architecture.
- a specification of IT requirements based on the functional scope of the requirements catalog (e.g. data provisioning, manual corrections, reconciliation, processing).
- a mapping of functional and IT requirements to components of the IT landscape in order to establish an integrated IT architecture. This architecture should be compliant with the overall IT strategy.
Interlinking the functional and IT architecture creates a consistent and transparent target architecture that makes a seamless implementation of regulatory requirements possible. Thus, this target architecture provides a blueprint that can be used to deduce fields of action, including potentials for realizing quick wins.
(D) DEVELOPING THE REGULATORY ROADMAP AND PROJECT PLANNING
The regulatory roadmap integrates all relevant fields of action. It compiles the required implementation actions and the expected implementation effort as well as costs and timelines, while considering constraints with regard to parallel projects, budget and resources. The roadmap presents this information in an overarching master plan. This master plan lays the foundation for a proactive management of new regulatory requirements in keeping with their implementation due dates. It is segmented into individual project plans with a short-term time schedule (approximately < 1 year) to achieve quick wins and ensure ongoing regulatory compliance (figure 3).
The flood of new regulatory provisions is unlikely to cease any time soon and thus, the regulatory roadmap has to be understood as an instrument that is not set in stone. Instead, it has to be updated and adapted continuously in line with new regulatory initiatives. In this context, it is also important to enter into a dialog with all relevant stakeholders at an early stage. Particular attention should be paid to the collaboration between business and IT as well as to obtaining the required backing from the top management.
The impact of new regulatory initiatives has been and will continue to be important for the entire banking sector. Regulations have already had significant effects on almost all functions of relevance for bank management. The implementation of new regulatory requirements will continue to pose increasing challenges for bank operations. Banks can no longer afford to handle regulatory management as a necessary evil. The time has come to acknowledge the strategic significance of an efficient regulatory management as a decisive competitive factor. Therefore, strategic regulatory management should be a mandatory item on every top management agenda.