CastleHill Managed Risk Solutions Blog

Managing Regulatory Changes – Thankless Job or Hidden Gem

Posted by Joseph Santangelo on Feb 12, 2018 12:02:11 PM

Managing Regulatory Changes – Thankless Job or Hidden Gem

Regulatory Change Management is an enterprise activity that encompasses managing the risks that are inherent in a company’s products, activities, processes and systems. The dizzying speed of change in Business is being matched by the rate of Regulatory changes. This makes it ever more challenging to ensure that an organization is effectively monitoring and processing applicable regulatory changes. Keeping up is very challenging, but with good planning, effective processes and knowledgeable staff, the difficulties can be turned into corporate advantages.

We tend to think of Regulatory Change Management as a negative, something that we have to do like going to the dentist. However, the Effectiveness of Innovation Policy Intervention Project by the Manchester Institute of Innovation Research (MIoIR) in the University of Manchester has revealed some interesting facts about Regulatory Change. A comparison was made between the initial negative impact and cost of regulatory compliance versus the vigorous effect of innovative activities resulting from the regulatory modifications. The investigation revealed that the although the short-term impacts of regulatory changes are often perceived as negative, they are more than made up for by the innovation and improvement that are experienced in the long run.

Many large organizations are extremely siloed. They have different processes, procedures and even different language and business terms. At times, processes have ineffective controls or are not formally defined and if they do exist, their documentation is out of date or does not exist. Even use of tools may be ad-hoc or localized with varying degrees of support. In such situations, changes in regulations can cause chaos.

As a first step, organizations must determine the relevant sources of potential changes. Many have found success by pairing internal Legal teams with specialist vendors to monitor for changes. However, there is greater difficulty uncovering internally driven changes and then assessing their impact to Regulatory, Compliance or controls. This requires greater thought and innovation which will ultimately provide the organization with enhanced corporate knowledge and a closer interaction between siloed lines of business.

As a next step, the implementation of a standard regulatory taxonomy will provide the capability to consistently map regulations to policies and business processes. It will ensure that ownership and accountability of regulatory changes are clearly established, understood and tracked. The business impact of changes to operational processes and new or enhanced product offerings must be coordinated and tracked so that compliance requirements are enforced. Consistently tracking and linking business changes across the organization facilitates the development and articulation of a cohesive strategy and facilitates their communication to clients, management and employees.

The rate of regulatory change does not appear to be slowing down. FinCEN, GDPR, CFPB and many others will make managing of change a hotbed of activity. Depending on how well regulatory change processes are established, it can either stop us in our tracks or enable us to take our organizations to the next level.

Joe Santangelo

VP Business Development


CastleHill Managed Risk Solutions


Topics: GRC, Risk Management