The Foundations of Your Compliance Program: Keep Your Regulatory Library Spinning | Wolters Kluwer
  • Insights

  • The Foundations of Your Compliance Program: Keep Your Regulatory Library Spinning

    by Barbara Boehler

    Published January 15, 2018

    (as published in Corporate Compliance & Ethics magazine)
    1. Identify the laws and regulations that you are beholden to—across all of the jurisdictions in which your business operates.
    2. Conduct a thorough assessment of current processes, staff, and practices relating to regulatory compliance obligations.
    3. Recognize that as your firm grows in size and complexity, so may your need for additional regulatory infrastructure.
    4. Consider the merits of using a third party to help build out your regulatory library and operationalize change through the ingestion of content or the implementation of software—or some combination of both.
    5. Acknowledge and take some comfort in the fact that no one firm’s compliance program is perfect, and like everyone else’s, it is an ever-evolving process.

    Organizers of a major regulatory compliance conference this past year hired a professional plate spinner (yes, it’s a profession) to open their keynote session. The spectacle of watching the entertainer keep each plate spinning, while introducing additional plates—without having them all come crashing down—is an apt metaphor for the successful management of a compliance program.

    The day-to-day care and management of your organization’s compliance program is already an exercise in balance and agility worthy of a professional plate spinner. However, compliance professionals are faced not only with maintaining what is on their current plates but also introducing new “plates” in the form of regulatory change. Each new regulatory plate requires review, assessment, and impact analysis as part of a herculean effort to keep the whole program from crashing down.

    In Wolters Kluwer’s regulatory compliance work with banks, securities firms, insurers, and others, we find that a firm’s management of its compliance program really comes down to asking three foundational questions:

    1. What are the laws and regulations that you are beholden to across all of the jurisdictions in which you operate?
    2. Are you confident that you’re adhering to the regulations?
    3. Can you prove your compliance to a third party, e.g., internal audit, your board of directors, and your regulators? Essentially, are you monitoring, are you testing, and how do you prove that you’re doing any of it?

    The answer to the first of the three questions may lie in fully developing your regulatory library. What exactly is this resource, and why is it important? The regulatory library is a foundational aspect of your program, the development of which accomplishes the task of getting your arms around the full contingent of regulations critical to your business, determined by the jurisdictions in which you operate, the composition of your firm, and the products that it offers. Although developing this set of rules is a daunting task, it is not insurmountable.

    A complicating factor is that the regulatory environment is in constant flux. Last year alone, more than 20,000 regulatory changes were catalogued globally across 600 jurisdictions within the banking, insurance, and securities verticals. And there is no evidence that the pace of regulatory change will be substantially stemmed by the Trump administration’s promise of regulatory rollbacks. In fact, any rollbacks present compliance officers with regulatory uncertainties that, in turn, need to be assessed, vetted through the legal department and the business stakeholders, and, ultimately, implemented.

    Developing your regulatory library

    A comprehensive regulatory library will serve as the backbone of your compliance program. From this, your firm can connect policies and procedures, departments, and products as well as connect regulatory changes, and all compliance departments, to assess risk across the firm. A fully articulated program allows you to see across the business and manage the impact of regulatory change. Getting to this end state is, admittedly, a process.

    So, where does one start? To know where to begin, you must first know where you are. Although this sounds a bit self-evident, a thorough assessment of current process, people, and practice is necessary. We find that clients of varying size across all of our financial services verticals—insurance, securities, and banking—struggle with the same issues and, indeed, all fall somewhere within a regulatory change maturity model. Self-assessment and internal due diligence are necessary to determine where you are on this continuum and to help you determine the steps necessary to reach the next level. Regardless of where you are on the regulatory compliance “maturity model,” there are sound steps you can take to improve the process.

    Move your compliance program to the next level

    If the concept of a regulatory library is completely new to your firm, you may fall at the beginning of the maturity model journey. This is not in any way an indictment of your compliance program. Rather, it is simply recognition that not all firms are the same in terms of size, complexity, or the current state of their relative regulatory compliance maturity. It is quite possible that your institution does not have a need for a fully articulated map, tied to policies and procedures, and regulatory changes. There are solutions that can assist with answering this question and getting your arms around regulatory change focused on monitoring.

    However, as your firm grows in size and complexity, so does your need for additional infrastructure. If your need for a regulatory library is new, recognize that third-party regulatory compliance experts can help with building out your regulatory library and help you operationalize change through the ingestion of content or the implementation of software—or some combination of both.

    Firms that might be a bit higher on the maturity model continuum may have the beginnings of a regulatory library, but find that it is not as functional or current as it could be. For example, each compliance business unit in a large, complex organization may be maintaining different and disparate libraries. Many firms maintain information in a combination of spreadsheets, software (proprietary and third party), and even paper. They struggle with keeping an ever-changing library of regulations up to date, not to mention operationalizing those changes and assessing the impact once changes are detected.

    Finally, firms at every level of the maturity spectrum should take some comfort in the fact that no one firm’s compliance program is perfect: like everyone else’s, it is ever-evolving. Even firms with a fully articulated regulatory library struggle with its care and maintenance. A first and foundational step to help keep your compliance program spinning in the right direction is the recognition of the need for, and adoption of, a regulatory library. Once you have that foundational piece in play, you can focus on keeping all of your other plates in the air.



  • Please take a moment and tell us what you think of our content.