Regulatory change is the new normal – so what?
Financial regulation appears to be in perpetual motion. Arguably the waves of change are smaller now than the regulatory ‘tsunami’ that followed immediately after the financial crisis but the impacts are still being felt by financial industry. If regulatory change is here to stay, what are the implications for regulated firms and the fulfilment of regulatory objectives? This is one of the questions I set out to explore in my research of how banks have dealt with the changes to prudential regulations after the crisis.
To do this, I used a model developed by Professor Bridget Hutter to understand the degree to which compliance with the new prudential rules was becoming part of ‘business as usual’ within five banking organizations. This conceptual model describes three progressive stages, culminating in the ‘normalization’ of regulation within an organization.
This process of ‘normalization’ is comparable with one of the overarching intentions of both Basel 2 and Basel 3 which was to improve the risk management practices and culture of global banks, as well as creating and maintaining a safer financial system. The BCBS required banks to embed good risk management in their core operations via mechanisms such as the Use Test, ensuring that model outputs and processes used for regulatory capital calculations were also used in the day-to-day risk management of the organization
My findings showed that rather than reaching the final ‘normalization’ stage, every time a regulation changed, banks were cycling between the design and establishment stage and the operationalization stage of the model. Each new rule or set of rules required an impact analysis, gap analysis, process and system design work and implementation, sometimes even reversing work that had already been done because a rule had been significantly altered during the legislative process. This continual iteration was further intensified by the uncertainty in the regulatory environment and by the different timelines along which different parts of the rulebook were changing.
Thus, and somewhat ironically, regulations that set out to explicitly embed improved risk cultures in regulated firms were preventing this from happening because the rules themselves were in a continuous state of flux (and, at the time of writing are still not finalized). Many of the people I spoke to in these banks were resigned to the fact that regulatory change is now the ‘new normal’ and described the extent to which their organizations had adapted to incorporate this into their operating models.
Whilst it could be argued that this will sustain an increased level of industry attention to the regulatory requirements (and potentially improved levels of compliance), there are also significant risks and costs involved in managing constant change. Dealing with regulatory change is still largely a manual process, requiring teams of skilled experts to wade through the new rules and assess their impacts, not to mention the large project teams necessary to implement the changes in systems and processes. This has a significant price tag, particularly in a market where compliance and regulatory expertise is an increasingly scarce resource. Levels of operational risk are also in danger of being raised, as corners are cut to meet regulatory deadlines by implemented changes in a piecemeal and tactical way. This has the knock-on effect of creating inefficient and fragmented systems and data architectures, meaning that further changes will only add to this complexity.
I am not arguing here that there should be an end to regulatory change – regulators must continue to watch for risks in the financial system and find ways of addressing them with regulatory measures. However, the financial industry needs to consider how it can better meet the challenge of regulatory change in a more efficient and low-cost manner. Fortunately, the answer may lie in the application of novel technologies such as Artificial Intelligence and Machine Learning and even Distributed Ledger Technology to automate much of the management of regulatory change. This is the mantle taken up by RegTech companies who are developing innovative solutions to help regulated firms better meet their regulatory obligations. As with the introduction of any new technology, this is not a risk-free enterprise but must surely be a step in the right direction.