In our experience helping clients with compliance projects, we’ve noticed some fundamental aspects in which these regulatory change initiatives are different from other business-driven change initiatives. We thought we’d share 5 of the most distinctive differences, which you might have already considered in Eva’s struggle.

Drop dead dates

Deadlines are fixed and set externally.

In regulatory projects the deadline is fixed by the regulator and individual firms have little influence on implementation dates. There have been instances when the initial deadline has been so tight that no market participants could meet them. In these situations the regulators may be forced to re-consider, but this isn’t commonplace and generally organisations have far less room to manoeuvre timelines in regulatory projects than in business-driven projects.

Poorly-defined requirements

Requirements remain uncertain until late in the game.

The winds of a change in regulation are often felt well before the deadline. But unfortunately the devil lies in the details. After high level drafts, there are consultation periods and it can take years to produce the detailed technical standards. Meanwhile the implementation deadlines remain fixed. Firms can start projects to implement the changes, but until the final text of the regulation is produced the industry can only make assumptions about what the final guidance will state. This is contrary to an ordinary business project where the traceability of requirements is carefully managed and all changes go through an acceptance process before being applied.

Everything is “must-have”

There’s a fixed list of requirements to implement.

Regulatory requirements define a mandatory set of functions. Everything is must-have and this could be a serious hindrance in any project methodology.

But how does it affect the iron triangle of project management? We’ve already spoken about the time and features elements, which are fixed to some extent and this is different from the traditional methodologies.

Figure 2 The regulatory shift in the iron triangle

You might already be familiar with the waterfall and agile versions of the triangle. The regulatory one is probably a blend of the two as you can see from the third picture. The only factors you can really influence are cost and quality. Everyone would like to decrease the former while increasing the latter. But the elements move together, they are inter-dependent. Assuming that the planned solution is optimal, if you reduce the budget, some of the other elements will have to move down with it. Create a partial solution or run out of time and you’ll surely face huge fines. The only viable choice for reducing costs seems to be reducing quality. But whose choice is it?

Who is the business owner?

When no one wants to be.

By interpreting the legal text, Legal or Compliance becomes the “source” of requirements in regulatory projects. But, not every organisation is prepared for that when it comes to project governance. After identifying the affected systems and processes, the impacted department becomes the official owner of the project. But are they truly engaged in this mediator role?

If you think about how regulatory changes usually take the resources from business initiatives, it must be hard for the owners of those shelved business projects to wholeheartedly support the unexpected guests. But these projects desperately need the engagement of business, because compliance can only advise of the final state, but not how to get there. That capability lies in the hands of the business users.

Now how does this affect our project planning triangle? Resources are scarce; the cost has to be minimized. This seems to be reasonable for a project which does not bring direct benefits for the organisation or the investor.

The argument is questionable on two fronts. When we speak about direct benefits, have we considered the fines which we don’t have to pay if the project is successful? This might not be a strategic benefit and as a best result we just maintain the status quo. But avoiding costs is as important as reducing them, not to speak about the reduced risk brought by the regulation. On the other side, with respect to minimising costs, which costs are we talking about? The immediate costs of executing a project until the deadline or the total cost of the change, which potentially includes years of manual work instead of automation? Additionally, what about the costs associated with the maintenance and operation of new systems as well as future changes? And the list continues with the financial consequences of being shut down by the regulators.

If we blindly minimize immediate costs, we’re risking the reduced quality of the solution which will increase costs in the long run.

Quality is the fourth perspective from which the legislation usually doesn’t define how the change should be implemented. Should you use automation or manual processes, develop an in-house solution or integrate a boxed product? There are lots of decisions about quality which can be and must be made carefully in a regulatory project.

Everyone is equally affected 

You might be fooled into thinking that the same regulation affects everyone in the marketplace equally. But are all participants equally impacted? In our experience the depth of the effect on resources and the business can be vastly different. An organisation which has its compliance eye on its processes may be better prepared and can therefore focus more on advantageous projects. Therefore it’s important to watch the regulatory horizon with eyes wide open and to be willing to adopt a culture which supports proactive thinking about the possibilities. Meeting the regulatory requirements should be the consequence, not the driver of a thorough organisational risk culture. Look behind the tickboxes.

The post Regulatory projects are commonplace, but should we give them special treatment? appeared first on BSG (UK).

21^st century London. Seagulls fly around the Shard, light drizzle dampens the pavement and the Waterloo and City line still resembles a tin of sardines more than a tube.

Eva, is a business unit leader at the retail arm of First Compliant Bank (FCB). Her team uses an internal system for tracking customer interactions in the loan collection and recovery process. The software is a bit slow and tedious to use. Eva is eager to change it to more recent technology, so she initiated a project at the last budget planning meeting. The preparation should start next month and Eva is excited because she’s imagining a much better service. The upgrade, if successful, will enable the team to follow customer interactions more easily and the new electronic reports will please management as it will eliminate the need for manual calculations and lots of paper. Relieving pain by improving efficiency and decision making and becoming green at the same time – it would be a shame to miss this.

Black clouds are gathering on the banking skyline

Have you ever heard of the Central Regulatory Authority? Not yet? Don’t worry, it’s fictional anyway. But imagine that it’s responsible for the regulation and enforcement in our fictional financial sector. These guys are serious; when they say something, it has to be that way. And now they say that the way banks handle the regulatory reporting of retail loans must be changed.

Unfortunately the reporting system in FCB also belongs to Eva’s department and it was developed by the same team as the collections and recovery system. This change clearly interferes with any plans she had. Neither the team members nor the department’s budget can sustain two such projects simultaneously. Not even her McDonald’s smile training during high school summers can help Eva to hide her disappointment. More so that she knows this project is going to give neither her team, nor FCB any advantages over their competitors.

As soon as the first draft of the new regulation came out, Group Legal and the Compliance Officer started identify the effects on FCB. By the time Eva had sight of it, they’ve already submitted the high level plans to the project governance committee. The deadline is fixed in about 8 months from today. This binds the bank legally, whereas her improvement project can be delayed; so you can imagine the committee’s decision. The bank is going to start a project to respond to the new legislation as soon as possible. What about the system refresh? Well, that might fit in next year’s budget.

Who’s going to deliver this?

Tim is the only project manager available from the pool. He’s got 8 years of experience in delivery, including 3 years in agile methodologies. The team can start the preparation this month; the problem is that the source of the requirements is only a draft regulation under consultation and so many details might change over the coming months. It is likely that the requirements will be fixed just before the deadline. This is not new to Tim, but in this case it can’t delay the deadline or reduce the scope. The scope is another painful point because every feature derived from it is a must-have requirement. This defines the so-called “minimum viable product” for the project. Tim’s concern is that this could change significantly before the deadline.

 Figure 1 The time – cost – quality triangle of the new project

So the minimal scope and the deadline are fixed, and Eva probably wants to minimize the costs, so that she can hopefully spare some budget for the other project to commence. With both scope and time fixed, a decreased budget will surely have a negative impact on quality.

What can they do to save the situation?

One possibility is for Eva to fight against this project. This would make Tim’s work harder, probably resulting in a low quality solution only finalised after the mandatory deadline. It will probably leave a fair amount of work to be done manually and lots of changes to be developed later. But is there another possible future?

Theoretically there are an infinite number of other possibilities. One of them is that Eva pushes through her project, which in turn frees some of the team members by increasing efficiency. They can create the required new reports manually. Even this option might be feasible if the automation involves high costs.

Another possibility is that Eva and Tim, together with Group Compliance, identify the required functions and the possible changes which could come from the regulator before the deadline. The business team, when familiar with the problem, should be able to prioritize the functions. Consider what would be the easiest to do manually in the short-term if the software was not ready to perform at the deadline. The IT team can implement a model based solution which can later be configured according to the changes. That reduces the running cost and can save some work for Eva’s team to focus on other duties. But with limited resources it is unlikely that the team will be able to address many of Eva’s original concerns in the scope of the new project.

Can you imagine other solutions? Have you ever been in a similar situation? What did you do? Tell us in the comments.

The post Regulatory changes, not for the faint of heart appeared first on BSG (UK).

The retail investment market has been a lucrative space for many years, however over the last decade it has had its fair share of scandals. The key area of concern currently under scrutiny is the delivery of financial advice and the subsequent sale of financial products. With the current approach, financial advisers receive commissions on products provided to clients – a framework that can introduce a bias to the financial advice which is given. Product providers that offer advisors attractive commissions get favoured, very often steering advisors away from keeping clients’ interests at heart.

This commission based approach has often resulted in partial recommendations being made while fees that are paid to advisors are not quite transparent. Public trust and consumer confidence has deteriorated significantly bringing disrepute and stagnation to this market space.

What is the mandate?

The new industry-wide legislation, the Retail Distribution Review (RDR), is being driven by the FCA. Its core tenets are to raise the professional standards of firms that dispense advice, reduce conflict of interests around remuneration and to encourage transparency and disclosure of the types of services being provided and paid for by a client. The RDR was finalised on 31 December 2012 and has the following implications from 2013 onwards:

• Adherence to a code of ethics and professional standards: One of the core requirements is that advisors are expected to hold appropriate qualifications and a Statement of Professional Standing from an accredited body. The FCA will maintain and enforce these standards.
• Transparency in adviser remuneration: A set of rules will be established to help increase consumer confidence that the advice received is not biased by commission. The consumer and the advisor will agree on a fee and it will not be determined by a financial product provider. Advisors and wealth managers are expected to have a charging structure with applicable fees/charges (based on the type of service offered) to be disclosed to clients upfront. Charges can be hourly, fixed or dependent on certain levels of service.
• Independent advice that is fair, clear and comprehensive: The assessment of a variety of investment options should be made distinct from Restricted Advice which is tailored towards a limited set of product providers.  The intent of this requirement is to ensure that advice is genuinely independent with sufficient rigor and clients are clearly notified about the nature of the advice being given.

What are the implications?

It is a brave new world for IFAs, Advisory Wealth Managers and Bancassurance. RDR cuts through the business model with an impact ranging from market positioning to technology deployment.

The key considerations which need to be made are highlighted as follows:

• There is greater competitive pressure on margins as a result of the expected transparency of fee structures. Wealth managers and IFAs can approach this challenge by revisiting their client segmentation strategy. CRM systems will become a strategic tool to support the initial and on-going partitioning and prioritisation of a client base using internal and external data. This will help inform the charging mechanisms that will be devised to suit target client profiles.
• A pressing need exists to demonstrate that fees are directly mapped to service levels as opposed to a blanket annual remuneration for services rendered.
• For those going the independent route, they will need to maintain knowledge of a broad scope of products and a product catalogue. This will need to reflect the most up-to-date offerings.
• There is concern that the market is not ready to migrate to a fee-based advice world as opposed to the ‘free’ model driven by commissions. Robust processes that support high service levels and client intimacy are critical here.
• There will be an increase in cost and complexity of compliance. This will be as a result of training, acquisition of qualifications, accreditation and reporting requirements. Smaller IFAs might struggle to continue within the market forcing them to exit or merge with others.
• Adjusting the business’ operating model to introduce efficiencies that take advantage of the post-RDR environment is inescapable. Future supporting processes and technologies will need to be understood and the appropriate projects kicked off. Once a future operating model has been clearly identified, the appropriate range of technologies can be examined and acquired as necessary.

Does it present any opportunities?

The on-going commentary within RDR has largely focused on the flaws and its undesirable impact. Of course this is natural for any form of widespread change. At BSG we try to steer attention to what benefits can be reaped and maximised in the midst of change while looking for a win-win outcome. Lets’ consider the following:

• Service optimization and outsourcing. It’s important for firms to understand where they offer added value. Once this core business area has been identified a business can outsource less critical aspects. For example an IFA can choose to outsource money management and the investment process in order to own and manage client relationships with high service levels that are innovative and intimate.
• Rise of technologies that drive lower-touch high-quality advice. New technology developments hold out realistic opportunities to streamline even the most complex advice processes and promote greater self-selection by clients. ‘Real time’ internet interactions, instant messaging and face-to-face online alternatives can be used to remove the need for direct contact. At the same time, clients are increasingly willing to use powerful online servicing tools to self-manage their own holdings (whereas they would previously have referred these changes to their advisor).
• Increased trust and willingness to pay. Improved perception of the industry and the quality of the advice being given can potentially attract increased up-front fees akin to the legal and accounting sector which would allow players to maximise profits.

The post Staying on track for the Retail Distribution Review appeared first on BSG (UK).

We’re helping many of our banking clients to effect the implementation of regulatory change. These programmes are extensive and complex. In order to help get our head around this, we took some time to reflect and identify key themes in these programmes.

Taking a macro view allows us to consider how to implement these changes in a flexible and scalable manner. Our belief is that institutions that are setup to roll out compliance change effectively and quickly will be in a better position to focus on the business rather than the upheaval of change and we want to be sure that we’re supporting our clients on this journey.

Many of the new regulations find their genesis in the Pittsburg G20 commitments (2009) where heads of state committed to reforming financial markets by reducing risk and improving transparency of the derivatives markets globally. Dodd-Frank (America) and EMIR (Europe) are some of the first to impact the sector, but there will be more.

The broader intention of many of the regulations is similar and so there are practical commonalities throughout their implementation.

Reporting to global trade repositories

In an effort to improve transparency in the markets, both Dodd-Frank and EMIR require banks to report trades to a global trade repository (e.g. the DTCC).

Certain trades need to be reported on a near-real time basis, others will need to be aggregated before reporting. In order to achieve this, significant consideration needs to be given to both software architecture (e.g. cross-platform messaging, unique trade referencing, cross platform-integration, data warehousing, etc.) and hardware (data bandwidth internally and externally). Furthermore, the regulator specifies what fields are reportable and the trade repository (e.g. the DTCC) will have additional data requirements which they want to receive on top of this.

It is also important to be mindful of which trades are reportable. Typically this is dependent on the counterparty and the product type. For example, under Dodd-Frank certain commodity swaps which are intended to be physically settled are excluded from the ‘swap’ definition, and so they are not required to be reported. At a business level, this means that deep understanding of particular trading products is required within the transaction reporting teams in order to specify which trades are to be reported. At a systems implementation level, this brings added complexity as the system needs to differentiate between different types of trades and treat them differently.

Client on-boarding – knowing which buckets to classify your clients into has never been this important

All of the G20 reforms require banks to classify their counterparts into multiple different categories.

As an example, under Dodd Frank, banks need to know whether their clients are considered “Financial Entities” and whether they are “US persons”. This information is needed to be able to determine the amount of business done with these types of clients, which in turn impacts whether the bank needs to register as a Swap Dealer with the CFTC (a US regulator).

Under EMIR, banks need to know whether their counterparts are considered “Financial Counterparts” or “Non-Financial Counterparts”. If the latter, do they fall above (NFC +) or below (NFC -) a specified threshold of derivative trading activities? This has many implications, one of which is how much time they are permitted to confirm the trade with the counterpart. For example, if the counterpart is an NFC + and the bank trades equities with them, they’re allowed only 2 days to have confirmed all legal and trade details with them (volume, price, timelines etc). On the other hand, if they are NFC – they’re allowed 5 days to do so.

What we’re illustrating here is that when classifying counterparts, although the definitions and implications are different, the procedures for taking on new clients and the system impacts are very similar. When I’m on-boarding a client, I need to consider which category they fall into as the implications are significantly and materially different across categories.

Building consistent client on-boarding procedures and flexible systems becomes essential. And when considering this in light of the fact that additional counterparty classifications are going to continue to crop up as the remaining G20 commitments are fulfilled, taking a cross-silo view of the procedures becomes crucial.

Change management – who needs to know?

Change can be unsettling, especially in a world where the penalties associated with not changing the business can threaten the ability of the business to operate.

Ask anyone involved in a derivatives reform programme and they’ll tell you there have been a few hairs turned to grey over the past year. These regulations may have been intended to bring transparency to the market, but they certainly weren’t intended to be simple. Nevertheless, they are becoming so entrenched in the way banks operate and they’re impacting daily operations to such an extent, that pretty much everyone working in the bank needs to have a basic knowledge of the regulation and its impact.

One of our investment banking clients has itself a set of clients who are small-medium sized corporates and who, by the nature of their business, are indirectly impacted by these regulations. Very few of them have dedicated Compliance departments, and so they look to their investment bank for advice in understanding their obligations under the legislation. Naturally, the sales team and client account managers at the bank can’t be giving their clients legal advice because the implications of giving the incorrect advice is far too great. That said, client-facing staff certainly do need to have some training in the regulation to understand, at a minimum, which of their clients could be impacted.

Change management is a very important aspect of any programme of work, and this is no exception. Building a work stream into the programme structure which is dedicated to internal communications, including training, is a very important part of a compliance change programme.

Navigating these stormy waters needs great captains. Who is steering your ship?

To effect sizable change, it is necessary to have engaged, courageous and inspirational leadership.

As with any complex change programme, a regulatory programme needs a group of people at the helm who are accountable for making these important decisions. They are the folk who know that it’s necessary to change the business model to prevent losing US clients, or that implementing a new confirmations system isn’t in line with the overarching business strategy, or that a decision is so significant it needs to be escalated to the organisation’s executive committee.

There are inevitably a multitude of these decisions which will need to be made over the course of a regulatory programme’s lifetime and so it’s important that the Steering Committee or Project Board is comprised of all the right representatives (Operations, Front Office, Compliance, Risk etc.) and that they’re kept informed of all the risks.

In this continuously changing landscape with so many moving parts it’s not always easy to see the wood from the trees, and so how the project team work together and engage their governing body becomes all the more important.

“Compliance speak” is different from “business speak” and “IT speak”. How do teams bring together their expertise to deliver pragmatically?

There is a need for someone who can ensure that there is a common understanding across the various stakeholder groups. Typically, this is a BA’s role.

Let’s illustrate with an example. Under Dodd-Frank and EMIR, only certain types of trades are considered “reportable”. There’s a specific legal phrase in the technical standards which identifies whether the trade is within the regulatory scope and therefore reportable or not. Consequently, IT needs to have a set of rules that can be built into code in order to identify which trades to report.

The first question from IT in this instance will be ‘How do we determine whether the trade is physically delivered or not?’. There is a need to identify which attributes of the trade entity in the system can be used to determine this.

Legal’s response will inevitably be that it depends on the situation and on what the counterparty’s intention is at the time of entering into the legal agreement. Do they intend to take physical delivery? Would the bank commit to delivering $500k in gold at the end of the contract? Or are they more likely close it out and enter into a new agreement – keep it rolling? In most instances this level of detail would be captured in the legal terms of business, not flagged in any trading system.

Of course, whilst this response is accurate, it’s not conducive to building system rules. A pragmatic solution is required from the BA to do further analysis of the trade data to be able to identify whether there are in fact any specific attributes which could be used to identify these types of trades, or whether changes to the trade systems are required to encapsulate this requirement.

The post Making sense of chaos in the compliance space appeared first on BSG (UK).

The industry has become synonymous with society’s ills – greed, immorality, recklessness – and bankers are emblazoned in scandal. They’re responsible for everything from miss-selling insurance products to being conduits for money laundering and rigging Libor (or, if you like, Lie-bor). All of this comes in the wake of a financial meltdown. Caused by bankers. Saved by the taxpayer.

In some ways, banking and cycling have been hit by the same blow. For years, problems have been building and they’ve finally surfaced, smothering any positive practices which may indeed lie beneath.

Armstrong has said that for him, it was about “winning at all costs”. He was prepared to do whatever it took to keep winning and keep yellow. And it seems some bankers will do whatever it takes to avoid red.

But these scandals aren’t isolated. They’ve weaved their way throughout the financial industry and spilled over into the shadow banking system (hedge funds, money market funds etc). In cycling, Armstrong had a network of doctors and team managers involved in what’s been labelled the ‘most sophisticated doping programme in the history of sport’ by USADA.

Throughout, their reputations have been tainted and the people running the teams and organisations are less respected. We only have to look at the spate of resignations from senior players in the banking industry to know they don’t feel the love. Something needs to change at the very core.

Slow and steady wins the race. Culture doesn’t have a quick fix

An organisation’s culture is the shared belief of ‘why’ the organisation exists – it’s reason for being. It is the collective behaviour of the people who are part of it, and it’s the values, visions and habits which drive those behaviours.

A bank’s culture is passed down from long standing employees to newer employees and it affects the way people interact within the organisation, with their industry partners and with their clients.

In my organisation, our reason for being is clear. It’s evident in every internal meeting and every client meeting. As Business Analysts we’re all driven by the same passion for positive change. We talk about our ‘why’ and share our organisational values.

But cultures, by their very nature are evolving things and they take time to develop and change. Changing the culture of banking will take time. In the view of Stephen Hester (CEO of RBS) it will ‘take a generation’ and it doesn’t have a quick solution.

Regulate to renovate. What role do rules and regulations play in changing culture?

There’s a minefield of new regulations on the radar. Regulations designed to increase transparency and reduce risk in the banking system. To prevent ‘too big to fail’ and protect consumers. Banks are coping with so much change in order to comply, but will these changes bring about a cultural shift? Or even, can they bring about a cultural shift?

We create rules for the things we think we need rules for. We cannot identify every eventuality.

In cycling there are rules about the weight of your bike, what gear ratios are allowed and when you can use race radios. There are also unwritten rules about racing on the last day of ‘Le Tour’ and when to slow for a ‘comfort break’. But when new performance enhancing drugs come about, and the line becomes just that little bit greyer, we have to write up new rules.

In banking there are rules about which trades must be cleared centrally, how much capital must be held, what you can and can’t advise customers and even how many hours you have to report incidents to the regulators. But when we identify that traders have manipulated the Libor, will we have to write another regulation? Can a fraud exist even if has not yet been identified in a regulation?

Blind spots will inevitably exist and we don’t know what we don’t know. In the “conscious competence” learning model  there are places where we’re unconsciously unskilled. Because our industry is forever changing, these will always exist.

But rules exist as in a cultural context too. They’re not created for the rule’s own sake, but because of a broader intention. In sport, typically, the broader intention is fair play. In business, it’s usually about enabling fair markets and protecting the consumer. But in both sport and business, it’s the culture which guides us through the blind spots. It is the cultural principals which ensure that we navigate in the right direction and which give us clarity in the decisions we make.

We’re just touching the surface. But, as BAs, we’re still touching it.

Regulations play an important role in building a more stable and transparent financial market, and I’m not for one moment implying they’re not crucial to the future of the banking world. But we also need to keep a wider viewpoint about what motivates people and organisations to do what they do. And so something far deeper and more fundamental has to change. Something which affects every aspect of our work.

It’s easy to view regulatory change projects as purely about responding to external forces and just about being compliant or ‘ticking the boxes’. For us, whilst it is about all of these things, it’s also about understanding the broader context of what the regulation is trying to achieve and why. The key to successful regulatory change projects is about communicating this broader regulatory message and in keeping the organisational culture in mind throughout. For example, if the broader framework of the European Markets Infrastructure Regulation (EMIR) is about having more transparency in the OTC derivatives markets in order to reduce risk in the market place, then, if people understand ‘why’ this is important in the context of their organisational culture, it aids the implementation and shapes the resulting projects.

As BAs, part of our job is to challenge assumptions, question how things are done, why it’s important to store this data here and whether this procedure could be run like this, rather than that. As agents of change however, our broader role is to help organisations effect cultural change. We have a role to play in questioning motives, or at least in understanding the reasons people do what they do in the context of the organisational culture. Only when we understand this can we truly effect meaningful organisational change.

The post Cyclists and bankers – tainted by the same brush? appeared first on BSG (UK).

The post Thinking strategically about compliance appeared first on BSG (UK).

The post Why bother with BAs on a compliance initiative? appeared first on BSG (UK).

Supporting notes can be found here (Slideshare).

The post Can compliance be interesting? appeared first on BSG (UK).

The post Understanding AML appeared first on BSG (UK).