A new approach to regulatory change management

Now is the time to reimagine your regulatory change management (RCM) operating model.

Organizations worldwide—regardless of industry—are facing a growing number of regulations from financial reporting, capital calculations, and cybersecurity to operational resilience. Demand and scrutiny from stakeholders, regulators, and investors is increasing and organizations are under increasing pressure to meet intensive compliance demands. While many organizations already have some form of RCM in place, many of these models aren’t sufficient to future-proof against new regulations and aren’t in keeping with industry best practices.

The need for a robust and sustainable model for regulatory change management is evident. By adopting a change management framework that’s reflexive and agnostic of geography or business unit, organizations can enhance coordination, gain meaningful insight, and improve overall compliance management.

What is regulatory change management?

Regulatory change management (RCM) is the process of ensuring an organization’s policies, standards, and controls are aligned with the ever-changing regulatory environment. This includes monitoring regulatory developments, assessing the impact of changes on business, and implementing necessary controls to ensure compliance.

 

Get greater clarity on where and how your organization performs.

Operating model transformations can be daunting—and achieving meaningful changes relies on proper preparation. Maturity assessments work to understand, assess, and benchmark your organization’s capabilities.

Assessing your regulatory change management operating model can help you to identify weak spots and start planning on how and where to improve your capabilities. In turn, it can help smooth your transformation and reduce wastage or misspent efforts. By understanding where your organization may be competing or working at odds, you can better understand where to allocate resources.

In this article, we outline our approach to maturity assessments for regulatory change management.

 

What does a maturity assessment look like?

Step one: Defining the themes.

Our assessment evaluates an organization’s operating model across eight themes that we’ve identified based on our hands-on, industry experience. We examine the current state of an organization’s RCM model, benchmark it against industry-leading practices, and identify gaps and areas for improvement.

The maturity assessment is structured around the core areas of an operating model: people, process, technology, and data. These core areas are covered under eight central themes:

• BAU operating model: Operating model to manage regulatory changes and refinement.
• Process and documentation: Process flows, activities, and RACI to support the current regulatory change operating model.
• Regulatory execution: The current model followed in the delivery of a regulatory change includes stakeholder identification and impact functions.
• Data governance: The current model followed in the delivery of a regulatory change includes stakeholder identification and impact functions.
• Program management: Model followed in identifying risks associated with regulatory implementation programs, their mitigation plan, and business continuity plan.
• Operating effectiveness: Identification of non-compliance scenarios and their consequences for a regulatory change.
• Post go-live compliance: Ensuring continued compliance with regulatory changes post go-live and their governance structure.
• Ancillary support management: Impact on technology solutions, including infrastructure and the identification of new technology solutions as well as vendors for managing regulatory changes.

The assessment is structured in the form of a questionnaire and envisages the ideal end-state for each question. The questionnaire gives an indicative view of the expected outcomes for that question as well as the evidence required to confirm if industry-leading practices are adhered to. Based on the response to each question, scores for each theme are then calculated.

Step two: Understanding assessment maturity levels.

The next phase outlines an organization’s maturity level, capturing the current state of an organization’s operating model against the eight core themes. The maturity levels map an organization’s readiness for regulatory change and provides a snapshot of the integration of compliance, risk, and business process and outlines areas for improvement.

Step three: Identifying the outcomes and actions.

The final stage of the assessment visualizes the output based on calculated scores. The outcome is represented in the form of a spider chart, which is indicative of the eight themes. We then help organizations use these insights to develop an action plan.

Why should organizations take a maturity assessment?

The maturity assessment allows organizations to better understand current pain points in their existing model, build a roadmap to transform their operating model, and drive consistency across their business functions.

Redefine your organization’s regulatory change management.

Infosys Consulting has deep expertise in risk and compliance. We have a global team of dedicated experts to help your organization navigate the end-to-end regulatory change lifecycle. We have extensive experience streamlining large, complex regulatory change programs.

We also help organizations transform their regulatory change process through:

• Regulatory change operating model business case: We develop a business case to align with your organizational goals for prioritizing enhancements related to handling regulatory changes. We conduct a cost-benefit analysis for implementation of regulatory change and document and socialize the final business case.
• Target operating model (TOM) design: We design regulatory change operating models that identify and define key personas, outline roles and responsibilities (RACI), define corresponding activities, and build standard templates for reporting metrics.
• Validation of TOM: We identify regulatory change to validate and conduct standalone / cross-BU pilot testing of TOM. We utilize standardized testing of artefacts and document and track gaps related to TOM and address gaps as needed to ensure remediation before TOM go-live.
• Rollout and maintenance of TOM: We define a robust regulatory change operation model rollout strategy, create training packs, job aids, and desktop procedures for key stakeholders. We also conduct organization-wide trainings and assist in go / no-go readiness reviews and the final rollout to business-as-usual.
• Governance structure to support TOM: We clearly define the project charter, appoint key personnel, and manage committee memberships. We also gather and report information to relevant stakeholders (such as, the steering committee, board, and external stakeholders, etc.). We review risk assessments, risk-related issues, and the ERM framework regularly.