Regulatory Risk Management - Top Ten Steps for Directors
Both domestic and international regulators are attempting to ensure greater systematic sustainability for the future resulting in ongoing regulatory change. Financial institutions themselves are therefore required to implement higher compliance and monitoring standards, while at the same time ensuring a sustainable business. In struggling to address their regulatory mandates, the financial institutions rely on executives, management and operational staff, but the ultimate responsibility for regulatory risk management rests with the Board of Directors.
In response to this demand, directors have begun to adopt a new approach to managing regulatory risk. This new approach is summarised below as our top ten practical steps to managing, and ideally mitigating, regulatory risk:
Regulatory Risk: The directors will consider, define and document their view of what regulatory risk means in practice for their financial institution, including, for example, regulatory change risk and compliance risk.
Potential Risk Impact: The directors will consider the qualitative and quantitative impact of the risk of failure to comply with existing regulatory requirements, including, for example, material financial loss resulting from regulatory sanctions or reputational damage as a result of non-compliance.
Prioritise Regulatory Risk: The directors will identify regulatory risk as a key priority which will set the tone from the top and ensure that it is recognised throughout the organisation as a key risk which needs to be managed across all levels and departments and by all employees of the financial institution.
Allocation of Regulatory Risk: The directors will consider, communicate and document regulatory risk across functions and departments (For example; compliance, risk, finance, internal audit etc.).
Accountability: The directors will allocate responsibility for Regulatory Risk to individuals within those functions and departments, along with documentation of this allocation through roles and responsibilities.
Key controls: The directors will identify, assess and manage the controls which mitigate Regulatory Risk.
Dashboard: The directors will monitor the ongoing management of regulatory risk and demonstrate this through, for example, a Board Regulatory Risk Dashboard which includes all key regulatory risk metrics, including prudential reporting.
Corporate Governance structure: The directors will update and amend the corporate governance structure to ensure appropriate and documented reporting lines for escalation of issues and potential breaches.
Data Management: In managing this risk it is essential that the Board has access to relevant data. Some financial institutions have outmoded technologies and disjointed organisational structures, which historically has challenged the Board’s ability to adequately evaluate and manage regulatory risk accordingly. Outdated systems and technologies may require update going forward in order to enable the Board to appropriately manage regulatory risk.
Regulatory Change: The Board will develop and implement a regulatory change framework to ensure the timely and appropriate implementation of changes in regulation if and when they occur as part of regulatory risk management.
If you have any questions or would like to discuss your own particular regulatory risk challenges, please contact Sarah Lane, Regulatory Assurance Director, Mazars by email at firstname.lastname@example.org or by ‘phone at 01 - 449 6488.
The views expressed in the posts and comments of this blog do not necessarily reflect the views of the Institute of Directors in Ireland. They should be understood as the personal opinions of the author. The content of this blog is for information purposes only and the Institute of Directors in Ireland is not responsible for the accuracy of any of the information supplied.