NCFAs innovation and funding ecosystem

A Tsunami of Regulatory Change Overwhelms Organizations

The GRC Pundit | Jul 29, 2021

Regulatory burden - A Tsunami of Regulatory Change Overwhelms OrganizationsRegulatory change is overwhelming organizations. Many industries, like financial services, are past the point of treading water as they actively drown in regulatory change from the turbulent waves of laws, regulations, enforcement actions, administrative decisions, and more around the world. Regulatory compliance and reporting is a moving target as organizations are bombarded with thousands of new regulations, changes to existing regulations, enforcement actions, and more each year.  Regulatory change impacts the organization as it reacts to:

  • Frequency of change. In the past five years, the number of regulatory changes has more than doubled while the typical organization has not increased staff or updated processes to manage regulatory change. In financial services, according to the latest Thomson Reuters research, there was an average of 257 regulatory change events every business day in 2020, which is just in this one industry. In the past five years, the number of regulatory change updates impacting organizations has grown extensively across industries.
  • Global context.  Regulatory change is not limited to one jurisdiction but is a turbulent sea of change around the world. Regulations have a global impact on organizations and markets. In Asia, GRC 20/20 finds that there is often more concern over EU and US regulation than over-regulation from Asian countries. Inconsistency across regulations from jurisdiction to jurisdiction brings complexity to regulatory compliance.

See:  OSC unveils charter for office to promote innovation and reduce regulatory burden

  • Inconsistency in regulations. Managing compliance and keeping up with regulatory changes, exams, and reporting requirements becomes complicated when faced with international requirements. Regulatory jurisdictions have varying approaches such as principle-based regulation (also called outcome-based regulation) that is popular across Europe and other countries around the world, while the United States and other countries approach a prescriptive approach to regulation that is more akin to a check box list of requirements in specifically telling the firm what has to be done. The principle-based approach gives the organization flexibility with the focus on the achievement of an outcome and not the specific process that got them there.  There are conflicting challenges in privacy regulations and other laws impacting organizations across jurisdictions.
  • Expansion into new markets.  It has become complex for organizations to remain in foreign markets as well as enter into new markets. The pressure to expand operations and services is significant as the organization seeks to grow revenue and be competitive, while at the same time being constrained by the turbulent sea of changing regulations and requirements.
  • Focus on risk assessment. Regulatory compliance is increasingly pushed to integrate with broader enterprise and operational risk strategies with a focus on delivering a specific assessment of compliance risks. For example, regulators in the US seek to ensure that compliance officers do compliance risk assessments. This is also a theme picked up on by law enforcement agencies like the U.S. Department of Justice (DoJ) and the Securities and Exchange Commission (SEC). The courts, with the United States Sentencing Commission, also evaluate the culpability of an organization on compliance based on compliance risk. The discipline of risk management is becoming a prerequisite for compliance officer skills to ensure that compliance has a seat at the enterprise risk management (ERM) / GRC table.

See:  March 1, 2019: NCFA Submission to the Ontario Securities Commission on Regulatory Burden

  • Hoards of regulatory information. Organizations are overwhelmed by information from legal, regulatory updates, newsletters, websites, emails, journals, blogs, tweets, and content aggregators. Compliance and legal roles struggle to monitor a growing array of regulations, legislation, regulator findings/rulings, and enforcement actions. The volume and redundancy of information add to the problem. Managing regulatory change requires weeding through an array of redundant change notifications and getting the right information to the right person to determine the business impact of regulatory change and appropriate response. Organizations must search for the marrow of regulatory details and transform it into actionable intelligence, which can be acted upon in a measurable and consistent manner.
  • Defensible compliance. Regulators across industries are requiring that compliance is not just well documented, but is operationally effective. This can be seen in the latest DoJ Evaluation of Compliance Program guidance. Case in point, Morgan Stanley is praised by regulators as a model compliance program and is the first company in 35 years of the Foreign Corrupt Practices Acts (FCPA) history to not be prosecuted despite bribery and corruption in their Asian real estate business. One of the points the Securities and Exchange Commission (SEC) and Department of Justice (DoJ) referenced was Morgan Stanley’s ability to keep compliance current in the midst of regulatory change: “Morgan Stanley’s internal policies . . .were updated regularly to reflect regulatory developments and specific risks.”

The amount of regulatory change coming at organizations is staggering. Consider an international bank headquartered in South America that embarked on a project to build a database of regulatory requirements impacting the bank globally. The detail went down to the required level so an individual regulation may have a few requirements to more than a thousand, depending on the regulation. After eighteen months of cataloging over 81,000 requirements, they abandoned the project. The reason was that the content was already obsolete—so much had changed during the process of documenting that they did not have the resources to maintain the volume of regulatory change.

See:  United States: Virtual Currencies Regulatory Overview (and Comparative Guide)

A Tier 1 Canadian bank has expressed a similar regulatory requirement documentation project demise for the same reason. If you print the United Kingdom’s Financial Conduct Authority rulebook, it comes to a stack of paper six feet tall. The U.S. Code of Federal Regulations (CFR) is over 174,000 pages. When printed and laid out end-to-end that is a paper trail that is 25 miles long, nearly as long as a marathon.

Continue to the full article --> here


NCFA Jan 2018 resize - A Tsunami of Regulatory Change Overwhelms Organizations The National Crowdfunding & Fintech Association (NCFA Canada) is a financial innovation ecosystem that provides education, market intelligence, industry stewardship, networking and funding opportunities and services to thousands of community members and works closely with industry, government, partners and affiliates to create a vibrant and innovative fintech and funding industry in Canada. Decentralized and distributed, NCFA is engaged with global stakeholders and helps incubate projects and investment in fintech, alternative finance, crowdfunding, peer-to-peer finance, payments, digital assets and tokens, blockchain, cryptocurrency, regtech, and insurtech sectors. Join Canada's Fintech & Funding Community today FREE! Or become a contributing member and get perks. For more information, please visit: www.ncfacanada.org

Latest news - A Tsunami of Regulatory Change Overwhelms OrganizationsFF Logo 400 v3 - A Tsunami of Regulatory Change Overwhelms Organizationscommunity social impact - A Tsunami of Regulatory Change Overwhelms Organizations

Support NCFA by Following us on Twitter!







For more information about FFCON21: BREAKING BARRIERS, on-demand videos and ways to participate