Regulatory change is a constant challenge, but it doesn’t have to be a source of anxiety. Robert Tull, compliance leader and consultant, shares a practical framework for transforming your compliance program into an adaptable, opportunity-driven operation.
Change is a constant for compliance professionals. Once we believe that things are close to feeling settled, cosmic humor dictates an entirely new regulatory or industry development is about to streak into our world. As effective compliance professionals with effective compliance programs, we have the resolve to continuously navigate and adapt to changes.
If we want more grace and ease in adapting to changes, we can resist interpreting change as a source of ever-expanding anxiety and responsibility and view change as the opportunity for growth that it is. Change provides opportunities to embed new efficiencies and to further foster meaningful partnerships. It creates targets of opportunity for compliance to demonstrate its value-add function.
Change is good; it stimulates growth. Regulatory and industry changes invite opportunities for compliance programs to adapt into more efficient and effective workflows and structures. To maximize our value in the change management process, we can implement six important steps to adapting to change.
Step 1: Change identification
The first step in change management is identifying and navigating the stream of changes. We must have a sense of the winds of change, watching for movements of new regulatory developments, such as new rules, enforcement, risk alerts, FAQs and speeches or statements. Our antennae should be pointed toward industry and regulatory groups and publications, as well as other channels. As we see developments forming, use it as an opportunity to reflect on previously identified deficiencies, gaps or exceptions in our program. Change could impact the present as well as the future. While reflecting, also consider internal sources of changes, such as changes to or the expansions of products, services, clients, investments, markets, affiliates, systems, vendors, owners and personnel.
Staying informed means having communication and awareness systems in place within the organization to funnel and direct information to us, and to promote our desire — our curiosity — for information about potentially incoming changes. By maintaining collaborative internal relationships, we can stay informed about current and potential future developments in the business and industry. Having recurring touch points with client-facing, marketing, business and operational teams, will nurture our communication channels. This energy should be fueled with curiosity and care. Compliance requires continuous learning, and it helps to have a thirst for information.
Step 2: Impact analysis
Once we identify a regulatory or business change, the question then becomes: What does this mean for us?
Each change affects an organization differently, whether product offerings, system functionality or even the way teams collaborate. After identifying the change, we need to analyze the effect. We translate our technical understanding of the change into reality of our organization and personnel. We peel back the layers of the change and trace it to assess how it might manifest in each part of the organization — products, services, systems, processes and teams. This analysis requires the affected parts of the organization to have a voice in how the change will be digested within the organization.
This analysis begins from a place of unknowing and might still result in some degree of unknowing. Even with seemingly thorough and comprehensive analysis, we must recognize and acknowledge that it’s unlikely that we will have all the answers. Answers will be revealed through the next steps. An overriding commitment to clarity and continuously assessing the broader impact will be illuminated.
What Compliance Metrics Are Important for Reporting to Management?
From board to regulators, many stakeholders want insight into compliance metrics
Read moreDetailsStep 3: Sponsorship & partnership
Once we understand the effects of the change, we enter into the relational part of the process: engaging sponsors and partners. Getting buy-in from management is crucial, but it isn’t always a given, particularly where change comes with a price tag. In large part, it depends on how well we distill the scope and impact of the change down to its critical components and the precise “ask” of management to support and sponsor the change. This process of securing buy-in requires a genuine relationship founded on trust and communication, where the compliance professional understands the concerns and priorities of stakeholders and can present a change management project that honors awareness and agreement with those priorities.
Finding and converting the appropriate sponsors and partners in the change management process is an opportunity to build new relationships and strengthen existing ones. More importantly, it’s essential to be successful and make the endeavor as less painful as possible for all affected. However, securing commitment as a sponsor or partner does not imply consensus, nor does it require it. Differing perspectives and opinions on the path forward in response to change is not a barrier; it’s an opportunity to create and arrive at an optimal solution. A mature change management process provides an environment where harmonizing differences is seen as accretive and supporting the long-term success of the compliance program.
Step 4: Planning & execution
Once we have executive sponsorship and buy-in from the critical business partners, we are able to shift into planning and execution. The focus of this step is understanding dependencies, setting timelines and creating clear action items and milestones, transitioning into project management.
Our internal partnerships will help us understand the dependencies and limitations of systems, processes and personnel affected by the change. This collaboration is essential and valuable, as it enhances our assessment of and proposed response to the change. These dependencies and limitations provide the path and guardrails for the change management project plan. The planning process establishes required deadlines and timelines, as well as critical path action items, milestones and decision points. Additionally, with an eye toward a later step in this process, the change management project plan should identify areas where the organization can monitor the implementation of the action items.
Each aspect of the change management project plan should clearly designate the individual accountable for execution. Practically speaking, if compliance personnel cannot execute — or compel those under their supervision to execute — an action item, then compliance personnel should be designated as being accountable for that task. Lastly, there should be a process for reporting to the executive sponsor on progress and implementation. When determining the information worthy of reporting, consider the relevant priorities for the executive sponsor and how the project is addressing those priorities and reducing the risks stemming from the change.
Step 5: Communication & reporting
Clear and consistent communication throughout the change management process will define whether the project will stumble or shine.
Any successful project requires ongoing dialogue, both within teams and across the organization. A common mistake when compliance professionals initiate a project is to assume that the initial communication at the outset was sufficient to provide all the necessary information. It serves all parties best when communication reinforces the salient aspects of the project, clarifies areas of ambiguity and to acknowledge progress. Periodic and organic reporting can flag previously unidentified dependencies and limitations, as well as reinforcing why these changes matter and how they affect the business. This stage of the change management process is an opportunity to provide training, explain expectations and reaffirm a shared understanding of the regulatory landscape that the business is navigating.
A lesson from implementing various regulatory and business changes over the years is for compliance to maintain records of key decisions in the change response process and the rationale behind them. These records prove to be invaluable when revisiting the justification of decisions (particularly when scrutinized by regulators) and when we need to look back and evaluate what worked and what didn’t in the change management process.
Step 6: Monitoring & evaluation
Once we implement the revisions to the operational processes and the compliance program for the regulatory or business changes, it’s tempting to consider the process complete; however, it’s not. As with any change, we cannot simply set it and forget it; we need to assess whether the change is adequately embedded. Sufficient change management requires monitoring and evaluating how the change is absorbed into the organization and that all aspects of the change are implemented as intended.
Part of the change management project plan should consider what and how the organization will monitor to measure implementation and ensure that previously identified and unidentified risks remain within the organization’s risk appetite. This phase requires candor and a willingness to admit when something isn’t working as conceived. Where did we identify potential potholes and pitfalls? In the planning process, it benefits us to identify the areas where monitoring and testing will provide insight into the effectiveness of the changes. It’s tempting to close the project as soon as the final action item is completed, but real compliance value is found in revisiting and refining processes over time. Continuous improvement is one of the hallmarks of an effective compliance program as lessons learned are transformed into better policies and procedures. Lastly, the monitoring should also inform the executive sponsor on the effect of the change management implementation. Compliance professionals must have the confidence to take ownership for the outcome of change management projects.
Lessons learned: Growth through change
In reflecting on decades of experiences with regulatory change management, a few lessons stand out:
- Accept uncertainty: We won’t always have all the answers at the beginning, and that’s OK. What matters is the ability to adapt and keep moving forward.
- Foster relationships: Compliance doesn’t happen in a vacuum. Building strong relationships across departments is key to managing change effectively.
- Accountability and ownership matter: Clarity in roles and responsibilities can make or break a change management project plan.
- Continuous learning is key: Monitoring and revisiting our processes is where effectiveness is built.
In the end, change management is an ongoing process that requires technical expertise, collaboration, adaptability, and emotional intelligence. Every regulatory and business change is an opportunity for the compliance program to demonstrate its value in the organization, and that requires both courage and commitment.
