Effective delivery of private banking risk and regulatory transformation in AsiaBy Yacin Mahieddine & Simon Tong
Private banks in Asia are increasingly burdened by risk and regulatory requirements, in fact more so than any other segments within banking. Regulations span numerous dimensions and serve various objectives including investor protection, financial crime prevention, capital adequacy management, taxation compliance, professional code of conduct, and risk management.
Whilst some of these requirements are globally dictated, others are specific to Asian regulators. For example in the area of financial crime, whilst most regulators have adopted Financial Action Task Force's (FATF) 40+9 recommendations, Hong Kong and Singapore have gone beyond and enhanced regulations to include other dimensions such as tax crime or client due diligence requirements specific to private banking.
The plethora of risk and regulatory requirements can be overwhelming for any Chief Regulatory Officer (CRO) or Chief Operating Officer (COO) and the cost of compliance is becoming a key driver of rising cost to income ratios for Asian-based private banks.
Asia presents a geographical challenge with the need to comply with requirements of each jurisdiction where a private bank has a booking center. For most private banks that have two to six booking centers across Asia Pacific, this incrementally adds to the challenges of interpreting and implementing regulatory requirements.
This is different to other geographies such as Europe where there are common directives and the challenge is to align stakeholders across booking centers towards a common interpretation of European directives e.g. Financial Market Infrastructure Act (FINFRAG) and prepare a group response for compliance.
For CROs and COOs operating in Asia, there are several key challenges and they will need to carefully manage the complexities and effort involved with implementing new regulations.
1. Managing complexities of new regulations
• Regulations can overlap across multiple jurisdictions but still retain specific requirements and nuances which CROs and COOs need to accommodate. For example whilst both Hong Kong and Singapore have regulatory requirements for investment suitability, Hong Kong has specific requirements on risk rating investment products.
• Changes brought about by regulatory requirements can be extensive and impact an organisation's entire operating model from front to back office. For example Foreign Account Tax Compliance Act (FATCA)/Automatic Exchange of Information (AEI)/Common Reporting Standards (CRS) impacts the entire operating model for a private bank from relationship managers in the front office to corporate actions and tax operations in the back office.
• Different regulatory requirements can impact common processes, organisational functions, IT applications, and data sources. For example FATCA and Know Your Customer (KYC)/anti-money laundering (AML) regulations can both impact the client onboarding process and frontline staff.
2. Managing the cost of compliance
• Balancing the need for tactical workarounds versus longer term strategic solutions. Banks are under pressure to quickly deliver a workable solution to comply with regulatory requirements, but have they properly thought through whether the solution is strategically agile and aligned with the bank's target operating model?
• Managing scope creep as the needs of other initiatives is declared as regulatory requirements. From experience we have seen stakeholders 'piggy back' on regulatory initiatives to automate functions that were previously done manually and improving system functionality which would otherwise have been disapproved through a business case process
3. Institutionalising effective governance
• Institutionalising effective program governance spanning across regulatory initiatives and having centralised coordination of implementation planning and execution in order to manage interdependencies and organisational impacts across multiple initiatives
• Creating ownership by the business to deliver upon regulatory outcomes
Inability to effectively manage regulatory changes can potentially result in increased cost of compliance and poor quality of compliance delivery and execution:
1. Increased cost of compliance due to:
• Poorly planned regulatory change programs
• Lack of strategic approach towards implementation
• Lack of coordination around deployment of changes to commonly impacted processes, organisation units and technology
2. Risk of poor quality of compliance resulting from:
• Lack of visibility on how regulations will impact the organisation and understanding the organisation's readiness for change
• Inadequate involvement from board and management
• Responsibilities for implementation not clearly defined
• Insufficient change management as regulatory changes are not properly communicated and understood by impacted employees
There are several key success factors when planning an approach to implementing numerous and ongoing regulatory changes.
Harmonisation & optimisation of delivery
• Identify similarities across common market regulations and harmonise requirements (where possible) through a regional set of policies and procedures which fulfill regulatory requirements across markets. This will allow banks to standardise the approach for compliance across booking centers.
• Optimise delivery by ensuring implementation interdependencies across regulatory requirements are highlighted and accommodated as part of implementation planning
Coordination & collaboration
• Identify commonly impacted stakeholder groups across business, operations, IT, risk & compliance, legal, and tax. This will allow banks to quickly identify who will be most impacted by regulatory changes and design interventions to manage the degree of change
• Where possible implement a single point of contact to capture and manage common requests directed at common stakeholders. For example, have a single point of contact to initiate, capture, and route technology requests from operations/risk to IT
Strategic agility vs. short term delivery
• Evaluate strategic vs. tactical options in order to determine an optimal solution for the organisation balancing cost, flexibility, and ability to respond to regulations
• Consider cost-effective delivery options including transfer of tasks to lower cost delivery locations
• For global & regional programs, ensure consistency and alignment of vision and common understanding of goals and expectations including clarity of roles and responsibilities across local vs. regional vs. global teams
• Ensure global teams are able to provide a target end state view and a clear design of the solution to be implemented in order to fulfill compliance obligations
The need for a risk and regulatory transformation office
A risk and regulatory transformation office reporting to the COO and CRO can help effectively govern and coordinate delivery of regulation and their impact on organisation, process, technology, and management information (MIS).
Establishing a risk and regulatory transformation office can serve to manage and govern the portfolio of regulatory projects under implementation and coordinate the impact across commonly affected stakeholders to minimise disruption to business as usual and maximise efficiency of delivery. This would involve:
Managing program management office and stakeholder engagement:
• Improved coordination across the organisation and reduced complexity of implementation
• Alignment of key stakeholders in order to drive buy in to changes
• Visibility of program status and progress
• On time and on budget delivery
Coordinating change management and embedding cultural change
• Consolidated understanding of how affected stakeholders will be impacted by multiple regulations
• Centralised planning of training, communications, and stakeholder engagement activities
• Creating awareness and embedding attitudes and behaviours around ensuring compliance through cultural change
Driving deployment planning and dupport activities
• Centralised coordination of deployment activities in order to effectively manage change
• Stress testing and pre-deployment readiness checks to minimise disruption to business as usual
• Deployment command centre to act as a point of escalation and first line of defence for deployment issues
Centrally capturing and coordinating fulfillment of technology requests and requirements across risk and regulatory initiatives
• Efficient coordination and delivery of technology requirements
• Evaluation of solution options aligned to project requirements in order to balance the need for timely delivery whilst managing cost and alignment to the organisation’s target technology architecture
In summary, changes to the global and Asian regulatory environment coupled with high cost to income ratios are calls for CROs and COOs of Asian-based private banks to respond to regulatory changes in a structured and coordinated approach.
The establishment of a transformation office for risk and regulatory projects provides the necessary foundation and infrastructure to execute and coordinate regulatory change in an efficient and effective manner.