of its compliance program really comes down
to asking three foundational questions:
1. What are the laws and regulations that
you are beholden to across all of the
jurisdictions in which you operate?
3. Are you confident that you’re adhering to
5. Can you prove your compliance to a third
party, e.g., internal audit, your board of
directors, and your regulators?
Essentially, are you
monitoring, are you
testing, and how do you
prove that you’re doing
any of it?
The answer to
the first of the three
questions may lie in
fully developing your
regulatory library. What
exactly is this resource,
and why is it important?
The regulatory library
is a foundational
aspect of your program,
the development of which accomplishes the
task of getting your arms around the full
contingent of regulations critical to your
business, determined by the jurisdictions in
which you operate, the composition of your
firm, and the products that it offers. Although
developing this set of rules is a daunting task,
it is not insurmountable.
A complicating factor is that the
regulatory environment is in constant flux.
Last year alone, more than 20,000 regulatory
changes were catalogued globally across
600 jurisdictions within the banking,
insurance, and securities verticals. And there
is no evidence that the pace of regulatory
change will be substantially stemmed by
the Trump administration’s promise of
regulatory rollbacks. In fact, any rollbacks
present compliance officers with regulatory
uncertainties that, in turn, need to be assessed,
vetted through the legal department and
the business stakeholders, and, ultimately,
Developing your regulatory library
A comprehensive regulatory library will serve
as the backbone of your compliance program.
From this, your firm can connect policies
products, as well
and all compliance
departments, to assess
risk across the firm.
A fully articulated
program allows you to
see across the business
and manage the impact
of regulatory change.
Getting to this end
state is, admittedly,
So, where does one start? To know where
to begin, you must first know where you
are. Although this sounds a bit self-evident,
a thorough assessment of current process,
people, and practice is necessary. We find
that clients of varying sizes across all of
our financial services verticals—insurance,
securities, and banking—struggle with the
same issues and, indeed, all fall somewhere
within a regulatory change maturity model.
Self-assessment and internal due diligence
are necessary to determine where you are on
this continuum and to help you determine
the steps necessary to reach the next level.
Regardless of where you are on the regulatory
compliance “maturity model,” there are sound
steps you can take to improve the process.
Last year alone,
more than 20,000
globally across 600
the banking, insurance,