Managing Regulatory Change in 7 Simple Steps

By Casey C. Sullivan, Esq. on January 04, 2017 | Last updated on March 21, 2019

The federal regulatory environment is primed for some significant changes. With a new Congress beginning its first session today, and a new presidential administration beginning in just a few weeks, there's a lot of regulatory shifts coming -- even if those changes don't come immediately.

Yet, if change is certain, the shape that it will come in isn't. We don't know, for example, how Dodd-Frank will mutate in the new political climate, or what a company's legal obligations will be under a post-Obamacare regime. But that doesn't mean you're completely rudderless. Thomson Reuters has a handy map for managing regulatory change and its ensuing risks. (Alright, it's an infographic, not a map.) Here's a brief overview of the steps.

1. Know the Environment You're Working In

The Thomson Reuters infographic is targeted at financial institutions, but we think it has benefits for in-house and compliance professionals in just about any industry. The first step when dealing with new regulation, whether local or global, is to familiarize yourself with your regulatory environment. That means knowing existing rules, possible changes, and how compliance efforts are being addressed throughout your industry.

2. Map Your Organizational Structure and Policies

This step requires identifying "risk categories and taxonomies." You'll want to know the areas of the business, its existing policies, and its procedures that might be affected by regulatory changes. Does it open new business opportunities? Change regulatory risks? Require engagement internally and externally?

3. Evaluate Regulatory Impacts

How will new regulation apply to your business? What sort of compliance risks will it bring? Who internally will be in charge of dealing with these new rules?

4. Assess Possible Impacts

Step three is about evaluating impacts; step four is about confirming and assessing those possible impacts. You'll want to make sure that assessments have been performed, action plans have been created, and that resources are in place to manage the change, among other tasks.

5. Manage New Policies

Here, you want to make sure that controls are in place to allow you to monitor regulatory risks. This means verifying that the proper policies have been created, updated, and implemented, communicated to employees, and reinforced through training and deployment.

6. Monitor and Audit Risk Controls

Dealing with regulatory change isn't a onetime thing. It's essential to have a monitoring plan in place to make sure that risks are assessed and managed.

7. Make Sure There's Reporting

Finally, you'll want to ensure comprehensive reporting. This allows key issues to be raised to senior management, while also identifying opportunities, risks, and insights in dealing with a changing regulatory environment.

Granted, this process isn't actually simple. It requires quite a bit of work. But it sure beats the alternative -- avoiding preparation until it's too late.

Related Resources:

Copied to clipboard