Transcription
Navigating regulatory riskThe role of the regulatoryliaison officeDeloitte Center for Regulatory Strategies
Executive summaryOver the last five years, as new laws, regulations, and otherguidance were introduced, banking and securities firmsrecognized the need for more visible and strategicmanagement of their complex regulatory relationships.As more and more questions continued to flow fromregulatory agencies, it became clear that the currentmethods of regulatory response may not have been asefficient and proactive as possible.In response, some firms created a Regulatory Liaison (RL)position (sometimes referred to as Regulatory AffairsOfficer, Head of Regulatory Relations, etc.), whichcombined a sound understanding of the organization’sbusiness with an appreciation for the regulatory agencies’supervisory processes. Executives often came to these rolesas experienced regulators, or risk and controlmanagers. Other firms took a different route, making theliaison role a responsibility of the Chief Operating Officer(COO) or Chief Administrative Officer (CAO), reporting intothe Chief Executive Officer (CEO). Still others took a stepfurther and created a Regulatory Liaison Office (RLO)outfitted with staff.1Today, the regulatory environment that spawned manyliaison initiatives is even more complex, with strongerengagement from banking and securities regulators.Continuing shifts in the regulatory landscape, such as BaselII & III, the Dodd-Frank Wall Street Reform and ConsumerProtection Act, and the creation of the Consumer FinancialProtection Bureau, affect virtually every financial institution in some way. This has led to an emerging recognitionamong firms that regulatory risk is a relevant part of theorganization’s risk framework.
What is the role of a RLO and its leadership?Some forward thinking firms consider the RL role to beintegral to the executive management team. Indeed, RLitself is undergoing a transformation as major financialcorporations look to enhance their communicationswith regulators, and effectively represent their franchiseand quality control processes, and serve as a conduit foridentifying, escalating, and mitigating areas of regulatoryrisk.As a result, many of the executives in charge of RLOshave been raised significantly in stature in their respectiveorganization — along with the standards for who fills theseroles. Leaders with broad knowledge of the organization’soperations — and who understand regulatory points ofinterest — have become the top contenders to lead theseefforts.In practical terms, the organization’s RL should act onbehalf of executive management and the board ofdirectors as a central point of contact with regulators. Assuch, he or she should consider serving as an effective andtrusted liaison for regulatory risk management matters.Policies should clearly articulate the RLO’s process forengaging with the organization’s regulators, so that thereis coordination with other executive leaders as situationswarrant.It is important to note that the establishment of anRLO does not preclude other members of executivemanagement and selected lines of business fromcommunicating with the organization’s regulators. In fact,the executive management team should develop their ownrelationships with regulators and work under commonprotocol and standards. That said, the RLO can coordinateand enhance those communications to reduce thepossibility of regulatory misunderstanding or inconsistentmessaging, without controlling communication onlythrough the RLO. Having this RLO will help to ensure thatthe organization speaks with one voice to its regulators —a voice that is consistent and transparent. In turn, the RLOshould understand the implications of regulatory messagesand help to interpret them back to the business.RLO structure and leader requirementsTypically, the function of a RLO usually reports to either theChief Risk Officer (CRO) or to the Chief Compliance Officer(CCO). In some cases, however, it reports to anothercomparable function within the C-suite, such as the COOor CAO, or a regional management office in the case offoreign banks. Like any other risk control organization,the RLO is a department comprised of staff to executeboth its tactical and strategic responsibilities. The RLOleader should be a senior executive with the organizationalreporting stature and who has experience to be credibleand effective in dealing with executive management andthe board, as well as with regulators.The objective of the RLO is to achieve a more informed,efficient, and effective examination process across theorganization, and to help maintain a relationship of trustand transparency with the organization’s prudentialregulators. This can foster a benefit-of-the-doubtscenario for the organization. The RLO typically guidesan organization’s regulators to the applicable sourcesof experience within the institution, helping to avoidcontradictory or uninformed responses from management.Organizations that are considering the creation of anRLO should take the time to get input from internalstakeholders to achieve management buy-in and ensurethat expectations are clearly set and understood. Mostimportantly, the executive chosen to lead the RLO shouldbe able to influence management and the board — andbe a change agent for the organization. This requires theability to help correct a course of action (or inaction) thatmay be detrimental to the organization’s future regulatoryrelationships and broad regulatory risk issues. Attentionto detail is essential, along with the flexibility to changepriorities as new situations present themselves. Excellentverbal and writing skills are equally as critical to this role.Navigating regulatory risk The role of the regulatory liaison office 2
In addition to being a good communicator, a potentialcandidate to lead the RLO should have a diversebackground, with practical risk and control experience,and expertise in one or more of the risk disciplines (such ascredit, market, and/or operational risk). Relevant regulatoryexperience is almost mandatory for the organization tobenefit from an understanding of how regulators think andrespond to different matters of interest.Finally, the role of the RL and RLO has both strategic andtactical dimensions. An effective leader should possessa strategic vision, while maintaining a strong tacticalfoundation to address issues as they arise.Strategic approachCentral to the RL and their RLO’s strategic approach istheir ability to advise the organization on how current andproposed business activities will be affected by shifts inthe regulatory landscape. In addition to understanding theimpact of the business’ strategy on the inherent regulatoryrisk of the organization, the RLO needs to understandthe expectations from their regulators as to how theorganization can mitigate that inherent risk. The RLOshould be able to anticipate regulatory challenges basedon the organization’s strategy and risk appetite. In someinstances, input from the RLO may help craft, change, orredirect the organization’s approach.To facilitate this forward-looking approach, the RLOshould have the capacity to monitor and analyzeregulatory developments and help determine what partsof the organization may be affected by new regulatoryinitiatives. To help perform this, the RLO should developa strong network of internal and external contacts togather intelligence regarding developing areas of intereston the U.S. and international regulatory agendas. Activenetworking with peers at other financial institutions andmemberships in industry organizations are also effectiveways to remain informed. This kind of active marketplaceinvolvement will help identify emerging issues anddetermine the regulatory impact to the organization.3This proactive posture will allow time for targeted internalassessments of risk areas and the implementation ofrequired changes before full-blown regulatory issuesdevelop or regulatory changes occur. Depending uponthe size of the institution, these efforts may need to besupported by both regional and country teams. Countryteams will understand local regulations, allowing the RLOto achieve an aggregated view of regulatory change acrossmarkets, and what it means globally for an institution. Thisis essential for achieving a common approach to regulatoryrelationships and issues across the organization.Understanding strategy in the context ofMemorandums of UnderstandingContributing to the strategy of the RLO, a focus on homeprudential regulators is important, but the RLO cannotlose sight of its host regulators’ requirements in othercountries where the organization does significant business.Information sharing agreements, known as Memorandumsof Understanding (MOUs), between and among homeand host regulators, is commonplace today. MOUs giveregulators insight into both foreign and domestic activities.Governments and regulators have conducted “Colleges,”which are meetings held on a quarterly or semi-annualbasis among the primary country regulators supervisingthe organization. For example, during the financial crisis,countries like the United Kingdom requested that thehome and primary host regulators of institutions meet toshare information about the institutions they supervise inorder to avert future systemic risk issues.Intermittent conversations among an organization’sregulators are common, which increases the importanceof communication between the organization and its ownprudential regulators on a consistent and timely basis.Regulators want to know what is happening in otherparts of the organization, regardless of location, with fullvisibility to the potential effects on the organization. Ofparticular interest is the impact that foreign oversight mayhave on the legal entity which they regulate. The RLOshould be able to speak on an intelligent and informedbasis to regulators regardless of home or host location. Inaddition, the RLO should have a good rapport with all ofthe institution’s regulators in order to stay informed aboutintra-agency meetings, issues, and concerns.
An effective RLO will promptly add value by improvingthe communication and coordination of regulatoryrisk activities across national and multinational firms,including within individual business units and regions. Inaddition, the RLO should build transparent and detailedapproaches to identifying, monitoring, and reporting onmatters of regulatory risk. Having personnel from the RLOin all regions, coordinated through global reporting lines,will help facilitate the acceleration of delivery of criticalregulatory information to the home office. This centralizedinformation flow can be invaluable to senior managementas an early warning indicator for emerging issues.Regulatory relationships — development,communication, and managementAn RLO should develop a formal communications plan —extending to all regulatory agencies — to facilitatescheduling of important meetings and promotinginformation-sharing at all levels of the organization (seeFigure 1). The plan should address requirements for theboard of directors, executive management, and senior riskmanagement at the corporate level. This includes takingthe view that your approach to your regulator is just likethat of your top client — with targeted points of contact,a communications plan, and an integrated approach todelivering your institution’s messaging.Figure 1. Regulatory Liaison Plans map board, senior management, and other regulatory liaison roles to key regulatory contacts andprovide protocols for frequency and type of communication.BoardKey contactsKey regulatory contactsRepresentative communications Chair, Audit Committee Chairman and CEOBoard of Governors Lead Federal Reserve Governor Strategic plan and results against plans Significant and material governance, risk, andcontrol concerns in US/non-US businessesFederal Reserve Bank Central point of contact team leadSenior manager Chairman and CEO COO General Counsel CRO CCO CFO Heads of key businessesBoard of Governors Director, Division of Banking Supervisionand Regulation Deputy Director, Division of BankingSupervision and Regulation Associate Director, Large InstitutionsGroup LegalFederal Reserve Bank President Bank supervision General Counsel Relationship manager, team leader Central point of contactRegulatory relations –liaisons CCO CRO Regulatory relations CFO Heads of key businessesBoard of Governors Bank supervision, board analystFederal Reserve Bank Bank supervision relationship teams Bank supervision (central point ofcontact) Central point of contact team lead Headline issues/provide escalation regardingsignificant and material news to key regulatorycontacts Strategy of supervision/evolving holding companystrategy Operating model of bank/key functions Ongoing financial/operating results Significant governance, risk, and control concernsin US/non-US businesses Escalation of items in outstanding applications orapprovals Responding to material examination issues duringthe examination processes Business leaders/functional/support group leadersin overviews and governance, control discussions Organizing information exchange protocols(e.g., electronic or hardcopy transfers) Responding to logistical requests Coordinating ongoing risk and financial reportingwith on-site teams Responding to informal (ad hoc) and formal(information request letters) and first-day lettersfor targeted examinations Seeking clarification of requests Ongoing weekly or bi-weekly status meetings asprotocols are builtNavigating regulatory risk The role of the regulatory liaison office 4
In creating the plan, the RLO will map organizationcontacts from across the institution and C-suite to theirregulatory counterparts, and provide protocols for thefrequency and type of communication required. This willinvolve establishing a schedule of recurring meetingsbetween the organization and its regulators. Theseregularly scheduled meetings send a strong signal toregulators that the organization takes its regulatoryobligations seriously.Tactical foundation for executing the strategyThe RLO is also responsible for day-to-day managementof relationships with regulators, including examinationcoordination. Specifically, a primary point of contact withinthe RLO should be available for a regulator during anexamination. This contact is responsible for coordinationand oversight of various aspects of the examination, withsome delegation as appropriate, depending upon the sizeof the review.In support of its examination oversight responsibility, theRLO should establish a formal examination managementprogram, which may be centralized or decentralizeddepending upon the size of the organization. Regardlessof the chosen approach, the following items should beconsidered in order to promote a smooth examinationprocess: Process for responding to regulator requests Meeting scheduling and participation Logistics preparation and coordination (e.g., provisionof space, location, equipment, and technologyconnections) Control of management information submissions Assessment of lines of business preparedness for theexamination process Coaching of lines of business on examination protocol Examination response quality control Process for issues escalation Process for monitoring the full lifecycle of a regulatoryissue that is identified (with the same discipline andrigor of an operational risk or internal audit issue – fromidentification to closure to validation)5Information managementThe RLO should establish and maintain policies surroundingregulatory interaction and exam management. Thesepolicies will help standardize interaction with the regulatorsacross different lines of business and regions within theorganization.The RLO should determine what tools are required toexecute its responsibilities. For instance, tracking meetingsand information deliverables is critical. It’s not unusual tohave in-house systems in place or systems that combineboth automated and manual applications. Establishment ofregulatory portals that house meeting and issue trackers,respectively, are common.During current examinations, the RLO should use an examtracker to monitor regulatory requests. This tool will assignownership and track progress for each request. The examtracker will also keep a record of requests for meetings andinterviews which the regulators may want to hold duringthe examination.The RLO may also manage the issue tracker, whichcaptures issues from many different sources of information,including regulators (e.g., Matters Requiring ImmediateAttention (MRIA) and Matters Requiring Attention (MRA)),legal, compliance, audit, individual business lines, orthe RLO itself. The issue tracker can be used to identifysystemic problems and underlying causes. In addition, itcan help drive single solutions for commonly experiencedissues across various lines of business. This topical overviewhelps the organization understand the impact of riskand any breakdown in compliance and control systems.The issue tracker should assign an issue owner and trackremediation responses, remediation progress/milestones,and, if applicable, results from testing and monitoring ofcontrols in place to remediate.
The RLO may also benefit from a regulatory pipelinetracker to follow pending and proposed legislationthat may likely affect the organization in the future.Forecasting and staying ahead of these new rules will givethe organization additional time to implement requiredcompliance processes and controls. In some instances,the RLO may be able to influence regulatory guidance inthe comment stage by having a member seat at the table,who responds on behalf of the organization. Being able toenvision the big picture of regulatory change will help theRLO when making strategic decisions about future events.Working closely with the organization’s legal and lobbyingdepartments is beneficial in this regard.The RLO should consider establishing organization-wideoversight of regulatory relations to ensure effectivemonitoring of examination activities, and to identify andto escalate issues to senior management in real-time.This will also enable the RLO to report to managementand to the board in a timely and effective manner. TheRLO should develop a proactive approach to regulatoryinteractions, ensuring full visibility into what is happeningin the business units, and allowing for a “no surprise”environment.Getting to the next levelA well-staffed, focused, and highly regarded RLO withthe proper executive leadership can be an effective wayfor an organization to manage regulatory concerns andspeak with a single voice to the regulators, who overseean organization’s operations. Regulatory managementis critical in today’s fluid and demanding regulatoryenvironment and is no different than any other riskdiscipline that requires an investment. Investment in a RLOwith the proper organization-wide stature, gravitas, andreporting line can increase an organization’s credibilitywith their regulators and may reduce misunderstandingsrelated to issue remediation. Quantifying value in terms ofabsolute dollars may be difficult, but improved regulatoryrelations should evidence itself promptly and be the besttell-tale sign of value. In today’s climate of fast-pacedchange and increased scrutiny, it may very well be anecessity.The RLO may also develop dashboards for reportingto management and the board, highlighting specificregulatory interactions with examiners, key regulatoryfindings, and other notable changes in the kertrackerNavigating regulatory risk The role of the regulatory liaison office 6
To learn more, contact us:Irena Gecas-McCarthyPrincipalDeloitte & Touche LLP 1 212 436 5316igecasmccarthy@deloitte.comPeter ReynoldsDirectorDeloitte & Touche LLP 1 973 602 4111pereynolds@deloitte.comTom RollauerExecutive DirectorCenter for Regulatory StrategiesDeloitte & Touche LLP 1 212 436 4802trollauer@deloitte.comTerry SchwakopfSenior Advisor toDeloitte & Touche LLP 1 415 783 6788tschwakopf@deloitte.comThe Center wishes to thank the following additionalDeloitte professionals for their contributions and support:Katie Alldian, senior marketing specialist, Deloitte Services LPKristy Coviello, senior marketing manager, Deloitte Services LPNancy Holtz, senior graphic designer, Deloitte Services LPBeth Leesemann, marketing manager, Deloitte Services LPSusan Jackson Redman, senior manager, Deloitte & Touche LLPAbout the Deloitte Center for Regulatory StrategiesThe Deloitte Center for Regulatory Strategies provides valuable insight to help organizations in the financial services, health care, life sciences, andenergy industries keep abreast of emerging regulatory and compliance requirements, regulatory implementation leading practices, and other regulatory trends. Home to a team of experienced executives, former regulators, and Deloitte professionals with extensive experience solving complexregulatory issues, the Center exists to bring relevant information and specialized perspectives to our clients through a range of media includingthought leadership, research, forums, webcasts, and iesThis publication contains general information only and Deloitte is not, by means of this publication, rendering accounting, business, financial,investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor shouldit be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect yourbusiness, you should consult a qualified professional advisor.Deloitte shall not be responsible for any loss sustained by any person who relies on this publication.About DeloitteDeloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms,each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure ofDeloitte Touche Tohmatsu Limited and its member firms. Please see www.deloitte.com/us/about for a detailed description of the legal structure ofDeloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.Copyright 2013 Deloitte Development LLC. All rights reserved.Member of Deloitte Touche Tohmatsu Limited
In response, some firms created a Regulatory Liaison (RL) position (sometimes referred to as Regulatory Affairs Officer, Head of Regulatory Relations, etc.), which combined a sound understanding of the organization's business with an appreciation for the regulatory agencies' supervisory processes. Executives often came to these roles
