A regulatory change framework can help your business stay up to date with supervisory expectations. Nikhil Asthana and Martin Trotter explain how we provided assurance for a client and asks if you should be leveraging regtech.

The regulatory change landscape continues to shift faster than manual processes in financial services can cope with and increases the risk of non-compliance, or missing important strategic opportunities.

Our regulatory change assurance review and enhancement programme is designed to enhance your regulatory change framework. The aim is to enable you to understand weaknesses and plan a strategic change programme to meet the ever-evolving and complex regulatory landscape. In a practical example of this we outline how we supported a multinational Asset Manager, in providing assurance over their regulatory change framework and ultimately assessing if it was fit for purpose.

The challenge

The chief operating officer of a global, tier-one investment bank asked us to conduct an end-to-end assurance exercise on its regulatory change framework. Known issues in its regulatory change management lifecycle ranged from:

  • late identification of new regulations
  • incorrect impact assessment
  • deficiencies in governance, including lack of clear roles and responsibilities.

The client wanted to understand how effective or inefficient it was at delivering regulatory change and asked us to highlight any weaknesses within its framework.

We reviewed the client’s existing methodology against industry best practice to assess how robust and fit for purpose the framework and associated sub-processes were, and how well it met the client’s complex global footprint. Steps included:

  • expert review of changes
  • getting the necessary approval for changes
  • escalation to the right committees or stakeholders for decision making.

The solution

Understand the business

The first step in the review was to gain a clear understanding of the client’s relevant business, activities and services. We reviewed the relevant policies, procedures, processes, governance structure (including committees’ terms of reference), held interviews with stakeholders, and reviewed previous and live regulatory changes.

Assessment across six key areas

Using our regulatory change framework as a baseline comparison, we assessed the efficiency and effectiveness of the client’s regulatory change framework in six areas:

  • Governance
  • Horizon scanning
  • Impact assessment
  • Implementation planning
  • Project management
  • Business as usual (BAU) transition

Each area was scored to identify the maturity of the process and technology on a scale of immature to good practice.


The scorecard measured:​

  • where the framework meets or exceeds standards​
  • discrepancies and irregularities in the framework approach and processes
  • how well the framework is embedded and understood by those executing it.

Results, rationale and recommendations

The assessment was undertaken through our regulatory change maturity matrix, which sets out the maturity level of each of the six areas.


The client was given detailed rationale for each score, with observations and recommendations. Implementing these would bring a number of potential improvements to the regulatory change process, such as:

  • enhancing the governance structure and documentation
  • streamlining and improving the ownership of the horizon scanning process, ensuring roles and responsibilities are fully documented
  • standardising the approach and documentation against a defined target operating model when conducting impact assessments
  • having a repeatable, consistent and well performing regulatory change process
  • enhancing management information for measuring the regulatory change process.

In one example, we identified that the governance of the client’s regulatory framework had a low score due to lack of documentation, no clear ownership in terms of who should be responsible, accountable, consulted, and informed (RACI framework). The agenda of the regulatory change committee meetings were also not well structured and there was a lack of accountability.

We provided details around these recommendations, as well as a timeframe for resolving the gaps, including a best-in-class design and high-level process for regulatory change, and recommending first and second line accountabilities.

The result

For the regulatory change framework, the client now better understands how it benchmarks against best practice, providing stakeholders with a more tangible overview of baseline expectations. They are now able to clearly see the gaps in their framework and can act on recommendations of how to address those gaps to achieve a more robust process.

Through close collaboration and clear communication with our client, we foresee a streamlined regulatory change management process to support operations and ensure compliance as regulations continue to evolve over time.

Should you be leveraging regtech?

In reality no regulatory firm or advisory firm has created a one-size-fits-all approach to using regulatory technology (regtech) to strengthen compliance processes. Internal factors, external factors and business-specific variables hugely affect the decision on whether or not to implement tech-enabled processes.

It's clear, however, that technology does play a significant role in reducing complexity for firms with global and complex regulatory footprints. The newer crop of regtechs or regtech 2.0 have established a sound workflow to cater to firms with intricate legal entity and product line structures.

The leap forward in best practice has been a mindset change in terms of acknowledging that technology has a part to play. But firms are still catching up on implementing this change in both process and behaviour. The best place to start is to know where your firm stands: by reviewing your processes and identifying the practices that demand manual work and are resource-intensive.

Designing a solution can be complex and requires implementing strong governance frameworks alongside the technology. Firms need to understand that horizon scanning and regulatory change span the business, and therefore require a range of expertise. This includes professionals who understand regulatory and business problems, data and technical requirements, and others who can interpret that information and deliver a robust technological solution.

About the team

We understand the importance of having the right framework to support compliance, performance, and achieve strategic goals.

Nikhil Asthana

Nikhil Asthana