<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

3½ Questions Before You Change Compliance Policy: Are You a Maverick?

3 min read
Nov 29, 2022

Compliance professionals are coached to develop, maintain and monitor their financial institution’s compliance policies. This includes monitoring regulatory change, keeping an eye out for new and evolving laws and regulations, and adjusting compliance policies to comply with them.

Before deciding to write new policies or edit existing ones, compliance professionals should be asking 3 ½ big-picture questions to help understand the impact of coming regulatory change.

3.5 Questions

  • Question 1:  What is management’s appetite for risk, and how does it relate to the new or changing law, regulation or recommendation?

    Beware of knee-jerk reactions. While monitoring industry regulation is a critically important component of every compliance organization, beware of creating policies off-the-cuff to fit specific regulatory mandates.  It will likely make more sense to develop a policy framework that can be managed and adjusted after considering all the potential risks and implications.

    It's especially important to ensure that any response to regulatory change aligns with the institution's risk appetite as defined by the board. The determined risk appetite should create the foundation for how to address new regulatory requirements.
  • Question 2:  Does the rule or regulation require a new policy, standard or process?  Does it require any reaction at all by your financial institution? 

    Being proactive starts with clarity regarding the differences associated with policies, procedures and standards.  A policy is the financial institution's definitive position on a specific issue to ensure consistency.  A standard is a specific measurable requirement that governs an operation or process to satisfy a policy.  A procedure is the recommended step-by-step instructions.

Related: Laws vs. Regulation vs. Guidance: What's the Difference?

  • Question 3:  Will the proposed compliance policy require major operating changes?  If so, look to fully understand implications and the execution realities.

    New policies call for alignment. While policies need to align with the strategic direction and risk appetite of the financial institution, they are not valuable policies unless your institution can effectively execute them. If new policies require a significant change in how things are done, that's a big conversation that requires buy-in from stakeholders before the policy goes into effect.  Reaching out to stakeholders will open up lines of communication to help discover potential problems before the policy is adopted. If you don't take the time to talk about the practicalities of execution, you could be setting up the organization to fail by establishing policies or procedures that simply don't work because they are impossible to follow.

Related: Are You an Aggressive Risk Taker? The Answer Might Surprise You 

  • Question 3 ½:  Is your organization prepared to absorb the change?

    Change that requires front-line or team member execution in order to be successful is never successful unless the team members fully understand the policy and how the changes affect their role.  We all know that too much change can get lost and ignored.  Posting a policy to the corporate shared drive can get lost and ignored.  Mentioning the change in a management meeting can get ignored.  Training aids can be lost and ignored.  In most cases, it is the tone from the top and management reinforcement (monitoring and active management) which helps to ensure execution. Setting the policy is only the start. You have to think through the absorption and incorporation realities of the new policy or procedure.

Bottom Line:  Today's regulatory environment is complex and moving quickly.  Regulatory change is our collective reality, and having a system to digest these changes is valuable in demonstrating that you are proactive.

Therefore, financial institutions have to be diligent about the evolving regulatory landscape.  It's all about change management. How your financial institution elects to interpret and incorporate new rules will directly impact your existing policies, standards and procedures.  Filtering any new policy through these 3 ½ "common sense" questions will exponentially improve your execution success.

MaverickRelated: Risk Management Master: Q&A with Ncontracts’ Mitch Klein

A different vantage point:  The movie Top Gun is an all-time classic.  There are lots of great quotes exchanged by Maverick, Goose, Viper and others.  In one particular scene, the officer in charge explains to the young, brash pilot played by Tom Cruise, ”Son, your ego is writing checks your body can’t cash.”  Maverick was taking on too much risk by his behavior.  When translated to regulatory compliance, the same basic premise holds true for compliance and policy updates. Don't write policies that your bank is not in a position to execute. New policies must be judged against your internal execution realities.  

What does an effective policy look like? Download our
free Sample Policy Template to find out?

Download the template

Subscribe to the Nsight Blog