<img src="https://ws.zoominfo.com/pixel/pIUYSip8PKsGpxhxzC1V" width="1" height="1" style="display: none;">

What Is Regulatory Change Management at Financial Institutions?

6 min read
Jun 15, 2023

Regulatory change management is the process financial institutions use to identify, evaluate, and implement new or amended rules and regulations. It’s designed to create an efficient, repeatable process that helps these institutions understand how new requirements affect their operations and modify their practices accordingly. 

Regulatory change management is a requirement component of a financial institution’s compliance management system (CMS). An efficient CMS has a method to actively monitor and quickly review regulatory changes, determine which rules specifically impact the institution, share these changes with affected business units, and develop step-by-step plans for writing, updating and modifying policies and procedures. 

The change management process is tailored to an institution’s size, risk profile, and complexity of products and services. In this post, we will delve into the six steps of the regulatory change management process.

the-change-management-process(The Change Management Process)

Table of Contents

Change Identification 

The first step in change management is identifying the change. Some changes are within management’s control, such as introducing a new product or reaching an asset-size or loan volume threshold. Other changes come from the outside, such as when Congress enacts a new law. Information can also come from reading lawsuits, regulatory guidance, speeches and blogs, or from influential organizations and pseudo regulators like the National Automated Clearing House Association (NACHA). 

No matter where the regulatory change comes from, it requires a comprehensive response. Effective tools and processes should be in place to identify these changes and allow enough time to create a comprehensive action plan. 

Identifying change is an onerous task. A compliance officer could spend all day, every day tracking and reading changes to regulations and still never get to them all—let alone interpret and implement them. Many financial institutions automate this task to free up compliance resources for the rest of the change management process. 

Impact Analysis 

Once a change is identified, it's important to understand how it will impact your institution. Not all regulatory activity will require action, but some changes, will have significant effects. 

To assess the impact, consider: 

  • What products/services/business activity will be affected?
  • Which systems are tied to the affected products and services?
  • What disclosures, rate sheets, marketing materials, and websites are tied to the product?
  • Which departments/people support this product or service, and how can they be included in the communication process?
  • Will you need a vendor to support your change, or can you manage it in-house?
  • How extensive is the change? 

After you've assessed the impact, create a time estimate for implementing the change. This will allow you to plan for resource constraints and give you a chance to learn from your estimates for future changes. 

Before moving on to complete the implementation or change management plan, identify any dependencies you may have on a specific department, person, or vendor. Knowing what might derail you along the way can help you prepare and possibly mitigate these risks.

Responsible Parties 

Change management is rarely a one-person job. It's essential to identify a team that can manage the change effectively from start to finish. The right team will depend on the nature of the change. For instance, implementing new technology may require IT professionals, while a regulatory change impacting small business lending would impact commercial loan officers. 

Identifying the right people is crucial. These individuals should ideally have expertise relevant to the change, possess strong leadership and communication skills, and demonstrate a willingness to embrace change. You'll need to identify the right departments too. In most financial institutions, this would typically include departments such as operations, IT, HR, and compliance. 

Once your team is established, assign responsibility for specific action items. Each person should understand their role and what is expected of them. Clarity on tasks and ownership ensures accountability and reduces confusion during the implementation process. 

The selected change management leaders should meet regularly to review progress, address any issues, and set priorities. Holding your team accountable is a fundamental part of this process. Clear expectations, regular check-ins, and feedback mechanisms can help ensure everyone stays on track. 

The board of directors and senior management also play a key role in overseeing the change management process. They need to be involved in strategic decisions, provide guidance, and ensure alignment with the organization's overall strategy. They also play a role in communicating the change to the organization, endorsing the change, and showing visible commitment, which is crucial for buy-in and successful implementation.

Action Plan 

Once you've determined the change's applicability, decide how the institution will act. The action plan should include: 

  • Researching the change 
  • Evaluating its impact on specific processes 
  • Updating policies and procedures as needed
  • Updating/conducting risk assessments
  • Planning communication
  • Developing staff training
  • Testing before going live
  • Monitoring to ensure all is well
  • Reporting progress to senior management/Board of Directors (BOD) 

Ongoing Communication 

Ongoing communication plays a crucial role in change management, especially when dealing with high-stakes changes that involve compliance, operational, reputation, and strategic risk. It's always better to overcommunicate than under-communicate in such situations.  

Keeping everyone apprised of the changes and progress is vital. Regular reporting to management and the board allows for effective governance and oversight. These reports should include: 

  • Change summary: Given the multitude of responsibilities that management and the board carry, it's essential to keep your reports short and to the point. Provide a quick summary of what the change is and why it matters.
  • Action plan progress: Report on how the action plan is progressing. Are the deadlines being met? Are there any issues with task completion or vendor deliverables? Surfacing these matters expeditiously and repeatedly will allow management to step in and assist where needed.
  • Challenges/issues: Any unexpected challenges or issues that could potentially derail the plan should be reported promptly. However, rather than just presenting these challenges, try to brainstorm solutions and make recommendations. This shows proactive thinking and helps management make informed decisions.
  • Budget reporting: If budgeting or cost estimates are part of the change process, report on these as well. Is the anticipated cost on track or off track? Are there any significant additions to the cost? If yes, why, and were the estimates off? 

Keeping a record of your reports is not only beneficial for historical data purposes but also crucial when demonstrating to examiners that the change was effectively and fully implemented. Save your point-in-time reports detailing what was done and when. This will be invaluable when you need to showcase your work to examiners and auditors a year or two down the line. 

Decisions made during the change management process, such as management choosing not to implement a change or your institution determining a change is not applicable, should also be documented. Remember to notate the reasons behind these decisions. 

Post Implementation Evaluation and Lessons Learned 

After the completion of a change, it's vital to conduct a post-implementation evaluation to assess the effectiveness of the change and identify any lessons learned. This evaluation should involve all relevant departments and stakeholders who can provide insights on the implementation process, and the effectiveness and efficiency of the changes made. 

This process is beneficial because it provides the opportunity to: 

  1. Identify any remaining gaps or issues that may need to be addressed. 
  2. Determine if the change met its intended objectives and was implemented within the anticipated cost and time frame. 
  3. Analyze the effectiveness of the change management process and identify areas for improvement. 

The post-implementation evaluation often results in valuable insights that can be used to improve future change management processes. Remember that change management is a continuous process, and therefore, constantly learning and improving from past experiences is essential. 

Key regulatory change management takeaways 

Change management in financial institutions is a dynamic, ongoing process that aims to ensure that changes are implemented effectively and efficiently.  

Change management is not just about complying with new regulations or adopting new technologies. It's about ensuring that the financial institution can adapt and thrive in a constantly evolving environment. It’s about managing risk effectively and providing the best services to consumers. Effective change management is a critical part of a successful financial institution's strategy. 

Remember, change is inevitable, but with a robust and effective change management process, your financial institution can navigate the changing landscape with confidence. So, embrace change and turn it into an opportunity for growth and development.


Change is a constant in the financial world and managing it effectively can significantly contribute to the success of your institution. For more insights into change management, download our free guide Navigating Change: A Comprehensive Guide to Effective Change Management in Financial Institutions. 



Subscribe to the Nsight Blog