By, Elva Coffey-Sears
Change is the only constant in life – just ask any compliance officer! On any given day, a compliance officer faces a myriad of internal and external changes and needs to have a defined process for evaluating the impact on the level of compliance risk facing the institution. Regulators expect every financial institution to maintain a disciplined and sustainable process, commensurate with its size and complexity, to manage change.
While an effective change management process will include the actions listed below, the steps necessary to be completed for each change will be determined by the significance and/or complexity of the change.
- Monitor: Define reliable sources and establish a consistent process to monitor both the external and internal environments for changes that may impact the institution. External sources may include regulatory agencies, trade groups and service providers. Internal sources include the board and senior management, line of business management and committees for product development and system selection.
- Identify: Identify the departments, products, systems, risk assessments, policies and procedures, disclosures, and personnel, etc. that may be affected by the change.
- Communicate: Distribute information summarizing the change, provide ongoing status reports during planning and implementation and publish the results of post-implementation testing to the board, senior management and other impacted areas of the institution.
- Engage: Establish a working group with representation from affected departments and the other control groups within the institution such as legal, audit, risk management, accounting, human resources and information technology. The working group develops an implementation plan, assigns accountability and due dates for tasks to be completed under the plan and monitors the status of completion by the defined due date.
- Train: Provide training to the board and senior management, frontline personnel and support staff.
- Implement: Obtain all necessary approvals and confirm all tasks identified in the implementation plan are complete.
- Test: Perform post-implementation testing to confirm actions taken under the implementation plan have achieved desired results.