Change management challenges in financial services regulatory compliance

Key steps to effectively integrate organizational change

The disruptions that affected all industries in 2020 will forever reshape the financial services industry. With such changes come regulatory and public policy challenges and concerns, which in 2021 will begin to inform the future, altering our view of the course to take. 

Here, from the KPMG report Ten key regulatory challenges of 2021, we share insights related to change management.


Volatility experienced throughout 2020 is expected to continue well into 2021, forcing financial services companies to demonstrate agility in their change management processes. Many of the changes necessitated by the response to COVID-19, such as temporary rule changes and moratoriums, will be shortlived. Changes which had been in process, such as the shift to digitalization and adoption of ESG considerations, were significantly accelerated. And certain unexpected changes, such as remote work requirements and limited in-person customer access, offered financial companies (and consumers) an opportunity to see the possibility of operating in a new way and will likely change the future of financial services. Execution of these changes—and the underlying variety of policies and procedures, technologies, products and services, partnerships and alliances, risk models and business strategies needed to effect them—will be scrutinized by many stakeholders (regulators, investors, counterparties, customers). Regulators will look for documented and sound change management, consistent with firms’ governance structures, as well as ongoing compliance with laws and regulations, including consumer protections.

Regulators, too, have been forced to adjust their operations and will continue with frequent and ongoing requests to financial institutions given the voracity of change. Examination activities will include horizontal and firm-specific examinations (both targeted and full scope) based on a firm’s size, complexity, risk profile, and the industry and business focus of its customers. For most firms, supervisory oversight will remain greatly elevated. In response to the heightened disruption, examiners may conduct “streamlined reviews” in select areas of supervisory attention in addition to broader examinations in areas such as data and issues governance, cyber security, enterprise-wide risk management, fraud and financial crimes, consumer protections, and modeling and scenario analysis. (See additional sections within the Ten Key Regulatory Challenges for 2021.) Notably, regulators are increasingly adopting SupTech techniques, including machine learning and natural language processing, to monitor emerging trends in documentation submitted by supervised institutions and to help increase the efficiency of their regulatory examination processes.

Common challenges to any change management process:

  • capturing change
  • organizing changes and determining what must be monitored or actioned
  • mapping requirements back to a relevant point in time
  • threading and capturing an audit trail of the impacts to business, processes, policies, procedures, and controls
  • communicating outcomes across the three lines of defense.

Regulatory pressures

The OCC has specifically listed “change management over significant operational changes” among its bank supervision strategies for 2021. Areas of focus will include:

  • governance over new technology innovation and implementation, including cloud computing, artificial intelligence, digitalization of risk management
  • processes, and new products and services
  • changes in strategic plans
  • implementation of emergency stimulus programs
  • response to COVID-19-related operating conditions

Accommodations provided by regulators related to temporary operational and compliance changes in response to COVID-19 were intended to also be temporary, but as remote work and economic hardships continue with uncertain duration, regulators are beginning to expect firms to fully adapt their policies and procedures established during high operational shifts to assure safe and sound operations and compliance with consumer protection laws and regulations.

Regulators are enhancing their supervisory processes with SupTech applications, including machine learning and natural language processing, and have been able to repurpose certain applications to improve the efficiency and effectiveness of supervisory processes, including continuous monitoring of institutions, during COVID-19.

Heightened attention to data issues—sourcing, quality, storage, and privacy—as well as transparency in innovative technology applications and anti-trust concerns are focusing regulatory scrutiny on third-party acquisitions and relationships and new products and services.

5 actions to take

Given the continued and evolving change triggers, financial services companies need to establish firm governance and management routines to demonstrate their effective processes to identify and mitigate risks associated with transitions brought about by COVID-19. These processes, though established during times of high stress and operational impact, should be consistent with the firm’s governance structures.

Key steps to effectively integrate organizational change include:

  1. Identify drivers and applicability: Conduct horizon scanning to monitor change drivers (e.g., new vendors, product, delivery channels, regulatory obligations); determine change applicability to lines of business and/or products; identify and link changes to existing business and risk data.
  2. Assess impacts: Assess change for consideration of new or changed regulatory obligations; determine gaps in coverage or consistency and identify opportunities for convergence; analyze downstream effects to people, process, and technology.
  3. Design strategy: Identify short-term and long-term goals; develop requirements for changes, including training and communication plans for impacted stakeholders; design dashboard reporting and management protocols.
  4. Implement changes: Update and enhance policies and procedures, mapping templates, process flows, RCSA, and testing programs; enhance existing technology infrastructure; communicate change expectations and execute implementation program.
  5. Continuous monitoring and improvement: Perform monitoring and testing procedures; review change success KPIs/KRIs and assess complaint data; determine enhancement opportunities and remediation  approach for identified issues; continue to streamline and simplify business operations.

Amy S. Matsuo

Amy S. Matsuo

Regulatory and ESG Insights Leader, KPMG US

+1 919-664-7100