With regulation becoming less rules based and more principles based, firms also need to adapt to a principles-based regulatory environment. Christian uses an interesting example about corporate hospitality and the possible conflict of interest that can arise. This example concretely highlights that the onus is put on the industry participants to interpret the rule. And the fact that, as Christian rightfully says, compliance experts "can no longer give definitive answers as to what is or isn't permitted"
. Again, I recommend reading his blog post here
As the certainty of the regulation is gradually fading away, as "the call on how to handle this new form of regulation has to belong to the business",
the need to capture the interpretation process and documenting the rationale behind key decisions is crucial. If the decision-making process is recorded, it's much easier to prove to regulators that fundamental principles have been taken into account in policies and controls and due consideration was given to the regulatory requirement.
The key here is eliminating 'human risk'. It's important to remember that interpretation is human based. People's thought processes and decisions can vary depending on a number of factors and over time, the specific rationale behind a key decision may be forgotten.
It's important for a financial institution to have the capability to capture the regulatory interpretation process and have a record of all conversations, the context, the personnel involved and the key decisions. This should all be captured as a by-product of the various workflows around policy or control documents. In the past, essential data points were almost impossible to trace. An issue that banks want to address via ClauseMatch.
The process and capabilities that compliance and business units use need to adapt to the change of approach from the regulator. These changes will be address with the right mix of people skills, process implementation and product capabilities. In order to ease the compliance burden and eliminate operational risk.
If you would like to know how regulated companies use ClauseMatch in their compliance and risk processes, don't hesitate to get in touch.