Online: Neues Denken: Regulatorisches Verständnis als Überlebensfaktor für Institute
For decades, the German Federal Financial Supervisory Authority (BaFin) has regularly published new regulations and requirements for financial institutions. As a rule, these institutions respond to new publications with projects that thematically address the current innovations and provide individual solutions. This should actually ensure that changing regulatory requirements are also implemented effectively in the institutions. But is this really the case?
Institutions spend a significant portion of their change budgets on regulatory projects each year and allocate a large amount of valuable staff capacity to these projects. Despite this, special supervisory audits in recent years often result in serious findings and downstream supervisory sanctions (capital charges, warnings, participation in the supervisory board, etc). Obviously, the solutions developed by the institutions with good intentions and a high investment of resources do not meet the expectations of the supervisory authority on a broad front.
What is the reason for this discrepancy between the existing supervisory expectations and the institutions' existing understanding of solutions? Whereas earlier supervisory regulations appeared to be more like individual pieces of work standing side by side, these have been growing together for years at the European level to form an increasingly integrated overall system of risk-oriented corporate management. This begins with the necessary seamless integration of individual strategies at the corporate level and extends to the integration of technical/organizational solutions that were previously considered rather separately, e.g., the merging of IT inventories with structural analysis and outsourcing management. In this context, the supervisory authority is increasingly attaching great importance to an end-to-end systemic interaction of measures, including the appropriate involvement of management, and less to the isolated optimization of individual sub-measures!
In contrast, in the practice of the institutions observed, topic-oriented individual projects with little cross-topic networking and thus a lack of technological/process integration (silo solutions) continue to dominate. The implementation of individual partial solutions is usually staggered and the (new) risks resulting from the transition periods are generally not identified and managed transparently. As a result, management often does not have an adequate overall view of the risk situation.
In the course of special audits, the supervisory authority often concludes from this that the management has failed to organize. The vehemence and uncompromising nature of the special audits currently being carried out show a growing impatience on the part of the supervisory authorities and a strong motivation to get the institutions to rethink and act in a holistic, risk-oriented manner, including by means of coercion.
In this context, it becomes clear what danger institutions face from a traditional understanding of solutions and disintegrated procedural models, as the means used for this are hardly suitable for achieving the holistic level of management desired by the supervisory authorities. In this respect, a more sensible business management of their own "cost of regulatory compliance" is becoming a survival factor in the currently still tense earnings situation of most institutions.
How can this rethinking succeed? The key to improving the situation lies in the willingness of institutions to view the regulatory framework and its development dynamics from different stakeholder perspectives and to understand its underlying motivators. This requires looking beyond one's own institution.
The event will help participants gain a deeper understanding of the current regulatory situation as well as the influencing environment in order to understand the "philosophical pattern" behind current regulatory pronouncements and translate it into concrete requirements for solutions. This overall context can then be reviewed on an institution-specific basis for its existence and degree of coverage, and risk-oriented priorities for action can be better derived from it. This is also a useful tool for discussing self-imposed priorities for action with ongoing supervision.
The digital workshop will be led by Christian Moerler, Managing Director of Severn Consultancy GmbH, Frankfurt. He has more than 20 years of management experience in the international financial market and is responsible for numerous success-critical projects for the implementation of regulatory requirements in leading financial companies. He regularly accompanies the preparation and implementation of §44 special audits and annual audits as well as the implementation of projects to restore regulatory compliance after audits.
The requirements and solutions discussed at the event may also contribute to improving the audit situation of the institution in the course of the 2021 annual audit.
The target group of the event is business managers as well as division managers of the departments "typically" affected by MaRisk topics such as information technology, information security management, compliance, information risk management, audit and outsourcing management of BdB member institutions.
Participants will have the opportunity to discuss practical issues in the context of an exchange of experiences and to learn about concrete impulses and best practices for their own institution.
Please note, workshop language is German.