Home » Regulations » Regulations need industry collaboration

Regulations need industry collaboration


Sarah Christman

GradIRM and ERM in Banking and Financial Services SIG

Sarah Christman, a Senior Risk Professional at The IRM’s ERM in Banking and Finance Special Interest Group answers questions on why collaboration amongst industry is necessary to deal with regulations.

How are risk managers and professionals dealing with the influx of regulations coming into play in 2018 and beyond?

We are connecting. Risk professionals are recognising that we can solve these challenges better together. We are attending round tables and industry events, we are talking to firms that have already made the journey, and we are consulting our second-line peers and professional services firms.

Although your firm’s specific approach can bring competitive advantage, the basic behaviors and outcomes the regulatory changes are aiming for – like transparency and better decisions – are universal and can be benchmarked across firms.

Within many firms, our teams are also growing or shifting in their priorities. Keeping up with the pace of change and supporting multiple regulatory projects is putting a strain on teams. We are looking for ways to free up skilled people and automate routine tasks. Our last event on Artificial Intelligence in Risk Management explored how AI can augment our capabilities. Risk professionals should be exploring their options to use AI to help manage new and existing regulation.

What advice would you give to these professionals?

Our Special Interest Group (SIG) Advisor, Markus Krebsz, puts it eloquently. The purpose of risk management is to ensure survival with long-term, sustainable benefits. Don’t make your efforts solely about complying on the day new regulations go into effect. Seek out the benefits and positive changes you can bring to your organisation as part of your change activities. Be thinking about the continuous improvements that can follow to ensure the change is sustainable well into the future.

Educating yourself is the key to success: read the regulations, learn about the historical context that brought the changes.

Educating yourself is key to success: read the regulations, learn about the historical context that brought the changes in, study what the regulators have said in consultation papers and speeches. Talk with others in your firm and across your industry and profession and seek out diverse points of view and interpretations. The more you understand about why the changes were put in place, the better you can find the overlap between satisfying regulators and tailoring the response for your firm.

How important is it to have a skilled workforce, when it comes to dealing with financial services regulations?

It is important, but we must also be mindful that we look for the right skills. When risk and compliance professionals are at our best, we are simplifying things for our firm. We empower people to make better decisions, to find and implement the best solutions when we strip out the jargon and make things simple. But, getting to that simple view of what is needed and what options are available, often requires more complex research and analytical skills, plus nuanced interview and communication skills.

What is the biggest trend you’re seeing from an industry standpoint?

There are many trends coming to light, which interact with and overlap each other. Members of the SIG have highlighted the top 10 risk exposures they see impacting financial services:


  • Brexit – political decisions lead to highly uncertain consequences for business models and economic environment, disrupting ability to plan and execute strategy
  • Market – effects on interest rates, currency fluctuations, valuation of financial instruments made more uncertain by dependency on Brexit
  • Regulators – failure to address the core and enduring issues in industry and markets in a sustainable manner and so failing to protect consumers, ensure market integrity or enable competition


  • Cyber – well-funded or state-sponsored hacker attacks exceed our ability to defend, identify, and quickly contain/respond. The consequences are made worse by potential for worldwide GDPR fines if control failures are found
  • AML – well-funded or state-sponsored money launderers exceed our ability to defend, identify, and quickly contain/respond. The scale of the problem is made worse by the rise of cryptocurrencies and the unsuitability of traditional controls for new money


  • Resilience – operational discipline eroded by high pace of change and transformation results in less-resilient people, processes and systems; this is worsened if organisation agility is low
  • Conduct – (in)action of an individual firm or industry can result in consumer detriment, negatively impacting market stability, or restricting effective competition – See Wells Fargo
  • Regulators – failure to explain business practices and constraints in a clear and compelling manner encourages underqualified and overzealous regulators to develop burdensome rules


  • Competition – existing or emerging organisations leverage new technology and its applications more quickly or effectively, eroding market share and profitability
  • Complexity – business models and extended enterprises increase in complexity is accelerated by reliance on black box tech and integration of poorly understood tech, exceeding management’s ability to oversee.

Core SIG members: Oliver Breen, Nousheen Hassan, Shiva Keihaninejad, Darius Mayhew, Ipsita Pradhan, Raza Sadiq. Learn more here

Next article