Regulatory compliance is a constant challenge, as banks must ensure fulfillment of the rules while avoiding excessive effort and subsequent overspend. By entering into mutually beneficial communities with industry peers, banks are able to share strategies and generate industry best practices, subsequently helping them strike the difficult balance between compliance and cost control.
A number of international banks were working to adapt internal policies and IT frameworks to comply with new regulatory requirements on critical systems framework issued by the Monetary Authority of Singapore (MAS).
Most banks realized that it would require significant investment and effort to change internal processes and technology capabilities to comply with the MAS rules, and planning effectively would be difficult without establishing an industry baseline.
How Expand helped
Expand supported its clients by aiding the working group with setting out an effective common approach to comply with the new MAS guidelines.
To do so Expand identified best practices and performed a comprehensive analysis of the different approaches that firms were taking. The analysis identified that, by differentiating between internal and external dependencies of critical systems, firms were able to modify existing internal lists to satisfy the new MAS regulatory reporting obligations.
Taking into account the different technology and business footprints, Expand was able to establish a range of systems that firms were reporting to the MAS as 'critical'. This presented firms with an opportunity to revisit their approach and identify over/under reporting.
Expand presented its findings to the working group through a focused session arranged specifically to address the new MAS requirements, and distributed a memo for firms to explain the local regulatory challenge to their global teams. The analysis helped participating firms get a feel of the market's approach and optimize their implementation of the critical systems frameworks. This allowed for time and costs savings, while avoiding potential regulatory missteps.
The Asia IT Regulatory Risk Working Group (ITRRWG) was borne of this exercise. It enables regional IT risk managers to collectively discuss regulatory requirements impacting the technology of their firms, and allows them to learn from each other’s experience of implementing local regulations.
To read more about Expand's offerings in the IT Regulatory Risk area please click here