By Narelle Davidson

Staying on top of regulatory change?

I spend a lot of time talking to managers about compliance.  A common pain is understanding legislative obligations, staying on top of and managing regulatory change.  In an industry that has a broad range of legislative obligations, this is no surprise.  Understanding compliance obligations can be a big task to get started on.  Once a start has been made it is easy to get bogged down with the complexities.  While many people have an idea of what is required to meet legislative obligations, sometimes the devil is in the detail.  The detail can be what brings everything to a grinding halt. It is important to establish risk appetite.  What is the amount and type of risk the business is prepared to accept to achieve its objectives?

A compliance risk register is a “must have” for any business

Do you have a compliance risk register?

We need to understand our legislative obligations in order to manage regulatory change.  Developing a compliance risk register is a start.  The risk register should map out the compliance obligations and document how these are being managed.  It should identify gaps and where there is potential exposure to the business.  The register will need to include any controls that are in place to manage the compliance risk.  Where a control does not exist it will need to be developed and of course implemented.  The register needs to be monitored and reviewed.

10 tips to stay on top of regulatory change

These are my top 10 tips to manage legislative obligations and stay on top of regulatory change:

  1. Create a compliance risk register.
  2. Identify current compliance risks for your business.
  3. Include current controls that are in place to manage the risk. Controls can be things like documented policy, training, review and reporting procedures.
  4. Rate the risk.
  5. Identify any gaps and any new controls that may need to be implemented. What new policies and procedures may need to be developed? Training may need to be reviewed.  What incidents have occurred in the past that may help manage the obligation now? What changes are required?
  6. Communicate changes and how the change will be implemented.
  7. What reporting (internal and to the regulator) is linked to the legislative obligations?
  8. Consider how compliance will be demonstrated.
  9. Consider how a compliance breach will be handled.
  10. Monitor changes to legislation and make updates to the register.

Once a regulatory change is known you must consider what is required to be done.  A lot of effort can be put into working out how to get around regulatory change when the effort is best put into working out what needs to be done.

How do you manage legislative obligations and regulatory change?