Staying ahead of the curve: Best practices for regulatory change management

Regulations are constantly evolving, and keeping up with them can be challenging. The latest one impacting the annuities industry: The U.S. Department of Labor’s (DOL) final fiduciary ruling, Retirement Security Rule: Definition of an Investment Advice Fiduciary, is set to take effect in September 2024. The ruling significantly expands the definition of “investment advice” and heightens the best interest standard that fiduciaries must meet, among other notable changes:

• Broadened scope: The ruling broadens the definition of “investment advice” to apply to fiduciaries who provide individualized advice about IRAs, annuities, or rolling over assets from workplace retirement plans. 
• Enhanced best interest standard: Fiduciaries are required to give prudent advice that prioritizes the needs of retirement investors. This includes avoiding misleading statements, charging unreasonable fees for services, and disclosing conflicts of interest to the retirement investor.
• Documentation & oversight: Fiduciaries must provide detailed documentation justifying and providing basis for their recommendations, as well as any potential conflicts of interest. Additionally, advisors may need additional training on fiduciary responsibilities, especially those that specialize in asset rollovers and IRAs, while insurers may need to implement additional controls to meet expanded oversight requirements. 

While insurance providers and distributors are currently hustling to achieve full compliance, it’s important that they do so methodically. A comprehensive and structured approach to change management — the process of monitoring, analyzing, and implementing regulatory changes — can ensure your ability to maintain compliance effectively with minimal disruption to your business and clients.

Here are best practices for a program that allows you to smoothly navigate the ever-changing regulatory environment.

1. Identify & assess 

Proactively track regulatory updates and assess whether the changes apply to any products or areas of your organization.

Identify regulatory changes

To ensure your organization is able to comfortably adapt to regulatory changes before they go into effect, stakeholders should be staying informed about their industry’s regulatory environment and how it may affect them, including monitoring regulatory bulletins from relevant agencies, industry publications, resource groups, law firms, and government websites. 

Depending on the size of your organization, you may want to consider a regulatory change management service that issues alerts in the event of potentially relevant rule changes.

Determine applicability

Have legal or compliance professionals analyze whether the regulatory change applies to your organization, and ensure that all products and areas of the business are being assessed. If your compliance department assesses the applicability of a recent change and are still left with questions or uncertainty about whether it applies to the organization, then they should consult legal counsel to ensure there aren’t unnecessary compliance gaps. 

Some regulatory change management services have rules-based or AI-supported functions that can help filter out inapplicable alerts based on the specifics of your business and how it operates.

2. Plan & coordinate responses

Take a structured and collaborative approach to managing and assessing regulatory changes across your organization.

Form a cross-functional team

Assemble a cross-functional team with representatives from relevant departments such as legal, compliance, risk management, operations, underwriting, and IT to collaboratively manage the regulatory change. 

Assess impact

Evaluate the potential impact of regulatory changes on the organization, considering factors like operational processes, policies, procedures, systems, and compliance requirements. Working cross-functionally during this phase can help to determine if there are potential organizational impacts that you may have not considered. 

During this step, it’s important to consult with risk management experts on your team to determine if the regulatory change in question adds risk or merely impacts existing risk, as this can help determine whether you just need to make adjustments to existing controls or implement new controls from scratch.

3. Create a plan

Find areas throughout the organization that need to be addressed in order to be fully compliant and put together a comprehensive action plan to ensure that no stone is left unturned. 

Conduct a gap analysis

Perform a gap analysis to identify the differences between your organization’s current state of compliance and the required state of compliance under the new regulations. If there are compliance gaps in a specific area, document what they are and what specifically needs to be addressed to achieve compliance.

Develop an action plan

Create a comprehensive action plan that outlines what your organization needs to do to achieve full compliance. Assign responsibilities, set deadlines, and establish communication channels to ensure smooth execution.

4. Review & update policies and systems

Implement your action plan and have a process for testing and validation.

Compare existing policies and procedures with regulatory changes, identify what should be updated 

Review existing policies and procedures to ensure they align with the new regulatory requirements. If you identify an area that isn’t compliant with new regulations, propose changes to the policy or procedures and distribute them to relevant stakeholders. If no applicable policies or procedures exist in your organization, work to develop new ones that align with the new rules.

Update systems and processes

Determine if existing systems and processes need to be updated to achieve compliance, and make updates or develop new systems, processes, or controls where necessary. Be sure to document any updated or new controls within your risk management framework.

Test & validate changes

Conduct thorough testing and validation of changes made to policies, procedures, systems, and processes to ensure they are effective in achieving compliance with the regulatory changes. Consider adding internal testing after a specified period to ensure the changes continue to be effective.

5. Train & monitor

Provide ongoing education and monitoring to sustain compliance and enhance regulatory change management.

Train and educate employees

Provide education on regulatory changes and training to employees, including the potential impact on their roles and responsibilities. Ensure they understand the changes and are equipped to comply with new requirements.

Monitor and report

Establish a process to monitor ongoing compliance with regulatory changes, and consider reporting your findings to management and (if required) regulatory bodies on a regular basis. Make sure to continuously monitor relevant outlets, industry publicans, or government agencies for further regulatory changes.

Document and retain records

Maintain comprehensive documentation of the entire regulatory change management process, including all of the steps your organization took and changes you implemented. Depending on the regulation, this process may be required by law. 

Review and improve your program

Conduct regular reviews (e.g., annually) of your regulatory change management process to identify areas for improvement. Incorporate feedback and lessons learned into future change management efforts to enhance the process.

This information is educational in nature and is not intended as legal or compliance advice.

About the authors