When firms rush through change, they open themselves up for exposure to all kinds of change risk including deteriorated controls and other inefficiencies that can cost them and their clients’ money. Change is inevitable, but organizations that have a mature process library and a solid governance routine in place are better positioned to effectively manage change and mitigate associated risk which include regulatory exposure.
Both the SEC and OCC require that financial institutions have established policies and procedures in place. When they don’t, penalties can be significant. Not only do firms face monetary fines, but their reputation is also at risk. Historically, trust companies were more likely than investment advisors to be scrutinized by regulators for lack of procedures – this is no longer the case. The SEC recently stated that “investment advisers must adopt and implement policies and procedures to ensure that they honor their agreements with all of their clients, including legacy clients of predecessor firms.” Establishing a robust process library and implementing a process governance routine to manage it is in the best interest of every organization – we refer to the governance methodology as Structured Process and Procedure Design.
Five Benefits of Structured Process and Procedure Design
So why put this program in place? Some may argue that it’s pointless to document when change is inevitable. But SPPD is not a pointless exercise. Putting in the effort can lead to essential benefits for wealth management firms of all sizes – both near and long term. Five main benefits include the ability to:
- Mitigate Overall Risk—Organizations need to protect themselves against risks associated with poor controls such as cyber-attacks designed to access client and business data or initiate outgoing transfers of assets.
- Manage Change—When organizations undergo a change due to organic growth, system implementations, mergers and acquisitions or response to regulatory change, SPPD will help them be better equipped to maximize the benefits of that change instead of creating a myriad of patches and band-aids leading to more inefficiencies. Growing companies need processes that can scale, the process library helps them evaluate and implement with less risk.
- Maximize Efficiencies—Organizations are always seeking to do things more efficiently, but they can’t fix what they can’t see. Often, inefficiencies such as duplications of efforts are buried in processes that they don’t know about. SPPD digs deep into processes and uncovers inefficiencies that weren’t previously visible.
- Improve Testability—with SPPD, organizations can effectively define controls that align to their processes to prove their processes work and are effective. The effort helps them see where the controls are within the procedure, put testing routines in place and bridge gaps between the definition of the control and what the process is actually doing.
- Respond to Audits—SPPD can make both internal and external regulatory audits less of a headache. Your mature process library facilitates smooth internal audits so that problems can be identified and addressed before external auditors find them. This helps organizations potentially avoid costly MRAs (mandatory remediation actions) issued by regulatory agencies such as the OCC.
When to Engage in Structured Process and Procedure Design
Often the trigger for engaging in SPPD is when organizations have a significant change such as a new system implementation, merger or acquisition, or when they broadly evaluate processes to identify efficiencies. These types of initiatives can jumpstart an organization to build a process library congruent with an already budgeted initiative. Start with a specific initiative or priority; for example, onboarding, asset transfers, or securities processing, and build on it over time.
If you can’t document everything at once, demonstrating the structure is in place is the first step to process governance and your process library’s overall maturity. The key is the organization of the program and the foundation to evolve and mature it over time.
The Process Library
The SPPD methodology and effort leads an organization into the development of a mature and sustainable process library which includes procedure level detail. A sustainable library is one that is current and easily accessible. If you have not already invested in a Knowledge Base application, the library can be built on an internal SharePoint site.
These libraries should include all the processes an organization does to the level of detail that can support a new hire as well as support audit. Processes within the library should connect processes throughout the organization, which will align the upstream and downstream impacts – contributing to the overall change risk mitigation. A mature process library gives users easy access to related desktop level detail or forms. Procedure level documentation, process modeling tools may also be used to support end-to-end process design and overall process governance.
The size of a process library can vary depending on firm sizes. It can be as little as 50 processes for a small organization up to 1,000 for a large organization with front, middle and back-office operations. Organizations with extensive internal operations will have a higher number of processes to document than those who outsource operations.
Once a library is established, it’s important to give all team members access to it so that everyone understands changes that have been made over time and how it impacts their role and their processes. Organizations must also establish a maintenance routine to keep their library current so that processes documented don’t go stale.
Investment in Structured Process and Procedure Design Pays Out Over the Long Term
In the long run, SPPD helps organizations immediately manage change risk and save time on future change initiatives. The investment and structure put in place today is critical in protecting a firm and clients’ assets. Having this governance in place will not only support internal training needs but will also empower organizations to manage internal risk and assure the safety and soundness of their processes.
For support building your structured process design initiative, get in touch.
