Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


Why You Should Extend Change Management Processes Beyond Regulation Shifts

Jun 24, 2019

How many times have you heard the saying from the Greek philosopher Heraclitus, “Change is the only constant in life”? 

You will get no argument from those of us in the financial institutions industry. After all, the last 10 years or so have seemed like a constant sea of change. And I am not talking just about changes in regulations. 

Changing consumer expectations have led institutions to relook at the products and services they offer, as well as the manner in which the products and services are delivered. Technology advances are nonstop, and the increasing desire for experienced professionals in our institutions has resulted in relentless movement of personnel. 

How do you manage all this change?

Because of this constant state of change, the regulatory agencies determined that the compliance examination approaches first established in 1980 were no longer aligned with current risk-based approaches to consumer compliance supervision. 

In 2017 a revised Consumer Compliance (CC) Rating System was introduced that is organized under three broad categories: 

  1. Board and Management Oversight
  2. Compliance Program
  3. Violations of Law and Consumer Harm

Each of these categories includes multiple assessment factors, with the factors incorporated into the first two categories primarily related to the identification and management of risk. No surprise. 

As institutions under each agency have experienced their first examinations under the new approach, the effectiveness of their change management process seems to be a common theme. 

Change management effectiveness is just one of the assessment factors under the board and management oversight category, but it appears to be a focal point of the examinations. 

And why not? As we said, change is constant. The ability of institutions to anticipate and respond in a timely manner to the constant sea of change is vital to the management of risk and overall financial stability. 

Even before the March 2017 publication of the rating system, the Federal Reserve Bank in Minneapolis published a sneak peek into the expectations of managing change. In a March 2016 article, the Federal Reserve Bank provided guidance on the elements of an effective change management process. These elements include: 

  • Identify changes
  • Create action items
  • Establish responsible parties
  • Track due dates
  • Evaluate effectiveness of changes post-implementation
  • Establish a repeatable process

As compliance professionals, when we think of change, our thoughts may go immediately to the vast amount of regulatory changes that have occurred over the last several years, and this change management process sounds like a good idea. 

However, this process should also be followed for other changes, such as products and services, technology, and personnel.  

Whether you are introducing a new product or service or enhancing an existing one, planning for its impact on consumers and your institution will help ensure its success in the short and long term. But don’t forget about pre- and post-implementation testing. Validating that the product or service is operationally performing as expected is crucial to avoiding compliance violations and consumer harm. 

The same is true for software or hardware changes. 

For example, receiving notification of an update to your loan document or core processing system should trigger the change management process. Pre- and post-implementation testing may include opening new loan or other accounts in a test environment. A thorough review of documents, disclosures, and account parameters should be incorporated in the testing. As a compliance professional, you know that if it wasn’t documented, it wasn’t done. So, don’t forget to maintain thorough details of the testing approaches, variances in the testing, and the outcomes, as well as copies of screen prints and supporting documents.  

Personnel changes may be an area that you didn’t necessarily think of as needing a formal change management process. 

However, when key personnel leave your institution, a vast amount of knowledge may be leaving at the same time. This can raise the level of compliance risk. The more notice you have of the move, the more opportunity you have to ensure a smooth transition to new personnel. A pending retirement usually allows more time for planning and training of new personnel. But most often, when key personnel announce they are leaving, the planning time is much shorter. Don’t waste a moment of that time. 

Having a repeatable change management process will increase your ability to cover all the bases in the short period of time available. Gain a thorough understanding of the individual’s job duties and knowledge resources (where you can go to get the answers that you would normally get from the individual). Once duties are reallocated, appropriate training and post-implementation testing will help to ascertain any additional training or resource needs. Again, document, document, document.  

Implementing these important change management steps will help ensure that at your next compliance exam, your rating for change management is either:

  • Management anticipates and responds promptly to changes in applicable laws and regulations, market conditions, and products and services offered by evaluating the change and implementing responses across impacted lines of business. Management conducts due diligence in advance of product changes, considers the entire life cycle of a product or service in implementing change, and reviews the change after implementation to determine that actions taken have achieved planned results.


  • Management responds in a timely and adequate manner to changes in applicable laws and regulations, market conditions, products and services offered by evaluating the change and implementing responses across impacted lines of business. Management evaluates product changes before and after implementing the change.

And Not

  • Management does not respond in an adequate and/or timely manner in adjusting to changes in applicable laws and regulations, market conditions, and products and services offered.


  • Management’s response to changes in applicable laws and regulations, market conditions, or products and services offered is seriously deficient.


  • Management fails to monitor and respond to changes in applicable laws and regulations, market conditions, or products and services offered. 

I don’t want to make it sound like it’s just about the examination rating because it’s not. It’s about taking care of your customers and protecting your institution’s reputation. It’s about preparing for the future and welcoming whatever comes with it. So…bring it on!

To discuss resources for managing change in your institution, contact Kathy Enbom at 815.265.6016.

"Change is inevitable, change will always happen, but you have to apply direction to change, and that’s when it’s progress." (Doug Baldwin, Retired NFL Player)


Kathy Enbom, CRCM
Principal, Compliance
View Profile
Video: Benefits of Co-Sourcing Your Internal Audit Plan
You don’t have to stress about making sure your internal audit plan is completed on time. Together, we work with you to identify risks, update processes and finalize your plan. Reinforce your team with the support you need to complete your annual internal audit plan with confidence.