Regulatory Change Management Policy¶
| Code | REP-006 |
| Domain | Regulatory Reporting |
| Owner | Chief Compliance Officer |
| Status | Draft |
| Applicability | Platform |
| Jurisdiction | NZ + AU |
| Business domain | BD10 |
| Review date | 2027-03-25 |
Purpose¶
Govern the horizon scanning, impact assessment, implementation planning, and Board reporting process for regulatory change. Ensures that changes to the regulatory landscape in NZ and AU are identified promptly, assessed for impact on the platform, and managed to implementation within required timeframes.
Scope¶
All regulatory changes in NZ and AU that affect the banking platform's obligations, including primary legislation, prudential standards, regulatory guidance, and industry code amendments.
Policy statements¶
The Chief Compliance Officer SHALL maintain a regulatory change register that tracks all known and anticipated regulatory changes. The register SHALL include: the regulatory instrument, trigger type, expected effective date, current status (consultation / final / enacted), assessed impact tier, implementation owner, and implementation milestone dates.
The register SHALL be updated monthly and following any material regulatory announcement. The following trigger types SHALL each result in a register entry: (1) new primary legislation enacted or amended; (2) new or revised prudential standard issued by RBNZ or APRA; (3) regulatory guidance, circular, or no-action letter issued by a supervisor; (4) industry code or payments scheme rulebook amendment with compliance obligations.
Input sources for horizon scanning SHALL include at minimum: RBNZ, FMA, APRA, ASIC consultation papers, final instruments, and supervisory communications; and payments scheme rulebook update notifications.
Every regulatory change identified SHALL be assessed for impact on the platform within 30 days of identification. The impact assessment SHALL cover: products and services affected, policy changes required, system changes required, customer communications required, and estimated implementation effort.
High-impact changes — those requiring material system development, product changes, or new regulatory submissions — SHALL be escalated to the CTO and relevant domain heads for resourcing assessment within the 30-day impact assessment period.
Regulatory changes requiring platform action SHALL be assigned an implementation owner and a documented implementation plan with milestones. Implementation plans SHALL be tracked in the regulatory change register.
Where a regulatory change has a hard compliance deadline, the implementation plan SHALL include a buffer period before the deadline to allow for testing and validation. Changes that cannot be implemented within the required timeframe SHALL be escalated to the Chief Executive Officer and Board.
Regulatory changes that require updates to reporting inventories, obligation mappings, report specifications, or traceability matrix entries SHALL be incorporated into those artefacts prior to the first affected reporting period, in accordance with REP-001.
The regulatory change register SHALL be presented to the Board Risk Committee at least quarterly. The report SHALL highlight: changes entering the implementation phase, changes at risk of missing their deadline, and changes implemented in the quarter.
The platform SHALL evaluate specialist regulatory change management tools to automate horizon scanning and obligation mapping. Tool selection SHALL be reviewed as part of the annual technology plan.
Satisfying modules¶
| Module | Name | Mode | Description |
|---|---|---|---|
| MOD-056 | Compliance visibility engine | ALERT |
Deadline-alerter emits bank.regulatory.obligation_deadline_approaching for time-bound obligations approaching their due date; ALERT_OBLIGATION_DEADLINE_APPROACHING DCM alert routes to MOD-076 SNS for CCO notification. |
Part of Regulatory Reporting · Governance overview
Compiled 2026-05-22 from source/entities/policies/REP-006.yaml