They say it’s truly an ill wind that doesn’t blow someone some good. As far as managed service providers (MSPs) are concerned, that’s pretty much been the case for the past eight years when it comes to anything to do with governance, risk management, and compliance (GRC). Many MSPs have been able to considerably shore up their bottom line by offering a wide variety of managed GRC services. Now the Trump administration via an executive order is signaling its intention to either not enforce or altogether abandon key provisions of the Dodd-Frank act, which enshrined many of the regulations that created the need for managed GRC services in the first place.
The Dodd-Frank act is, of course, only one piece of the GRC puzzle. The Trump administration has made it clear that just about every Federal regulation is now subject to review. Despite all the rhetoric, however, it may take a while for those reviews to result in any new legislation. As in the case of the Affordable Care Act (ACA), it doesn’t appear that either Congress or the Trump administration has a plan in place for replacing Dodd-Frank any time soon.
Companies playing it safe
Until it becomes clear what any new legislation formally entails, most organizations are going to be play it safe by continuing to comply with existing rules. They might take comfort in knowing those rules will not be as vigorously enforced as they have been. But that’s not the same as deciding to unravel all the mechanisms associated with complying with those regulations—at least until something that officially replaces existing regulations is formally on the books.
In fact, what ultimately emerges from the corridors of Congress may have little impact on GRC services. Much of the debate surrounding Dodd-Frank, for example, is squarely focused on what types of financial services can be offered by different classes of organizations and individuals. Unraveling provisions that specifically protect investors might not prove as popular.
Navigating changing regulations
There are also individual states to consider. New York and California, for example, under the leadership of Democratic governors are likely to attempt to increase their regulatory oversight almost anywhere the Federal government retreats. Meanwhile, organizations that conduct business across any border already know that managed GRC services that help them navigate conflicting regulations spanning multiple countries are all but indispensable.
Obviously, there’s going to be confusion surrounding Federal regulations for years to come. MSPs would be well advised to keep close tabs on what rules are being proposed. They may even want to establish a relationship with key people in Congress. Any act of Congress is by necessity an imperfect compromise, but it’s much easier to get one provision or another changed before any new act gets implemented than it is to change it after the fact. MSPs that specialize in GRC services now have a unique opportunity to help shape new legislation at a time when their deep understanding of what it takes to enforce those regulations is likely to be sought after more than ever.