Building Compliance Programmes Without Testing Regulator Interpretation

The exposure you're underwriting without realising it

When a firm launches a compliance programme based on its own reading of new rules, it is making a private bet that the regulator's reading will match. That bet is rarely tested directly. It is inferred from speeches, consultation responses, peer chatter, and the views of external counsel who are also inferring. The result: a programme that looks rigorous internally and may still miss the supervisor's actual enforcement posture by a meaningful margin.

The risk is not that you misread the rule. The risk is that you build operational machinery, train staff, set tolerances, and report progress to the board against an interpretation that will quietly drift from the supervisor's during the first two years of enforcement. By the time the gap surfaces, usually in a thematic review or a Section 166, the cost of unwinding is an order of magnitude greater than the cost of building it right.

Where the interpretation gap actually opens

Three places, in order of frequency.

First, the threshold questions. What counts as material. What counts as in scope. What counts as a relevant arrangement. Firms tend to set these conservatively in policy and pragmatically in practice. Supervisors tend to test the practice.

Second, the evidentiary standard. Most rules say what must be done. Few say what proof the supervisor expects to see that it was done. Programmes routinely build the control without building the artefact that demonstrates the control operated.

Third, the adjacent obligations. A new rule rarely sits alone. Supervisors interpret it against existing principles, SMCR accountabilities, Consumer Duty outcomes, or operational resilience expectations. Firms that read the rule in isolation build a compliant silo inside a non-compliant context.

What good validation looks like

Good validation is not a letter to the regulator asking how they will interpret the rule. That is a request supervisors are professionally obliged to deflect. Good validation is structured triangulation across four sources, run in parallel, not sequentially.

1. Decoded supervisory signal

Pull every speech, Dear CEO letter, enforcement notice, and final notice from the last 18 months that touches the rule or its predecessors. Code them for interpretive moves: where has the supervisor extended, narrowed, or hardened a position. Most firms read these documents. Few code them systematically against their own design choices.

2. Peer interpretation mapping

Use trade body working groups, industry counsel, and ex-regulator advisers to map how at least six comparable firms are reading the same provisions. You are not looking for consensus. You are looking for the distribution. If your interpretation sits at one tail, you need to know why, and whether you can defend the position when challenged.

3. Structured supervisor engagement

Use the routine touchpoints you already have: continuous assessment meetings, close and continuous supervision dialogue, ad hoc queries. Frame interpretive questions narrowly, in writing, anchored to your design choices. The objective is not approval. It is to create a documented record that your interpretation was visible to the supervisor and not corrected.

4. Enforcement simulation

Run a tabletop with external counsel playing the enforcement division. Hand them your programme design and ask them to build the case against it. This is the exercise most firms skip because it is uncomfortable. It is also the one that surfaces the gap fastest.

What most firms get wrong

They validate too late. Validation happens after the programme design is locked, usually as part of pre-implementation assurance. By then the sunk cost is too high to redesign, and the validation becomes a confirmation exercise. Run the four-source triangulation before you finalise design, and again before go-live.

They also confuse legal opinion with supervisory intent. A reasoned legal view that your interpretation is defensible is necessary and insufficient. Supervisors enforce against expectation, not against the best legal reading.

The decision in front of you

Before your next compliance programme reaches investment committee, ask one question: what specifically have we done to test that our interpretation matches the supervisor's, beyond reading the rule and the guidance. If the answer is a legal memo and a benchmarking deck, you have not validated. You have rationalised. Commission the enforcement simulation this quarter. It is the cheapest insurance you will buy all year.