As the pandemic continues to batter right through into 2021 and businesses return to the next normal with vaccines making their way into our lives, staying on course with compliance becomes even more critical. Why so?
Regulatory and Corporate compliance, closely tied to brand image and reputation, tops any organization’s priority today to steer clear of penalties, work stoppages or lawsuits in an environment where regulatory complexities are growing. Chief Compliance Officers (CCO) recognize that the cost of non-compliance is too high to bear in a world that is still facing the scourge of COVID-19 crisis. CCOs, tasked with guaranteeing adherence while pre-empting risks, understand the value of putting together a risk-based, integrated compliance strategy.
So, let’s look at what makes for a comprehensive compliance strategy. Starting with a risk-based and federated approach, it entails tracking regulatory engagements, keeping policies in sync with new regulations, while not taking the eye off integrity and culture needs.
A federated approach to compliance makes room for a holistic view, where departments across the board collaborate and share compliance information and technology, but also ensure that the unique compliance needs of each department are kept in place. This is the sign of a true mature organization because it weeds out duplication of effort, breaks data silos and offers an opportunity to create a common compliance data architecture.
A Risk-based Approach – Winner All the Way
To put together a tightly-knit compliance strategy, organizations must adopt a risk-based approach. The need of the hour, especially post the pandemic, is a risk-based approach that is customized to suit the needs of each industry type. With the COVID-19 crisis, organizations have woken up to the reality that not only are there record-high regulatory fines to deal with in case of non-compliance, but also that not all risks need the same level of protection.
Informed decision making in an evolving landscape requires creating best practices for managing compliance risk. The three key steps organizations can take to carve out a robust compliance risk management program are:
- Assess and Prioritize Risks
- Determine the Right Controls
- Report Findings Early and in Real Time
The pandemic especially requires organizations to reassess and rearchitect their compliance risk profiles, both from a quantitative and a qualitative perspective. What is a good way to acquire a contextual view of risk? It is by putting in place an integrated compliance data model that ensures a link with other risks as well as regulations, policies, processes, controls, objectives, etc. It is important that risks be linked to their appropriate owners. And, risk computations make it easier for organizations to rank and prioritize compliance risks.
The next steps are choosing the appropriate controls so as to prevent or detect risks better. Well executed controls, stem risks. Compliance management software tools, especially Robotic Process Automation (RPA) tools, have a key role to play here as they help accelerate control assessments by automating and streamlining processes. Compliance management softwarecan help document potential risks and make room for systematic issue investigation and remediation.
For organizations that operate across geographies have their own share of risk reporting complexities to deal with. Real and on-time reporting is feasible with use of advanced reporting tools such as graphical dashboards that help view historical as well as real-time data. Organizations are also exploring the use of advanced analytics and machine learning in detecting and predicting compliance risks so that compliance managers stay clued in to ground realities.
Risk mitigation may be the primary responsibility of compliance experts, but all the three lines of defense must work in tandem on this. The stronger the business ownership of risk, the better positioned an organization is. An integrated and holistic compliance strategy and program puts workflows around policies, cases, compliance assessments and other processes on the fast track. And while this happens, organizations must not lose sight of integrity and culture. Compliance and integrity are two sides of the same coin. Be it the management, board or the frontline, each has a role to play to help the organization imbibe the culture of compliance.While the top management, leads from the front by articulating the organization’s core values in an unambiguous and consistent manner, the middle and lower management are the eyes and ears of the organization. The top managers can lean on tools such as employee reviews and customer surveys, while they help employees gauge the importance of accountability, transparency and desired behaviors. The Board of Directors, on the other hand, can institute formal processes and structures to monitor progress and gaps in compliance to integrity and take corrective actions where necessary.
Keep Policies Aligned with Changing Regulations
The COVID-19 crisis has brought with it a changing compliance landscape. As of May 2020, more than 100 countries issued over 350 regulatory notifications to deal with the COVID-19 crisis. The key challenge for organizations is to ensure compliance without disrupting operational efficiencies. To keep policies in sync with recently-updated regulations both at the global and the federal level, organizations can take to take a few steps, that are outlined in the graphic below :
Build credibility with regulators with effective regulatory engagement
Organizations need an agile and well-coordinated strategy to effectively track regulatory engagements. To strengthen their regulatory relationships, organizations can:
- Be more strategic
- Create an internal regulatory engagement community
- Keep senior management, board and business in the loop
- Enable secure access to regulatory engagement information
- Leverage good quality data and automation
- Create repeatable processes
MetricStream – A Partner to Lean On
Organizations that Perform with Integrity™ enjoy brand loyalty of customers, partners as well as employees. MetricStream helps customers build more risk-aware and compliant cultures through a range of governance, risk and compliance (GRC) products and solutions built on an integrated risk platform. Our M7 Regulatory Compliance and Corporate Compliance solutions help organizations strengthen compliance by adopting an integrated approach.
As the pressure on compliance and regulatory engagement management teams grows, our solutions will help you: