Navigating Change: Leveraging Technology to Strengthen Compliance ResilienceCompliance Management | 6 Min Read |26 April 23|by Sumith Sagar
The cost of non-compliance is rising. In a recent study, the Ponemon Institute found the average cost of non-compliance to be around $14.82 million per offending business. And while the practice of compliance continues to expand, organizations are finding that they cannot afford to rely on a traditional approach to compliance. For many organizations, there are two compliance practices, with some overlap – corporate compliance that focuses on the conduct at the organization and includes creating, distributing, training on, and getting employee (and third-party) attestation to a code of conduct, behavioral policies, and relevant processes and procedures, and regulatory compliance that focuses on organizational alignment with applicable regulations, standards, and frameworks. Corporate and regulatory compliance best practices are essential to a well-run business. Yet changes in compliance expectations, its position in an organization’s approach to holistic risk management, and the influence well-run compliance programs can have on the success of a business are driving changes in compliance best practices.
Globally, the narrative is gradually shifting from simply managing compliance requirements and meeting obligations to building dependable programs that deliver organizational compliance resilience. But what does it mean?
Compliance resilience refers to the ability of an organization to weather rapid changes and respond to them without compromising the compliance function or the integrity of the business. These changes could be either external to the organization, such as regulatory updates requiring recalibrating of regulatory requirements and obligations, or internal to the organization, such as changes in business practices – working from home or the office – changes in personnel, partnerships, and processes, that challenge compliance norms.
External Changes: New Regulations and Updates
According to Thomson Reuters’ Cost of Compliance report, financial services firms across 190 countries saw an average of 246 regulatory alerts every business day in 2021. This equated to more than 64,000 alerts annually, marking the second-highest annual volume of regulatory alerts since 2008. Keeping up with this flurry of regulatory updates is no ordinary feat and requires a multi-pronged approach. Here, compliance management technology plays a key role.
- Regulatory Horizon Scanning
Establishing a systematic process for staying on top of pending regulatory changes is essential for boosting agility in compliance management and strengthening compliance resilience. Awareness of legislation and regulations in development can help organizations prepare for and anticipate changes. For example, it is not uncommon for one regulatory body to release an update only to be followed by another agency with similar jurisdiction and stricter demands. A business that is made aware of the proposed legislation can more easily adapt their programs to the anticipated stricter code once, rather than having to adapt their approach twice. Tracking relevant regulatory development from around the world, across hundreds of jurisdictions and thousands of regulatory authorities is a daunting task. A manual approach will inevitably result in a growing backlog of regulatory alerts that need further analysis, increasing the probability of human error and compliance violations. It also makes it challenging to consolidate compliance data from different business units and geographies and compare trends across different assessment periods.
There are a number of solution providers that offer regulatory horizon scanning capabilities – tools that regularly scan the regulatory environment, such as government and regulatory bodies, enforcement agencies, supervisory authorities, etc., for updates, and capture and relay it to relevant personnel in a streamlined and automated manner. This helps the compliance team save a lot of time and effort, which they can now utilize to analyze the regulatory alert and assess its impact.
Learn how a Leading UK Financial Institution is leveraging MetricStream’s integration with CUBE to identify, capture, and manage regulatory changes in a simple and automated manner. Click here.
- Regulatory Change Alerts
Establishing a systematic process for staying on top of impending regulatory changes is essential for boosting agility in compliance management and strengthening compliance resilience. However, capturing these alerts from around the world, hundreds of jurisdictions, and thousands of regulatory authorities is a daunting task. A manual approach will inevitably result in a growing backlog of regulatory alerts that need further analysis, increasing the probability of compliance violation. It also makes it challenging to consolidate compliance data from different business units and geographies and compare trends across different assessment periods.
Software designed to streamline regulatory change management can reduce the time and resources required to ensure the organizations is aware of, identifying, and aligning to evolving regulatory requirements. AI tools that can help identify applicable regulations, curate those regulations so only relevant regulations are reviewed, and extract requirements from relevant regulations can save even more resources, time, and costs. Systems that establish a centralized repository that maps regulatory requirements to organizational risks, controls, processes, and policies can help accelerate the process. Software that enables the identification of specific sections of policies that are impacted due to a regulatory update, save significant effort, allow for a more adaptable, agile, and resilient compliance approach.
- Obligation Management
Effective obligation management, i.e., identifying, extracting, and meeting compliance obligations from regulations, contracts, policies, etc., is essential to strengthening compliance resilience. Given the sheer volume and complexity of regulatory requirements and the tendency to bury actual obligations within large documents, organizations can no longer justify manual methods. Leveraging AI-powered capabilities and automation can enable organizations to quickly and easily identify and extract relevant regulatory obligations from relevant regulations at scale, including tagging it, classifying it, and surfacing it for a faster, easier, and more accurate review.
AI-driven obligation management is a game changer for many, with an ability to accelerate regulatory change management processes and accuracy immeasurably. And an easily and rapidly aligned organization is going to be able to adapt to changes in compliance requirements with less effort.
- Compliance Risk Assessments
It is imperative for organizations to proactively manage compliance risks, i.e., the risk of non-compliance with regulations, frameworks, and standards, which can jeopardize an organization's financial standing, legal position, and brand reputation. To improve compliance posture and resilience, organizations need to continuously assess compliance risks and mitigate them in a timely manner.
Performing compliance risk assessments requires identifying relevant federal, state, and local regulations, determining if internal controls and policies are in compliance with the identified regulatory requirements, identifying if there are any gaps, and taking necessary risk mitigation steps. That said, it is critical to constantly draw from cross-industry best practices to enhance an organization’s compliance risk assessment, and to effectively manage compliance expectations.
Software solutions can help streamline the entire process with well-defined workflows around creating surveys to reviewing, approving, and distributing them, and collaborating with various business units and teams to gather and update responses, etc. Technology-based solutions not only help organizations save time and effort but also enable them to manage compliance risks proactively and effectively prioritize risk mitigation efforts, ensuring optimum allocation of resources.
Internal Changes: Compliance Team and Workflow
The centerpiece of implementing a compliance program and executing the workflows is the compliance team. From the chief compliance officer (CCO) to compliance managers, analysts, and associates – everyone plays a crucial role in strengthening compliance resilience. Organizations need to properly define and document roles, responsibilities, and accountabilities for each of the compliance personnel; provide comprehensive training on the laws, regulations, and company policies that apply to their day-to-day job responsibilities; and ensure seamless collaboration within the team and externally with risk, security, and other functions. That said, it is critical to have a business continuity plan in place – the course of action if there is an expected or unexpected unavailability of a team member due to retirement, a departure from the firm, management restructuring, etc. While having well-documented standard operating procedures (SOPs) in place definitely helps, organizations must also deliberately encourage a culture that promotes performing at the next level. Running mentorship programs can help employees easily step into the shoes of a senior team member if need be.
Anti-corruption and competition laws, data and privacy regulations, prevention and control of fraud, cybersecurity regulations, anti-money laundering (AML) and counter-terrorist financing (CFT), sanctions policies, ESG regulations, and more – the list goes on. Regulatory scrutiny and oversight will only amplify going forward, making it exceptionally challenging for organizations to build trust and credibility with regulators, particularly in the uncertain business environment. It underscores the need for building compliance resilience in line with business goals and objectives.
Companies that fail to broaden their outlook and approach face greater possibilities of penalties, litigation, loss of contract, negative publicity, loss of reputation, and in some cases, complete corporate collapse. Organizations need to create an environment that reflects transparency and efficiency in the management of regulatory requirements and obligations. Compliance resilience – centered around the principles of proactive and agile approach and business continuity – can empower organizations to withstand internal and external changes.
To explore how MetricStream can help you stay on top of regulatory change and boost compliance resilience, click here.