27 September 2021
What are the features of an ideal compliance function?
Thomson Reuters asked this question in its 12th annual survey on the cost of compliance.
“Respondents said their ideal future compliance functions would be adequately resourced with human and financial capital, with more automation of compliance activities. The compliance function would be seen as a strategic business partner which was integrated throughout the business, with culture and technology appropriately enabled.”
That gives us an insight into the future – where the Holy Grail is a compliance function that’s adequately resourced; valued as an integrated strategic business partner; and has fully automated compliance processes.
But how do you get there?
Taking Stock of Your Situation
First, you need to make a realistic appraisal of where you currently are.
How sophisticated is your automation? How is the compliance function viewed in your business? How much time do you spend on value-adding activities?
A number of factors will affect how your firm approaches compliance, including:
- The size and maturity of your organisation;
- The size and maturity of your sector; and
- The level of regulatory focus.
Hands down, though, the number one factor is the attitude of senior management.
Do they see compliance activities as no more than a necessary cost? Or do they recognise the advantages of a more proactive approach? One where compliance staff can offer real value to the business.
The Four Stages of Compliance Automation
At My Compliance Centre, we see compliance functions as being on a continuum of sophistication.
Which stage are you at?
Stage 1: Non-automated
Do you find you’re constantly updating spreadsheets? Forever chasing a response from colleagues?
You’re probably living in the world of manual compliance. A land where multiple versions of documents fly around and your emails get ignored. A realm where the compliance function is underinvested and siloed.
- Your compliance activities are largely reactive – there isn’t really time for anything else.
- It’s difficult to track actions and carry out reporting.
- And you’re not really helped by a Board whose likely attitude towards compliance is: “We do it because we have to.”
Stage 2: Basic Automation
Here, you’re using some RegTech. This tends to be for specific single-risk or single-process issues, such as anti-money laundering.
- Automation provides your company with a good level of resilience on a task-by-task basis.
- But you’re still using manual processing for many general compliance tasks (e.g. compliance monitoring, regulatory change management and reporting).
- And your compliance team is spending 20% or more of its time on administrative processing – time that could be better spent on value-adding activities.
Stage 3: Enhanced Automation
Now, you’re using RegTech for most of your compliance activities. This saves a lot of time and you’re able to carry out your daily processing and activities efficiently.
So, no more wrestling with unwieldy Excel spreadsheets. And no more wasting time sending email … after email … after email asking your colleagues to complete their attestations.
But while there’s some integration between different RegTech systems, it’s not quite comprehensive.
Stage 4: Adding Strategic Value
Congratulations, you’ve made it!
Your compliance processes are fully automated. They’re integrated into your company’s wider business processes. And your RegTech systems are integrated with each other – providing you with comprehensive regulatory risk metrics
- What’s more, senior management sees the compliance function as being of strategic importance to your firm.
- You play a key role in strategy planning and risk management.
- Your compliance monitoring aligns with other assurance activities (e.g. internal audits and risk management).
- And the culture is one of compliance staff adding value to the business. Manual-processing box-tickers, you are not
Enhancing the Compliance Function
OK, so you’ve mapped where you are on the continuum. How do you progress and reach the heights of stage 3 or stage 4?
Here are five practical steps you can take.
- When choosing RegTech, consider which systems offer the highest return on investment.
- Focus on automating those tasks that are most time-consuming and which present the most risk to your firm.
- Put in place task management systems that cover as wide a range of compliance tasks as possible.
- Ensure your task management systems are proactive, not reactive. So, instead of your firm relying on you to remind everyone what needs to be done, your systems take care of that for you.
- And make sure your compliance management systems support the activities you actually take as a compliance department – not what software developers or others might think you should be doing.
Time and Space for Skills Development
There are many automation options out there. But not all of them are strictly focused on compliance. For example, in the mainstream GRC market you will find risk-focused, governance-focused and internal audit systems, which have high levels of functionality but are not financial services specific.
In the RegTech financial services market, you also have a wide choice. But many systems focus on just a single function, (e.g. transaction monitoring or AML). They don’t address the broad range of challenges you face as a compliance officer. So, you need to make sure they can be integrated with other systems or if you invest in a single function system, that is indeed the best return for your money.
With an all-in-one platform like My Compliance Centre, however, your compliance management is fully automated. You gain control. Peace of mind. And the time and space to develop your skills.
So, where before you might have been the world champion at using Excel, now you’re on your way to becoming the world champion at identifying regulatory risk and future regulatory opportunities. And you can offer your colleagues valuable commercial support.