Compliance modernization is no longer optional
How evolved is your approach?
Compliance modernization is a broad mandate that spans the way the function is governed; the tools, technology, and analytics it uses; the number and nature of its connections to other parts of the business; the expectations assigned to it; and more.
The compliance evolution
Executing on day-to-day compliance activities is a struggle because reactive issues eat up time that might otherwise be used toward forward-looking risk mitigation. The evolution of business adds new pressures for chief compliance officers (CCOs) and their teams. At the same time, new capabilities emerge that can help these teams do more. For some organizations, across-the-board change is in order. Others may have evolved their programs already, but stand to benefit from a corresponding update to discrete capabilities.
For too long, many compliance professionals have been focusing on point solutions and analyzing tactical, transactional data in search of what went wrong. It is time for the compliance function to change its focus from hindsight to foresight and driving insight, teaming with the business to enable growth while at the same time mitigating risks. This will require investment in technology, adoption of improved processes, and deliberate focus on what data the business, risk, and operations can contribute to developing more predictive insights. This is not about building more, but rather taking a critical review of what exists and rightsizing administrative practices or bolt-on solutions in favor of a more strategic and rationalized approach.
Beyond the basics
The foundational aim of any compliance strategy will always be simple: to mitigate risk and comply. External authorities have rules and every organization needs to devote effort to understanding them, following them, and documenting that they have done so. Internal mandates arising from risk trends, ethics considerations, coordination, and other concerns drive compliance in similar ways.
In today’s practice, a “foundational” compliance program does far more than that theoretical minimum. Yet it remains at one end of a progression. Each organization can determine how far it needs to evolve—whether it wants a reliable compliance vehicle or a top racing model. But to enter the realm of value creation, few organizations can afford to stick with the status quo. As an organization moves along the curve, much more becomes possible.
The next phase
A compliance modernization program that combines new technologies and new approaches, keeping both of them in alignment with enterprise goals, can generate a measurable value proposition for the compliance function—and turn the CCO into a strategic partner.
With new capabilities, the compliance function can claim a renewed business case. It can deliver a positive return on investment (ROI), rather than merely justify itself as an expense of doing business. But to make this happen, organizations’ compliance strategy should be integrated and aligned with the overall business planning process. That’s the only way to make sure that the value compliance generates is consistent with the organization’s goals.
How can compliance ROI be measured?
- Being proactive and predictive. How much of compliance’s ongoing testing and monitoring has been automated or enabled through analytics? Have the numbers of preventative controls or related risk mitigation routines increased year over year? Has this led to an increase in compliance adherence or reduced reputational and regulatory compliance risk?
- Staying out of the penalty box (compliance effectiveness). Has compliance reduced the number of internal audit observations and findings, regulatory observations and issues, or the baseline volume or trend of customer complaints?
- Efficiency of compliance. Do the first and second lines coordinate in testing activities, processes, or controls? Is the annual compliance testing plan completed each year with enough additional capacity to take on urgent requests?
- Quantifying compliance’s value. Does compliance enable growth or opportunities for process optimization and/or control rationalization relative to risk mitigation and/or regulatory change?
- Integration with the business. Is compliance helping the business use risk management to drive value by providing insights that contribute to effectiveness?
The bottom line
In modernizing compliance, companies should be mindful of the difference between enhancement and evolution. Between a “more, better, faster” version of the old approach and a genuinely new version.
To reach the highest stage of evolution, a CCO has to embrace a new vision of where the compliance function fits in a company’s strategic and leadership picture. In this vision, “fewer negatives” are no longer a sufficient return on the investment the company makes in compliance. Instead, an evolved compliance function can help bring measurable, positive value to decisions it hasn’t always participated in—such as product lineup, market definition, and operational methods.
Every company and every compliance function have a starting point somewhere on this evolutionary scale. Wherever your company is starting and wherever it is headed, building value creation into compliance can help shape your progress.