There aren’t many certainties in business but the need to adhere to a multitude of risk, regulatory and compliance obligations is one such constant. Regulations can span financial, export, data, legal, consumer and market based rules that touch on all aspects of an organisation’s operating model. Regardless of the macro-economic climate, the need to comply is an accepted cost of doing business. However, this compliance cost is also a source of competitive differentiation, especially when digital and data advances can reduce this cost of compliance and generate business benefits.
The digital compliance advantage
Compliance can always be achieved through manual means but would require an army of people, a mass of spreadsheets and a loss of control effectiveness. Increased regulatory demands have now rendered a manual approach ineffective and unsustainable. Automation of aspects of the regulatory compliance process is the only means to satisfy demands from external regulators.
As an illustration, for one client their year 1 regulatory reporting requirement called for the production of 120 quarterly and annual reports within a 4 week turnaround time. In year 2, the intensity of reporting increased by an order of magnitude coupled with a reduced cycle time – this was only achievable using a digital regulatory compliance solution which in turn reduced costs.
It’s about the data, stupid
Regulatory compliance ultimately depends on demonstrating a state of compliance through reporting and audit based assurance. The reporting aspect naturally lends itself to a degree of automation, however given the external scrutiny there is a need to avoid ‘rubbish data in and rubbish data out’ reporting.
Data is critical and effective management of the identification, creation, ownership, sourcing, extraction, transformation and publishing lifecycle is key. Don’t be fooled by automated solutions that promise to deliver end to end reporting and compliance – these are only as effective as the data and business process controls for data. An end to end competency set is required that calls upon:
- Understanding your business data and having named business owners of data
- Having data available at the right quality and level of granularity
- Sourcing, extracting and transforming data from corporate systems or end user applications
- Leveraging digital automation to reduce costs especially where there are a high number of reports/ high frequency of reporting, short turnaround times or a need to automate controls
- Designing re-useable digital services that can deliver business value benefits beyond compliance e.g. for faster financial close, powering analytics or business intelligence
Using digital for risk and regulatory compliance is compelling and from my experience of implementing digital regulatory solutions, the critical success factors are:
- A data driven project – start with the end in mind and structure regulatory projects around the identification, ownership, sourcing, extraction, transformation and publishing of data. The business and project roles through this lifecycle must be agreed upfront and an early pathfinder activity setup, to assess the extent of available data and initiate data gap remediation upfront.
- Right skills, right knowledge – do not underestimate the need for business subject matter expertise as well as data architects to make sense of data. The former are constrained by operational business demands, so backfill strategies may be most effective. The latter are available in the marketplace but can become scarce in times of industry wide regulatory initiatives.
- Scalable digital solution – any digital enabled solution should address immediate compliance needs whilst aligning to strategic needs e.g. MI, analytics and big data. A scalable architecture is required that de-couples source data systems from the digital automation solution to easily manage future change.
- Flexible delivery – regulatory compliance programmes have a fixed end date commitment to an external regulator. Unlike other change programmes, the option of sliding or slicing up delivery is not a viable option. Plan Bs should include tactical approaches for Year1, part-automation for complex or material areas only and a risk based approach to testing of high data volumes.
Digital is a key enabler and benefit driver for regulatory compliance, serving to reduce costs of compliance and provide competitive advantage. If you’re not using digital for risk and regulatory compliance, then think again because your competitor already is.