How compliant is your business today? 3 reasons why this remains a hard question to answer!
When it comes to compliance risk, several things are not in dispute:
- The fact that it is an existential risk.
- The fact that people should and do take it seriously.
- The fact that businesses everywhere are investing a lot to manage this risk.
Why then is it still so difficult to get a clear response to the following question: How compliant is your business?
Now, if you happen to be a compliance professional reading this, you must have just asked yourself that same question, followed by this one: why don’t we know?
Granted, this is a difficult question to answer. But it is one that needs to be answered because you cannot manage a risk you have not measured. When it comes to compliance risk, not measuring your risk can and does translate into serious consequences for a business, its management team, and its shareholders.
Here are 3 reasons why you may not have clarity about your compliance status:
- You have not identified all of your obligations: The starting point when it comes to managing compliance risk is to identify all of the key obligations that impact your business, right? Well, easier said than done. Most compliance teams struggle to maintain a register of the key regulations and obligations that matter to their businesses. Why? Because the process of reviewing regulations, identifying and extracting obligations for implementation is an unbelievably time-consuming and painstaking process. You can’t expect to measure your compliance risk if identifying your obligations is a near-impossible task in the first place.
- You have not mapped your procedures: Now, let’s assume you have done a reasonable job identifying your obligations. Following that, you have got to document the procedures you have in place to meet each of the key obligations that impact your business. Ideally, you would be mapping these procedures to your obligations to ensure that you have measures in place to achieve compliance. The issue however is that mapping is hard to perform especially if you have ‘some’ of your obligations in a spreadsheet and your procedures in another document. If you can’t tell for sure if you have procedures in place to meet your obligations, don’t you think it’ll be quite difficult to even begin to measure your compliance risk?
- You have not been monitoring compliance: The thing about compliance that some people still don’t seem to get is that it’s an ongoing process. You’re not suddenly compliant just because you have procedures in place. Compliance begins AFTER you have identified your obligations and documented your procedures. The onus is on the business and responsible stakeholders to ensure that their procedures are adequate and that they are in fact complying with these on an ongoing basis. The key question here is: how often do you monitor how well the business and key stakeholders are complying with internal procedures? No credible compliance professional will doubt the necessity of performing ongoing compliance monitoring, but their complaint will be the same: it’s not that we don’t want to do it, we just don’t have the means to do it.
Most of the compliance folks we speak to are still relying on excel. spreadsheets to manage their regulatory obligations. Now, you might be surprised to learn this, but: excel spreadsheets weren’t designed for compliance risk management. Don’t take our word for it. If you’re a compliance professional or have ever had the ‘opportunity’ to implement regulations, just ask yourself how much time and effort does it take to build and maintain an obligations register, to document, map, and assign your procedures, and to collaborate on maintaining this on an ongoing basis? And what about ongoing regulatory change management?
If you’re not using the right tools in the first place, can you really complain about the results? Or in this case: the absence of a result. We believe regulated financial institutions need to be able to confidently answer when asked about their compliance status.
With our solution MICA, compliance teams can now build and maintain regulatory registers, employ an intuitive workflow solution to implement regulations, and automate compliance monitoring. This means not only do compliance teams now have access to a solution to measure and monitor compliance risk, but they also have an end-to-end regulatory change management solution.
Most importantly, they’ll have a good answer when asked: how compliant is your business?