Karl Hindle is a former auditor with Arthur Andersen & Co., and former partner of financial services firm, Andersen Hindle (UK). Today, he writes on the accelerating rate of compliance and regulatory change, and how digital automation can bake compliance processes into business processes, speed up report creation and notification, reduce the cost of audits and investigations, and free valuable compliance resources for deployment on proactive consulting and investigatory work.
Are you able to look your senior leadership in the eye and advise them that compliance is under control across the organization? How confident are you that compliance policies are being followed and enforced at every step within the business, no matter where the activity is taking place – at home office, regional or branch locations, or even overseas? In the court of public opinion, are you able to show you followed the law, paid the right amount of tax, exercised due diligence, and tangibly improved customer service?
The answers to these questions cannot always be an honest “Yes!” but you do the best you can.
Business activities are more regulated than ever before, and the authorities performing oversight have more power, authority and technology at their disposal. Regulators have also become much more aggressive in their approach too, while the pace of regulatory and legislative change has accelerated.
The Great Recession is still a painful recent memory, with consumers and voters attuned to the role of the financial sector in creating it, and also to multinational companies perceived to be avoiding paying their “fair share” of taxes, or offshoring domestic production and jobs. Compliance is not simply about checking off the boxes for a regulator or compliance team, but also to support the foundation of trust and credibility businesses need to engender with customers and society in general.
Accelerating Change in Compliance
Multinationals, in particular, and businesses more generally, are increasingly under the microscope of regulators, legislators and a multitude of NGOs (non-governmental organizations). Based here in the United States, I know only too well that if you build it, they will come – the IRS, FDA, SEC, EPA, DOJ, and so on. This is further complicated by the fact that operating in different jurisdictions means you are subject to differing rule books, and what is compliant in one country is not necessarily compliant in another.
Taxation is one area where an aggressive approach to collection has triggered increased scrutiny, and increased compliance complexity. For instance, the Organization of Economic Development (OECD) has created the BEPS action plan (Base Erosion & Profit Shifting), while in the United States FATCA (Foreign Account Tax Compliance Act) and the existing CRS (Common Reporting Standard) from the OECD, have all conjoined to significantly increase the tax compliance load.
These instances represent “rule load” or compliance burden, that is the work required to not only be compliant in fact, but also to demonstrate you are compliant. There is another type of load being created, and this is created by the application and adoption of technology by the regulatory authorities themselves. For instance, the British Inland Revenue service requires corporate tax returns and accounts to be filed electronically in a specific format (iXBRL), while Germany follows a similar practice. The Australian authorities are moving forward with electronic submission and information exchange (which, unsurprisingly enough, is developing compliance rules for said information exchange – compliance rules for compliance rules). This is serving to speed up information gathering, which feeds increased regulatory requests and demands, and is allowing the regulators to be more active, in turn increasing the load upon your business.
Digital Transformation and Compliance
We hear a lot about digital transformation, particularly as this is beginning to dominate IT budgets, while previously compliance has been a major priority in the wake of the Great Recession. This does not necessarily mean compliance teams are going to need to do more with less (though that is highly likely) as compliance processes and reporting lend themselves to digitization. Not only is there a plethora of recurring tasks which must be completed to set deadlines, but these are overwhelmingly rules-based too. The digitization of compliance will create administrative efficiencies (do more with less), however, the primary advantages are to deliver speed, visibility and enhanced reporting.
Visibility helps you answer some of those awkward initial questions we asked at the beginning of this post.
Are you compliant?
Probably, the most honest answer is, “I don’t really know – I hope so!”
By moving to ‘knowing’ where you are compliant, and where you are not, you open the window on business activities to highlight where compliance attention is required most. This helps with your risk mitigation, and now you can demonstrate compliance, but more importantly bring deficiencies to the attention of decision makers, together with objective evidence to justify investing more resources to correct them. [Incidentally, JobTraQ not only provides workflow visibility for operational and transactional managers, but there is a full audit trail of every keystroke and action within the system, including old versions, documents/artifacts, additions and deletions, no matter who has made them.]
Increasing the speed with which you perform compliance tasks means you have more time and resources available to perform more compliance work, or to move from ticking off check lists to taking a more judgmental approach to compliance. As the focus on IT spending continues to flow to digital transformation projects from compliance, compliance teams should be expecting to do more with what they already have in the medium term, but they will ultimately benefit from digital transformation of the whole organization.
Enhanced reporting is part of the product of gaining visibility into what is actually happening within your organization. The ability to pull data in and compile it into meaningful dashboards, scheduled and ad hoc reports using automation means a great deal of lag time and lost productivity is saved. As a former auditor, I know only too well how much time and effort goes into producing an audit package for internal and external audits, and as someone formerly regulated by the British Financial Services Authority, have a great deal of empathy for anyone dealing with paper-based systems for investment and mortgage clients. The ability to create customized reports from a universal work platform means these once-laborious compliance activities can now be produced with a few mouse clicks.
JobTraQ is the leading Lean BPM compliance and work platform, with a rich feature set for compliance process management and reporting.JobTraQ continuously enforces business rules and policies, including compliance or regulatory requirements as work flows through business processes. This effectively enforces compliance as and when work is carried out, recording every activity, including who did what, where and when.
Utilizing role-based permissions and meeting the exacting standards of ISO, ITIL, NIST 800-53, SOX, SAS 70 and others, it maintains a secure and complete record of all keystrokes and mouse click activity made by any user or Administrator. Active Directory synchronization and Single Sign On provides for network administrators to either use AD to create and enforce password policies, or to allow Administrators to create password policies to eliminate weak passwords vulnerable to hacking or attack. Digital asset management and access is centrally controlled and recorded as artifacts flow through business processes, together with archiving of multiple versions of all data used or held by the system.
Fully customizable reports can be automatically scheduled, or created ad hoc using parameters set by compliance and auditing teams, including for sampling and also for drilling into a very granular level to the smallest detail of what, who and when something happened. Alerts and notifications may also be set to be triggered, including automated email delivery to management and/or compliance officers.
Asset management functionality eases and simplifies custodial stewardship responsibility by ensuring you know what physical assets and resources are available, where they are, who is responsible for them, and how they are maintained.
To speak with a JobTraQ compliance expert, please call 1.866.640.2633 or complete the contact form below: