pexels-photo-1323550

Why companies need a single standardized compliance lifecycle

Lance Mercereau
Lance Mercereau
18 September 2019

Here is the bold statement of the day: the lack of standardized processes, methodologies and definitions have resulted in making compliance extremely complex and costly for companies.

Conversations with compliance professionals from different industries reveal that there is no universally common compliance management lifecycle.

This is a surprise because if you look at colleagues in other functions, you will know that they a holistic view of the employee, customer and supplier lifecycles:

  • Human resources: Recruitment ⇒ Selection ⇒ Performance ⇒ Development ⇒ Succession ⇒ Transition
  • Marketing: Awareness ⇒ Research ⇒ Selection ⇒ Buy ⇒ Use ⇒ Experience ⇒ Loyalty
  • Procurement: Registration ⇒ Selection ⇒ Onboard ⇒ Assessment ⇒ Development ⇒ Phase-out

But what about compliance?

In today's world of high uncertainty, rapid economic changes, and increasingly complex regulations, compliance is required for business success. Juggling the requirements of industry regulations, data privacy laws, and government mandates is no easy task, and maintaining ongoing compliance is complicated by constant changes, amendments, and overlaps.

What's more, as regulations increase, the resources needed to comply with them increase as well – and so do the stakes. Failure to comply with regulations can lead to disastrous consequences including large financial penalties, business shutdowns and reputational damage.

For these reasons, it’s vital to develop and manage data, processes and people throughout the entire compliance lifecycle.  But you may ask, what are the stages of the compliance lifecycle?  Depending on who you talk to, there are different views on this subject. For this article, we have proposed seven stages, which are defined as:

  1. Track regulatory changes
  2. Assess compliance-related risks
  3. Monitor and test controls
  4. Report regulatory compliance status
  5. Manage compliance obligations
  6. Advise and implement compliance change
  7. Manage regulatory and stakeholder relations

Once we know the stages, we’re able to assess the effectiveness of our compliance program and our capabilities in order to better understand gaps or weaknesses.  Let’s first take a quick view of the technologies used at each stage of the compliance lifecycle and the data that is required to support decisions and systems and tools.

Compliance Lifecycle Stages

Historically, compliance professionals have been part of legal or risk teams, leveraging pre-existing tools and processes.  As a result, many compliance specific technologies, processes and best practices have yet to be developed, and codified, to the maturity of other business functions and capabilities.

For example, as you will see from the diagram below, of the seven stages in the compliance lifecycle, there are mature software solutions for just two of the stages – horizon scanning software to monitor regulatory changes and case management to maintain policies, regulatory rules and codes of practice.

The other five stages (risk assessment, monitor and test controls, regulatory reporting, compliance advisory and regulatory relations) are predominately manual processes.

 

Lifecycle stage

(1)

Track regulatory changes

 

(2)

Assess  compliance-related risks

 

(3)

Monitor and test controls

 

(4)

Report regulatory compliance  

 

(5)

Manage compliance obligations

 

(6)

Advise and implement compliance change

 

(7)

Manage regulatory and stakeholder relations

 

Technology

Horizon scanning software

Manual process

Manual process

Semi-manual process

Case management software

Manual process

Manual process

Description

Gather all new regulations, insights, advice and news from regulators, industry bodies and trusted advisors

Identify, prioritize, and assign accountability

Monitor, select and review processes to ensure compliance to external regulations, internal standards

Collect, combine and publish regulatory and process data from disparate systems

Identify and manage issues and concerns

Expert advice and commentary used to interpret regulatory changes

Many tools and systems are used to engage and record interactions with stakeholders

Type of data

Regulatory publications, news and advice

Regulatory publications, news, advice, internal policies, procedures, controls and risks

System usage, employee voice, electronic communication, business transactions, message logs, audit trails, training logs, declarations

Regulatory changes, risk management, controls, obligations, advice, stakeholder relations

Regulatory changes, risks, Q&A, advice

Human knowledge but which can and should be codified such as automating manual processes

Correspondence, meeting notes, scheduling appointments

Though not shown, there are fundamental business processes that support and enable each stage, including the storing, sharing and management of policies, procedures and other vital documents.

Compliance organizations spend tens of thousands of dollars on software and services to manage different the lifecycle.  However, many of the processes in these stages are manual, causing inefficiencies, delays and mistakes to arise that can be costly for companies. 

The only way to reduce the cost and complexity of compliance is to embrace a new way – and it starts with compliance professionals creating globally recognized standards including agreed compliance lifecycle stages and processes to be embedded in software platforms, augmented by artificial intelligence and human knowledge to ensure the right decisions are made at the right time.

Future Compliance Operating Model

Historically, compliance professionals would develop or buy a solution to support a specific stage in the lifecycle.  Today, this narrow approach limits the ability of compliance to see the wider picture because it’s costly and complicated to connect point solutions to connect the compliance lifecycle.

Fortunately, with the advent of cloud-based solutions in the last five to 10 years, cost effective solutions can be deployed quickly and efficiently, and adapted as needs change, to support decisions

In the past few years, visionary compliance organizations have moved from buying standalone point solutions to adopting cloud-based platforms that provide compliance capabilities delivered as modules, just as you would use apps on your phone to access, share and manage information with friends and family members. These modules can be implemented individually or as a group to provide the end to end compliance lifecycle.

This technological advancement which gives compliance professionals control over the turning on and off of capabilities depending on the maturity of their compliance organization without having to spend unnecessary money on software, is the beginning of the consumption as a service model

Most importantly, unlike standalone software solutions, a platform provides organizations with a fully integrated repository of data and business processes, so there are no gaps in the compliance lifecycle.

Just as marketing professionals use customer relationship management platforms, and procurement use supplier relationship management platforms, it’s time that compliance professionals start to use regulatory management platforms to effectively view and manage the entire compliance lifecycle.  

What’s Next

Compliance professionals must transform their organizations by embracing modern technologies.  The challenge for most is where to start on this journey. Here are a few recommendations to help you determine what you should do next to gear up your compliance capabilities, so you meet the growing expectations and needs of your business:

  1. Audit your organization’s compliance lifecycle to determine the gaps and inefficiencies at each stage.
  2. Identify what technologies, data and processes need to be sourced, implemented and improved at each lifecycle stage.
  3. Develop a transformation roadmap that outlines your strategy and plan to develop an end to end compliance lifecycle.
  4. Start small and focus on a single stage that will have the biggest and most demonstrable business impact before moving onto completing the entire compliance lifecycle.

Companies that develop a fully automated compliance lifecycle will not only improve the effectiveness of compliance but also reduce the cost and risk of complying with laws, regulations and standards. 

RequirementONE is passionate about empowering compliance teams with the tools and insights they need to succeed.  To this end, we believe that compliance professionals need to work closer together, so if you are interested in developing much needed vendor agnostic compliance standards and best practices, please contact us today at hello@requirementone.com.

About RequirementONE

Our vision is to provide every compliance organization in the world with actionable and personalized regulatory intelligence – streamed to all decision-makers employees and business systems. The fully managed RequirementONE platform uniquely simplifies compliance by automating the curation and distribution of actionable regulatory intelligence throughout the compliance lifecycle, lowering the cost of compliance management by 50%. To learn more, visit www.requirementone.com