Compliance: Seeing the woods, AND the trees

Two thirds (65%) of businesses say that tech complexity makes governance issues worse. In an industry like financial services, this simply won’t do.

As FS and banking Chief Compliance Officers (CCOs) know, rapid deployment of new technology and processes since the pandemic has forced a complexity onto businesses which causes headaches for employees, from frontline staff to the board. Accountability is imperative when operations break down, stakeholders want to know that when something stops working, teams are dedicated to fixing it. The same is true for compliance.

One bank gets fined for breaching regulation and every CCO, at every other bank, leaps into action to find the non-compliant needle in a rapidly expanding haystack of processes.

But against the backdrop of complex and interconnected processes, how can compliance and operations officers work together to identify and address those processes that put them most at risk?

So, you’re worried about compliance?

What we know from our customers is that compliance teams have an arduous task on their hands. Not only do compliance failures cause short-term financial damage, there’s also a longer-term reputational damage that’s as-yet hard to quantify. The pressure rests on the shoulders of a back-office team, with a somewhat intangible success metric: stay compliant.

Once a bank is labelled as unable to abide by industry rules, customers, shareholders and competitors will develop hard-to-shift, negative perceptions. In an industry predicated on trust, this could be hugely damaging.

Financial services organisations should be worried about meeting compliance needs. But they don’t have to be kept up at night, if they have the right systems in place to manage their operations.

What can you do about it?

You can’t monitor what you can’t see. The first step in any journey to identify and address potentially non-compliant operations is to paint a picture of all processes within an organisation. This builds a strong foundation for the compliance team’s strategy.

There are many reasons to map processes. Firstly, and maybe obviously, identifying the least efficient processes shines a light on unnecessary costs such as bottlenecks and redundant exercises. Streamlining operations can be a key focus for process management activities – but that’s not what this article is about!

More relevant to compliance, it’s imperative to identify processes which have deviated from their approved [compliant] course. Processes can fall out of compliance for many different reasons: they might be antiquated, systems may stop working or employees may simply have more efficient ways of doing them. In most cases, employees may not be aware that their work-arounds have regulatory implications .

Setting parameters of acceptability through KPI thresholds helps to spot the most dangerous situations. In addition, having a view of processes that shows the degree of deviation, and the frequency of non-compliance not only paints the picture of ‘real-life’, it also identifies the scale of the compliance challenge, and therefore the urgency.

Visualising all of this: process flows, levels of deviation and automation tools, in a single pane of glass, makes data analysis and insight infinitely easier. This level of process intelligence is something that many businesses don’t have – but they can with a commitment to full process transparency and management in their organisation.

Compliance is non-negotiable, but where to start?

It doesn’t matter where you are in your compliance journey, it matters what you do next. Even the most competent, can’t become complacent, as the next unforeseen challenge might be just around the corner.

Implementing standardised formats across the business helps with compliant process creation, monitoring and management. Applying a clear standardisation policy for processes at the start of operations means that as the organisation develops, it’s much easier to ensure new processes are created in the way that they should be. AI can be a powerful tool here – not only helping any employee build a new process, but if it’s trained correctly, an AI will only create compliant processes.

The next stage is educating those who are directly responsible for managing these processes. Understanding why processes have been created, how they’ve been designed with reporting and analysis at their core, and the business criticality of ensuring compliance, creates a culture of awareness and responsibility.

Taking this a step further, educating teams to be aware of these regulations and how their specific role can affect the business’s compliance with them can illustrate this point further. Once these steps have been taken, it shouldn’t be a flash in the pan, but a continuous process. Just because a problem has been addressed once, doesn’t mean it’s addressed forever.

Introducing an audit into annual, quarterly, even monthly reports keep the issue top of mind for all employees. Furthermore, once these processes have been established, there is room for automation to take over. Instead of creating a new workload to distract already stretched teams, leaning on automation technologies which can flag the most at-risk processes would streamline the entire compliance journey.

Furthermore, organisations can use historical and market data to identify patterns in the sector, to anticipate changes to laws and get ahead of regulators by reporting on important, but not enforced, processes and operations.

Where does that leave us?

Regulations seem to be changing everyday. Whether it’s new privacy directives being issued to combat tech-creep, new international law affecting data movement, or even new interpretations of established laws, companies have a lot to keep on top of. The constant that we all have to be reaching for is transparency.

Bringing all processes to the fore, with a clear view of which are most at risk, and which are the most urgently out of compliance, can help organisations to build a strategy and assure stakeholders that they are compliant, proactively managing risk and ensuring a stable, positive future for the business.