Get Compliance Straight – The Need to Automate
I am reluctant to start off the New Year with a negative comment or posting. But I have a significant concern about the path and current state of ethics and compliance.
From my vantage point, I have always been inspired by the forward momentum of the compliance profession. We have witnessed the unprecedented growth of the compliance profession – over the last twenty years, the compliance profession has risen from the backwater of the corporate governance world – akin to Milton in the ever famous and hilarious movie Office Space (here). Compliance has been poised to take on more and embed itself in the senior C-Suite office space.
But something is happening here and I am not quite sure how to describe this new trend. Some compliance officers are rising – while others have paused (or some are even falling behind).
What is the reason for my observation and concern?
First, let me start with an important survey conducted last year by NAVEX Global (here) concerning the two most significant attributes/predictors of an effective ethics and compliance program and overall job satisfaction – senior management buy-in and automation.
Second, while we all know and understand the importance of senior management commitment, this is a critical factor that either exists or is absent and rarely can change without a change in individual leaders. That is not my focus.
My concern is that compliance officers have not fully embraced the benefits of automation. Do not get me wrong – I am not suggesting that compliance officers have to become Mr. Robots or automatons; rather, I expect compliance officers to seek out cost-effective solutions, to implement them and then rearrange their time and resources to address other issues with a risk-based focus.
Instead, what I am observing (and hearing) is a failure to embrace technologies as a solution. Again, there are a number of high-performing programs that have implemented sophisticated, data-driven compliance solutions and tools. For the average compliance department, however, things are not moving so fast.
In many situations, I am sorry to hear that management resists spending a modest amount of money to implement technology solutions (circa $100k) and compliance officers are regularly frustrated in their attempts to bring new solutions to the compliance table. In other cases, compliance leaders are not taking the time nor investing the effort to identify possible solutions and relying on tried and true paper-based systems (i.e., using Sharepoint is the only “technology-based” system). This is extremely disappointing and reflects a fundamental loss of nerve and/or energy.
Compliance leaders have to redouble their efforts. This should be the year of compliance automation and moving a compliance program along. Automation is critical for compliance efficiency and it is essential to generate data and begin real measurement and monitoring of your compliance program.
As a basic New Year’s resolution, I urge CCOs to ask themselves some basic self-assessment questions:
- What compliance functions currently rely on automated solutions? (e.g. hotlines and case management; gifts, meals and entertainment; third-party risk management; conflicts of interest; and policy management).
- If your answer above is 0 or 1 functions, please proceed to A below – the Luddites.
- If you answer is two or more, please proceed to B below – the Star Wars generation.
Answer A – The Luddites: Recommendations
- Identify all the compliance functions currently completed on a paper-basis.
- Rank the functions based on time spent and resources allocated to complete (estimate compliance person hours)
- Collect benchmark data from comparable compliance programs concerning extent of automated solutions.
- Identify and solicit estimates from appropriate vendors as to cost to implement and timing.
- Prepare business case for at least two automated functions and goal for implementing this year.
Answer B – The Star Wars Generation
- Demonstrate “success” and overall improvement from reliance on existing automated solutions and solicit support from business.
- Identify the compliance function that is most resource intensive from the list above and calculate rough number of compliance person hours devoted to the task.
- Solicit vendor proposals and estimates for additional automated solution.
- Prepare business case for next automated solution tied to increased efficiency and improvement in business integration, enhanced monitoring and measurement capabilities and reduction in compliance person hours devoted to function.