Organizations are swamped with a growing number of regulatory changes. A recent article in the Washington Post pointed to the constant rise in the average number of major federal regulations with each recent administration—from 27 per year under President Clinton to 44 per year under President Obama. Research consistently shows compliance professionals predicting that their companies will need to increase the amount of time and resources required to comply with changing regulatory requirements. In a 2012 congressional hearing of the Independent Community Bankers of America, presenters cited 921 documented compliance changes in four years, leading senior executives to now spend an estimated 80 percent of their work time on compliance-related issues compared to 20 percent three years ago, with loan originators likewise spending 30-35 percent of their time per file on compliance, compared to 5-10 percent in the past.
New laws, regulatory changes, increased oversight and court rulings have serious implications for entire companies, from boards to management to lines of business and ultimately, individual employees. In addition, regulatory compliance reaches beyond the walls of a corporation to the extended enterprise: companies need to oversee third-party relationships as they would any other division of their organization. The advent of “Big Data” is further complicating matters, as companies struggle to decipher information previously buried in spreadsheets, emails and other documents. According to industry pundit Michael Rasmussen of GRC 20/20 Research, financial services companies report that risk, compliance and audit staff spend as much as 80 percent of their time managing documents and reconciling information and only 20 percent of their time actually managing risk and compliance.
Ten years ago, in the wake of Sarbanes-Oxley, industry visionaries were writing about the nexus of law and technology; the regulatory compliance landscape meant that compliance officers needed to become technology savvy and that IT professionals would have to go to law school. Yet today, the majority of compliance officers acknowledge that they’re still trying to manage significant portions of their compliance programs without appropriate technology. So why are companies apparently reluctant to adopt technology for compliance? Recent analyst research points to 80 percent of chief legal officers suggesting that they have no formal support from IT. And the tools themselves represent yet another problem. Companies have made significant investments in enterprise tools, such as enterprise resource planning or e-procurement software, that were never designed to address ongoing compliance issues. One of the biggest gaffes a company can make is purchasing technology to address compliance without understanding its business requirements. At least 50 percent of Hiperos’ clients report that they have tried—and failed—to address third party compliance by using products that are just not designed to do the job.
Given the complexity of the regulatory landscape and the specific requirements for different industries, a “one size fits all” approach is doomed to fail. Companies are increasingly looking for best of breed technology to address specific business requirements. Appropriate technology, managed strategically with process and information, can significantly reduce a corporation’s regulatory burden in terms of time, cost and risk.