Organizations are swamped with a growing number of regulatory changes. A recent article in the Washington Post pointed to the constant rise in the average number of major federal regulations with each recent administration—from 27 per year under President Clinton to 44 per year under President Obama. Research consistently shows compliance professionals predicting that their companies will need to increase the amount of time and resources required to comply with changing regulatory requirements. In a 2012 congressional hearing of the Independent Community Bankers of America, presenters cited 921 documented compliance changes in four years, leading senior executives to now spend an estimated 80 percent of their work time on compliance-related issues compared to 20 percent three years ago, with loan originators likewise spending 30-35 percent of their time per file on compliance, compared to 5-10 percent in the past.
New laws, regulatory changes, increased oversight and court rulings have serious implications for entire companies, from boards to management to lines of business and ultimately, individual employees. In addition, regulatory compliance reaches beyond the walls of a corporation to the extended enterprise: companies need to oversee third-party relationships as they would any other division of their organization. The advent of “Big Data” is further complicating matters, as companies struggle to decipher information previously buried in spreadsheets, emails and other documents. According to industry pundit Michael Rasmussen of GRC 20/20 Research, financial services companies report that risk, compliance and audit staff spend as much as 80 percent of their time managing documents and reconciling information and only 20 percent of their time actually managing risk and compliance.
As business has become more regulated and the cost of compliance continues to rise, so have the concerns, costs and risks of non-compliance. In a 2012 risk survey by the Association for Financial Professionals, 70 percent of chief financial officers reported that they expect regulatory risks will have a significant impact on earnings. The much publicized Foreign Corrupt Practices Act (FCPA) troubles of multinationals such as Wal-Mart, with its corresponding legal costs reaching up to $604,000 per day, have done nothing to allay those concerns.
Technology, while not the whole solution, must be part of the solution. The complexity of today’s regulatory environment, the impact of regulations on an organization and the penalties for non-compliance cannot be addressed without appropriate policies and technology to intelligently automate and manage those policies.
Ten years ago, in the wake of Sarbanes-Oxley, industry visionaries were writing about the nexus of law and technology; the regulatory compliance landscape meant that compliance officers needed to become technology savvy and that IT professionals would have to go to law school. Yet today, the majority of compliance officers acknowledge that they’re still trying to manage significant portions of their compliance programs without appropriate technology. So why are companies apparently reluctant to adopt technology for compliance? Recent analyst research points to 80 percent of chief legal officers suggesting that they have no formal support from IT. And the tools themselves represent yet another problem. Companies have made significant investments in enterprise tools, such as enterprise resource planning or e-procurement software, that were never designed to address ongoing compliance issues. One of the biggest gaffes a company can make is purchasing technology to address compliance without understanding its business requirements. At least 50 percent of Hiperos’ clients report that they have tried—and failed—to address third party compliance by using products that are just not designed to do the job.
Given the complexity of the regulatory landscape and the specific requirements for different industries, a “one size fits all” approach is doomed to fail. Companies are increasingly looking for best of breed technology to address specific business requirements. Appropriate technology, managed strategically with process and information, can significantly reduce a corporation’s regulatory burden in terms of time, cost and risk.
Compliance programs generate considerable data. Without appropriate technology, organizations run the risk of being data rich but intelligence poor. Appropriate tools are essential for fast access to summary and granular information. Without appropriate technology, it’s almost impossible to understand what is behind the data, to measure and monitor compliance programs, and to generate the types of reports and dashboards required by management or the board. If you can’t access or interpret data generated by your compliance programs, how do you know whether such programs are effective?
Technology implemented to manage, monitor and report on regulatory compliance may also allow organizations to more effectively manage their corporate compliance programs, such as delivering training programs or managing attestations to codes of conduct documents. Technology can also help not only to drive down compliance costs but to drive up revenues: technology that manages supplier risk and compliance with regulations and agencies as diverse as the Consumer Financial Protection Bureau, the FCPA and Dodd–Frank Section 1502 (conflict minerals) may also help manufacturers decrease inventory by increasing their on-time deliveries or reducing defects.
As has been demonstrated time and again, regulations and policy do not eliminate bad behavior. However intelligent technology implemented appropriately to automate and enforce policies, ensure consistency and objectivity, and remove the probability of human error considerably reduces an organization’s risk of regulatory non-compliance. For heavily regulated industries such as financial services, technology allows an organization to stay ahead of regulators and be fully prepared for examinations. For other industries, as seen in the case of FCPA declinations, it allows the organization to take the high ground and salvage its reputation while allowing any blame to fall on specific individuals. In 2013, not adopting available and proven technology always shows the company in a bad light: you either look incompetent or fraudulent, neither of which is an attractive option.