working in compliance vs. working on compliance
DESCRIPTION
Working in Compliance vs. Working On ComplianceTRANSCRIPT
Enterprise Risk and Compliance Management
Working in Compliance vs. Working On Compliance
Ed Sattar, CEO, 360factors inc.
Page 2
Outline
A. Regulatory Change and Corresponding Risk Factors
B. Why Implement a Regulatory Change Management System
C. How to Implement a Regulatory Change Management System
D. How to Facilitate Regulatory Change Management
E. How Automation and Software can Improve your Compliance Program
A. Regulatory Change and Corresponding Risk Factors
Page 4Source: Davis, Polk Dodd-Frank Infographics
Regulatory change is significantly impacting organizations and their policies
Page 5
Regulatory Change Impacting Policies
Source: Thomson Reuters
Page 6
Rising Regulations and Cost
Page 7
Top Regulatory and Financial Crime Risk
• Smuggling of Products
• Misreporting IncomeTax Evasion
• Counterfeiting
• False Representation
• Abuse of Position
Fraud
• Governance
• Democracy and Fragility
• Bribery
Corrupt Practices
Money Laundering
&Financial
Crime
Page 8
Operational Excellence Risks - Executive Level
1. Strategic Objectives and Goal Alignment
2. Performance and regulatory risk metrics not tied to P&L
3. Lack of visibility of risks across all functions and departments through a single platform
4. Developing & Training People
Page 9
Operational Excellence Risks – Functional Manager
Model of operational excellence
Compliance Oversight and Escalation
Day to Day Compliance Tasking
Risk Monitoring
Corrective and Preventive Actions
Policy and Procedure Management
Audit Management
Training Management
Other Industry Pain Points
B. Why Implement a Regulatory Change Management System
1. Understanding Regulations - Over or Under complying is expensive
2. Regulatory applicability and managing regulatory changes - Organizations need to be able to proactively react to risk and business change
3. Automating and streamlining day to day compliance - Excel and paper-based compliance programs are antiquated and insufficient to implement a robust program
4. Regulatory change management needs to be defensible
Reasons to Implement Regulatory Change Management
C. How to Implement a Regulatory Change Management
System
1. WHY = Regulatory change management
2. WHAT = Risk and internal controls
3. HOW = Operational excellence and workflow
4. WHERE = Location / Assets
5. WHO = Mapping Roles / Key Management Functions
to Metrics & P&L
Enterprise Risk and Compliance Management Model – Five Steps
Page 14
Regulatory Change
Management
Operational Excellence
and Workflow
Risks & Internal Controls
Organization – Roles and
Key Management
Functions
Location/
Assets
Enterprise Risk and Compliance Management
Methodology HOW
WHY
WHAT
WHO
WHERE
D. How to Facilitate Regulatory Change Management
1. Strategic objectives, goals, regulations and standards library management
2. Parse the actions from requirements: who, what, when, where, and frequency.
3. Monitor regulatory and management of change
4. Effective vs. Proposed.
5. Mapping- CAPA, policy procedures, evidence, checklists, and day-to-day compliance tasks to regulations or strategic objectives
6. Applicability
Step 1- Regulatory Change Management
COMPONENTS OF A REGULATORY CHANGE MANAGEMENT:
Regulatory
Change Manage
ment
Process & Workflow
Risk and Internal Controls
Roles and Responsibil
ities
Locations and Assets
WHY
Step 1a- Regulatory Change ManagementEFFECTIVE AND MATURE REGULATORY INTELLIGENCE DELIVERS:
Regulatory IntelligenceMaturity Delivers ...
Holistic awareness of goals and changing regulatory risk
Alignment of culture and policy
Risk-intelligent decision-making
Accountability of regulotry change risk
Multidimensional regulatorion analysis and planning
Visibility of risk as it relates to performance and strategy
Page 18
1. What is impacted? Environmental Risk Financial Risk Legal Risk Reputational Risk Operational Risk
2. Define internal controls Identify Assess Mitigate Monitor Recordkeeping
3. Define risk levels Which details impacting factors Is based on a systematic
process allowing the organization to prioritize more efficiently
Effectively assesses issues requiring immediate action.
Step 2- Risk & Internal Controls
Regulatory
Change Manage
ment
Operational Excellence
and Workflow
Risk and Internal Controls
Reporting – Roles and
Key manageme
nt Functions
Location/ Assets
WHAT
Page 19
Step 2a- Risk & Internal Controls
Regulatory
Change
Management
Operational
Excellence and
Workflow
Risk and
Internal Controls
Organization – Roles
and Key Managem
ent Functions
Location / Assets
Small Workforce Large Workforce
Hig
h R
isk
Low
Ris
k
Simple
to
complex
WHAT
Step 2b- Risk & Internal Controls
What is management’s responsibility with regard to internal controls and reporting?
What is audit’s responsibility with regards to internal controls and reporting?
What is the board’s responsibility with regards to internal controls and reporting?
Regulatory
Change
Management
Operational
Excellence and
Workflow
Risk and
Internal Controls
Organization – Roles
and Key Managem
ent Functions
Location / Assets
WHAT
Page 21
Weak Technology• Documents& spreadsheets• Email for workflow & tasks• No audit trail or accountability
Moderate Technology• Basic workflow & task management• No regulatory content feeds• Audit trail for accountability
Strong Technology• Enterprise workflow• Integrated and actionable regulatory content with
policy management• Closed loop process – everything integrated into
one platform• Indexing of regulations to other policies
Small Workforce Large Workforce
Hig
h R
isk
Low
Ris
k
Step 2c - Risk & Internal Controls
1. Business Process Impact, compliance process around sites, assets, events , timely decisions
2. Process automation and cost
3. Manual vs automation
Step 3- Operational Excellence and Workflow
Regulatory
Change Manage
ment
Operational
Excellence and
Workflow
Risk and Internal Controls
Organization – Roles and
Key Management
Functions
Location/ Assets
HOW
Automate corrective action to increase speed, eliminate waste and cut costs
Automate scheduling, tasking and tracking
Embed transparency and accountability
Automate management of change
PROCESSESS THAT CAN BE AUTOMATED
PROCESSESS THAT CANNOT BE AUTOMATED
Determining Applicability
Subject matter expertise
Step 3- Operational Excellence and Workflow
Regulatory
Change Manage
ment
Operational
Excellence and
Workflow
Risk and Internal Controls
Organization – Roles and
Key Management
Functions
Location/ Assets
HOW
1. Where is compliance being done?
2.Are risks and specific driving factors mitigated by location, asset, activity, product or service?
Step 4. Location & Assets
Regulatory
Change Managem
ent
Operational Excellence
and Workflow
Risk and Internal Controls
Organization – Roles and key Management
Functions
Location / Assets
WHERE
1. Why is it important to define the roles and responsibilities before you create a Regulatory Change Management Framework?
2. What are the barriers to creating a Regulatory Change Management Framework?
3. Is there a specific role and responsibility structure or can it vary from organization and industries?
Step 5. Roles & Key Management Functions
Regulatory
Change Managem
ent
Operational Excellence
and Workflow
Risk and Internal Controls
Organization – Roles and Key
Management Functions
Location / Assets
WHO
1. What are key roles and structure?
2. What are the key functions?
3. What are the key actions?
4. Outcome / Results
COMPONENTS OF ROLES AND RESPONSIBILITES
Step 5. Roles & Responsibility
Regulatory
Change Managem
ent
Operational Excellence
and Workflow
Risk and Internal Controls
Organization – Roles and Key
Management Functions
Location / Assets
WHO
E. How Automation and Software can Improve your Compliance
Program
1. Is technology perceived as a catalyst for growth and performance?
2. Are people or technology barriers to regulatory compliance automation?
Automate Regulatory Compliance Through Software
Regulatory Change
Management
Operational Excellence and
Workflow
Risks & Internal Controls
Organization – Roles and Key Management
Functions
Location/Assets
Page 29
Source: Global survey by KPMG, Inc
BENEFITS OF AN INTEGRATED MANAGEMENT SYSTEM
Automate Regulatory Compliance Through Software
Page 30Source: Global survey by KPMG, Inc
Automate Regulatory Compliance Through Software
Predict Risk
Productivity
Agility
Quality
Efficiency
Excellence
Compliance
Operational Excellence
Sustainability
Increased Margins
BENEFITS OF AN INTEGRATED MANAGEMENT SYSTEM
Page 31
Technology provides automation and tracking to be successful
Page 32
Measuring the value of Risk & Regulatory change management
