Compliance, the great unknown
Compliance is a hot topic, most will immediately agree with that. We see a rapidly growing demand for compliance automation solutions, and we're excited that our focus on this has been recognised in the Compliance Management segment of the Medici Global RegTech Top 21 Report .
There is however a challenge with this kind of segmentation of tech solutions. Over the years we have noticed a general misconception of the word “Compliance” from the business, and many people are scared to ask the basic question: “What exactly is compliance?”.
I can’t count the number of times I have been asked: “Do you have compliance dashboards?” My reply is always the same: “Yes, but what does Compliance mean to you?”. Often, I can’t get a straight answer. This is why working side-by-side with a client is a must, as we help clarify this question before designing the solution. Our objective should always be to help identify specific goals and challenges in compliance matters.
“Compliance has meaning only in the context of specific business activity”
When people talk about Compliance they automatically think of the financial sector. Understandable of course as financial sector compliance is a well-known topic so we are “pre-programmed” to think that. But if you think about what Compliance really means, it is much broader than that. According to the Cambridge Dictionary compliance means, “the act of obeying an order, rule or request”.
The international compliance association is more specific:
“The ability to act according to an order, set of rules or request. In the context of financial services businesses compliance operates at two levels:
Level 1 - compliance with the external rules that are imposed upon an organisation as a whole Level 2 - compliance with internal systems of control that are imposed to achieve compliance with the externally imposed rules.”
What is common in these descriptions is that they both essentially define it as “Obeying rules”. When we look at businesses, every business is subject to rules, but the rules will be different for each of them.
If you operate any company in any sector, you have to follow the rules stated by the applicable Company Law. For example, you must submit your annual accounts to the trade register within a certain period of time, and if you are a public company you must comply with several rules for the oversight of the company, such as audit and annual shareholders meetings.
When we start looking through the lens of an industry, we see that the rules multiply. Let’s think out of the box for a moment and look at other industries and draw some conclusions that will help us to understand what compliance is really all about.
Take the food preparation, the aviation and the oil and gas industries. You would think that they don’t have anything in common, but when looking into them, you’ll see similar patterns. They all have to comply with lots of rules in order to perform their activities successfully and these rules exist to mitigate certain risks. They all need to follow a common process (in their business) so they can identify potential issues before they happen and have an action plan ready to mitigate them and make the right decisions.
For example, if you would think that food preparation is not a regulated industry you would be wrong. In fact, a food preparation business needs to respect tons of rules. One of the things that worry restaurants is the health inspector showing up and checking the place. Is the kitchen clean, do they apply their own Hazard Analysis and Critical Control Points (HACCP), do they have work safety measures in place to protect staff in the kitchen?
Restaurants have specific rules for storage, for example, you can’t store cleaning products on a higher shelve than the food ingredients is, because of potential leaks on the food. When a restaurant receives supplies, they have to put it in the register, specify when they received it, the expiration date, they have to label it, they have to use closed containers to refrigerate it, just to mention a few. For restaurants, respecting these rules is the very definition of Compliance, and it doesn’t have anything to do with “know your client” which is much less relevant for these businesses. It would be funny if a restaurant would ask a guest for their source of wealth before paying their meal, a standard control that a bank needs to do for every client that they have.
If we go to the aviation or the oil and gas industry they also have an unbelievable number of regulatory rules. Did you know that they are more regulated than the financial sector?
Looking at the oil and gas industry, a case that comes to my mind is the oil spill disaster of BP, which has been the largest marine oil spill in history and on which the company was negligent for not following the appropriate controls. For this reason, they had to pay more than US$60 billion in criminal and civil penalties, natural resource damages, economic claims and cleanup costs. This incident shows the difference between doing, or not recording your controls. Accidents can still happen, but the whole point of Compliance and Risk Management are that these rules are there for a reason, to minimise risks and potential issues as much as possible and to have a framework to identify quickly what might go wrong and take action immediately.
How to approach Compliance to drive impactful decisions
Compliance has different meanings to different people even inside one company. Going back to the financial sector, and more specifically Asset Management, compliance means something different to a Portfolio Managers than to an AML, Anti Money Laundering Manager. For Portfolio Managers, Compliance includes monitoring investments in the portfolio and comply with the regulations like UCITS and AIFMD in addition to self-imposed investment restrictions. For the AML Managers, Compliance is about the monitoring of investors flows, KYC, knowing where the money comes from, monitoring transactions, etc.
That’s why is so important for us to identify our clients' needs, to really understand if there is a challenge and what they want to achieve. Once we really understand the problem we apply our approach, CAMD, which is a four steps process to drive the outcome.
Connect data & documents. What data do you need to work on this business challenge?
Automate workflows. Which processes do you need to implement to increase automation and to improve efficiency and robustness?
Monitor dashboards. What do you need to monitor to make sure you are achieving the outcome that you are looking for?
Decision recording. How can you take and record your decisions transparently?
To enjoy the full benefits of the transformation of your Compliance challenges, processes must be vertically integrated, all the way from the source of data to the recording of outcomes.
As much as it might surprise us, we are not that different from other sectors, there are rules and regulations everywhere, they are there for a reason and we have to comply with them. The key is to approach it in such a way that it does not become a burden without the expected results.
Fortunately for you, technology is here to help!