Behind the Compliance Dashboard

As a NSW Government Deputy Secretary operating in a highly regulated industry, I was used to receiving monthly compliance dashboards. These dashboards might note things like the number and type of non-compliances occurring, the time taken to rectify the non-compliances or the fines issued.

Having the dashboard was a reassuring and useful management tool, until it wasn’t.

When a reason emerged to look behind the high-level dashboard and interrogate the organisational monitoring systems themselves, the manual and resource-intensive nature of our oversight processes quickly revealed themselves.

When I left the public service for the private sector, I found that the private sector was no different with a mix of manual, semi-automated and highly sophisticated compliance tracking systems in place.

So it is no surprise that Boards, businesses and managers are looking for help with managing the regulatory environments in which they operate. Hence the birth of RegTech – regulatory compliance software solutions.

Indeed, just last month the Australian Government announced they are investing $33 million into Reg Tech to help reduce compliance costs for farmers.

The Minister Assisting the Prime Minister and Cabinet, Mr Ben Morton, said at the time - “RegTech is a game changer in solving compliance and regulatory issues, but this innovative technology will also deliver results for the environment, the economy, farmers and business owners” .

The concept of RegTech is not new, it had its origins in the financial sector, where following the 2008 global financial crisis, regulatory oversight increased dramatically, new regulatory requirements were rolled out thick and fast, as were sizable fines for non-compliance.

In an environment of increasing risk and complexity, it was inevitable that the sector would seek to better manage the risks and costs associated with regulatory compliance.?

According to a KPMG article (Embracing the Challenge of RegTech 3.0), “RegTech uses technologies such as advanced analytics, robotic process automation, cognitive computing and the cloud to achieve regulatory and compliance outcomes more efficiently and effectively.”

However, according to the same article “if the RegTech industry were a mountain we’d only be at base camp.” The authors go on to note that by 2022, only 34% of all regulatory spending in the financial sector will be on RegTech – despite its promise to better manage enterprise risk, costs and reputation.

My experience so far with RegTech is that the most sophisticated compliance systems tend to focus on Safety, Finance/Tax, Privacy or Litigation matters. ?Whilst in other areas, perhaps considered less high risk/high importance, there is a reliance on manual systems and a team of Compliance Officers.

One such area in the Australia context might be compliance with regulatory instruments, such as an Infrastructure Approval or an Environmental Protection Licence, both of which can have dozens of unique approval conditions, trigger thresholds, reporting anniversaries and more.

Given non-compliance with some of these conditions can pose significant reputational, financial, litigation or operational risks to any business, one would assume most organisations regulated under such instruments would be looking to exchange manual processes for more RegTech assisted processes as soon as possible.

However, despite the many potential benefits, there are numerous reasons why we are still “at base camp” when it comes to the ubiquitous use of RegTech.

First, there is the obvious issue that there is no “one-size-fits-all” solution.

As such, Boards or CEO’s considering the potential use of RegTech for their organisations, need to give the issue serious consideration – and not just from the usual considerations of alignment with current and future strategic objectives, as well as costs, customisation requirements, operational disruption and/or training and technical support.

In evaluating the business case for RegTech, decision-makers need to also consider the:-

1)?????scale and nature of the regulatory requirements affecting the organisation

2)?????IT and human resources currently required to monitor, service and report against those requirements

3)?????sophistication of the current documented policies and procedures in place to ensure compliance (ie. the control framework)

4)?????type of risk non-compliance presents for the organisation

5)?????pace of regulatory change affecting the business

Understanding all these elements is critical when selecting any potential RegTech solution, because by its nature compliance management is about ‘strict rules’. The software will need to be configured to understand the rules, assign tasks, generate alerts, create audit trails, reports and calendars.

You also need to be clear if the system needs to integrate with, or at least share data, with other organisational systems, for example the financial management system or even just the corporate calendar.

Finally, even if the control framework is well documented and understood, the digital literacy of the organisation also needs to be considered in order to maximise the potential success of any implementation.

RegTech is worth the consideration. It promises more than just reduced human error and faster /cheaper compliance through automation. With the advent of data analytics, machine-learning and artificial intelligence, as well as security developments like blockchain, RegTech also holds out the promise of better business insight and value creation, better customer and enterprise protection and stronger reputational management.

But no-one goes from Base Camp to the Summit without a lot of preparation first.