8 ways to ... ensure comprehensive compliance.
 Make compliance a 'business as usual' activity
"A continuous approach to compliance management can deliver far more value to an organisation than a series of retrospective assessments would," says Hibbert, who cautions against relegating it to an annual activity. It should be part of the normal day-to-day routine in which activities are reviewed alongside other tasks.
"Continuous compliance is more efficient in terms of process and it also yields higher and more stable levels of compliance. Organisations will be more secure and less likely to be breached as a result," he says, adding that firms wishing to adopt the business-as-usual approach to compliance needn't find the switch a complex one.
 Adopt a structured approach
Regulatory projects are different from others because they are not usually optional, observes Brian Ford, associate director at LOC Consulting. He advises companies to adopt the following three-step process.
First, you need to understand the scope and timing of the relevant regulations. Look at the implications for your organisation and determine which parts of it may be affected by these. Second, conduct a gap analysis to determine what further action you need to take to ensure that you are fully compliant. Prioritise the changes you need to make into a tailored to-do list, along with timings, that can be presented as a business case and high-level budget for review by senior executives. Third, implement the plan.
"This includes project initiation and approval; planning and resourcing; stakeholder management; training, development and testing; and the all-important transition management and implementation," Ford says.
 Understand why things go wrong
The firms that get caught out time and time again by regulators are those that apply sticking plasters to symptoms of non-compliance instead of finding the root causes. Compliance teams need to work with managers to identify potential behavioural problems that may result in misconduct, according to Ronnie Kann, managing director of CEB, a member-based business advisory company.
"In addition to flagging behavioural issues, compliance teams must be able to identify the drivers of misconduct and then align their risk metrics with those drivers in order to build a smarter monitoring programme," he says.
With solid information obtained from analysing causes, it should be possible to create key risk indicators, Kann adds.
 Stay abreast of all the relevant laws and regulations
Keeping up with the continuing flood of new regulations is a tough task, according to Susan Palm, a vice-president at MetricStream, which provides governance, risk and compliance software. She recommends that organisations should set up comprehensive registers of the laws and rules that are relevant to them.
Managers can do this by reading reports from industry experts and using external regulatory news feeds.
"Organisations should look to align laws and regulations with their products and services, policies and procedures, risks and controls, and training programmes," Palm advises.
"By aligning compliance programmes with broader enterprise risk management, firms can better streamline and consolidate common risk and compliance activities."
 Co-operate more effectively with other departments
The finance function cannot hope to establish and maintain effective compliance management without help from other parts of the organisation.
"With staff collaborating to perform relevant tasks as part of their day-to-day roles, there will be no need for a compliance project and admin team to gather retrospective evidence to show that controls are being met," Hibbert says. "This will drive productivity."
Kenneth Hitchen, a director at Sabio, which provides contact-centre services, warns that conflict sometimes arises between compliance and customerservice teams. The resetting of passwords is one of the top three reasons people contact call centres, for example. He says that, by using the latest technology, it is possible to ensure full compliance while also delivering cost-effective customer service.
 Focus on managing data
One key to effective compliance management is the ability to produce data in the correct format when regulators demand it. To achieve that, it is important to ensure that the material is being retained, stored and, where appropriate, destroyed in line with the regulatory guidance, according to Tracey Stretton, a legal consultant at Kroll Ontrack, which provides data recovery, e-disclosure and computer forensics products and services.
"In fact", she says, "data gathered and viewed using the appropriate technology provides a rich opportunity to check on regulated corporate conduct."
Stretton adds; "Technology such as predictive coding is often used by companies and their advisers to review and analyse emails from key individuals in high-risk business units or countries to check on compliance with laws on competition and bribery."
 Ensure that your invoicing is compliant
Compliance management needs to start close to home. Firms that trade in more than one country must be able to provide a full history of invoices, tax filings and audits to the relevant government agencies, observes Alex Kleiner, EMEA general manager at Coupa, which provides cloud-based financial applications. "It is now possible for invoices to be emailed directly to and from suppliers and auto-saved in secure PDF files to be preserved for compliance," he says.
 Regularly monitor performance on compliance
To ensure that compliance management is more than a mere box-ticking exercise, it's important to set thresholds for action and delegate monitoring duties, according to Kann, who stresses that the key risk indicators that a firm should have defined are vital.
"Compliance managers must define ranges that show whether a given metric is heading in the right direction or entering dangerous territory," he says. "Then the team should set specific thresholds that indicate when to alert stakeholders. To do this effectively, compliance teams need to rely on key partners to help them monitor those risks and metrics. For example, the procurement department can provide access to the third-party database for subcontractor due diligence."
Illustration by Eve Lloyd Knight
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||dialogue with Richard Hibbert|
|Publication:||Financial Management (UK)|
|Date:||Feb 1, 2015|
|Previous Article:||Upping the anti.|
|Next Article:||Hi-tech tools of the trade in association with IBM[R]: today's leaders need to master all the cutting-edge tech at their disposal to get the most...|