The Compliance of Things: The New Normal or Just a Trending Fad?

With the constant evolution of technology, regulation and dynamics of the modern workforce comes a new way of approaching compliance

Imagine for a second…

The head of sales at your organization is flying to China for a last-minute meeting. He booked the trip on his company card, which then triggered a series of actions in your compliance system based on the corruption risk you as an organization face in China. The travel is flagged under that risk area in your system so your compliance team is aware of the activity, and as soon as the sales executive steps off the plane, he receives an alert reminding him of your company’s anti-bribery and gifts policies and is prompted to re-attest to them.  

A government official contacts your organization to do business together, and one of your employees sets up a meeting. The .gov email address on the calendar invite fires off an email alert to the employee reminding them about your policies around doing business with government officials.  

Or imagine that calls to your hotline can be routed based on certain keywords, phrases, names or numbers that help you distinguish compliance issues, HR complaints, customer concerns and product feedback from one another.

These scenarios are more of a reality than you may think. With the rise of the “Internet of Things”—that is, connecting any devices with an on/off switch to the Internet and/or to each other—compliance is capable of adopting a similar model with the right kind of technology.

Think of a day where your compliance program’s tasks are automated, secure and efficient, in turn giving you, the CCO, the time and measurable data that allows you to make smarter, quicker and more impactful decisions. When a hacker uses your credit card number, your bank alerts you of the alleged fraud, freezes your account, denies the charge and puts a new card in the mail—all within minutes of the illegal purchase. Your information and account were being monitored for you, and you didn’t have to initiate the fraud process. Or whenever you’re on the road and get within three blocks of a Starbucks, an app pops up letting you know there’s a store nearby and what specials they have that day. From my cell phone, I can change the temperature of my house, set my DVR to record my favorite show and check the video feed from my nursery monitor to see how my infant son is napping.

All of this begs the question: why should your compliance program be any different?

The big hairy problem compliance currently faces is two-fold:

  1. The need for real-time, digestible and on-demand data to make data-driven decisions quickly.
  2. The need for compliance to be integrated across an organization’s day-to-day operational processes. 

The Compliance of Things

Less than 15 years ago you got online by logging in with a dial-up connection fixed to your home land line—before broadband and cable connections were even thought of. You saved documents on floppy discs. If you downloaded an image it would take about five minutes; a song took about half an hour.

During the same time, to report wrongdoing at work, you called or walked into your supervisor’s office to talk face-to-face about an issue. You filed reports manually with a piece of paper and a pen and it was placed among thousands of file folders stowed away in tall filing cabinets under lock and key. Policy updates were distributed with paper memos. Little to none of the compliance process was electronic, let alone “connected” (if it existed at all).

Technological advancements and connectivity, coupled with the velocity in which data is transferred, presents a growing chasm between the present and future states of compliance engagement. The possibilities of where and how compliance can be communicated to your employees and organization are not only increasing in number, but their capacity to be targeted to specific employees at very intentional and relevant points in time.

You may not think of compliance activities as being too disparate from one another, let alone from the rest of your organizational operations and systems. But the time to rethink it all is fast approaching…and the cost of not doing so is already starting to add up.

Priority Drivers

The need for speed
The amount of information flowing into and out of businesses, and the rate at which is does so, is rapidly accelerating. So, too, are the demands from CEOs to get insights faster and on a more granular level, according to PwC’s 2016 US CEO Survey. Thus, the way in which risks are managed throughout an organization are subsequently changing.

Connected technology gives executives a line of sight into risks sooner and, in turn, are more effective in allowing organizations making quick operational pivots. This holds especially true as organizations evolve on a global scale and the intricacies of business operations and risks grow more complex.

Changing workforce
There are several changes in the global workforce that will require compliance professionals to rethink and adapt their strategies, according to the Society of Human Resource Management (SHRM) in their recent Workplace Forecast Survey:

  1. Lack of employee engagement.
  2. The rise of flexible work arrangements and greater use of contingent/contractor labor.
  3. The shift from manufacturing to service/knowledge economy and workforce.
  4. Globalization and multiculturalism.
  5. The exit of Baby Boomers and entrance of Millennial/Generation Y.
  6. Broader spectrum of technology savviness.
  7. Increased reliance on technology and social media.
  8. More emphasis on work/life balance.
  9. A shortage of skilled workers.
  10. Greater demand for transparency around corporate data and information.

As these trends reshape the way we work and manage, the case for an integrated and connected compliance program strengthens due to the need to constantly evolve and adapt to organizational, industry and workforce dynamics.

Changing regulatory expectations

I think strong compliance must be data driven. When I was recruiting compliance officers, one of my questions was to ask the candidates to articulate what types of data they would monitor.” – Hui Chen, Compliance Expert – U.S. Department of Justice

“My expectation was that a good compliance officer should be able to rattle off a list off the top of their heads and their list will tell me the level of their sophistication as a compliance professional. Similarly, when I look at compliance programs, the kind of data that they do and do not monitor tells me a lot about how sophisticated their program is,” said Chen.

While compliance has been making its case for over a decade, it finally has some pull on business strategy. On the flip side of the coin, it’s also getting the attention of a less welcome kind in the form of scrutiny from the government and other stakeholders. With that brings an increased importance of transparency in reporting and data analytics around compliance effectiveness. Auditable records of defensible and readily accessible compliance program data will be the new standard for board and government oversight.

Baby Steps

Start to develop and sustain a comprehensive compliance data strategy.
This all is a far cry from where many organizations find themselves today. And it can be daunting to think about trying to get to this point. But if, as the saying goes, “the journey of a thousand miles begins with a single step,” you can get started today by making some fundamental shifts in how your compliance functions think about and use data. The more you see, the more you’ll start to understand where there are opportunities to tie things together and make real strides toward operationalizing the Compliance of Things vision.

Start making better use of your internal and external data sources (information feeds), such as:

  • HR employee data
  • Expense records
  • Regulatory requirements
  • Politically exposed persons (PEP)

Then work on having this data surfaced in a single place—instead of in multiple spreadsheets. You’ll glean new insight through more contextual data resulting in efficiency and accuracy.

Subsequently, this creates a more proactive rather than a reactive approach to compliance, positioning you to be at the head of the strategy table when it comes to directly impacting business strategy, the bottom line, risk mitigation and sustained cultural health. A byproduct of a technology solution that changes with market demands is that your compliance program will be constantly in vogue and you will be a model for those to follow.