Better Regulatory Compliance & Transformation

24 October 2017

#PRIMED, #RegTech, #Transformation, #GDPR, #Compliance, #DigitalPMO

PRIMED helps companies execute their regulatory transformation initiatives in a more controlled, transparent and cost-effective manner while enhancing overall Governance, Risk and Compliance (GRC) initiatives

Governance, Risk and Compliance (GRC)

Driving regulatory compliance and transformation involves many functions, lines of business, systems, processes and controls. The demands regulatory compliance places across the enterprise is not trivial. Many companies tackle the problem through the use of (a lot of) smart humans, top-down control and governance functions. Indeed, there are many organizations that do a good job of implementing a GRC framework that deals with corporate governance, enterprise risk management and corporate compliance to regulatory requirements.

We believe we have an alternative yet complimentary approach to how companies could drive their regulatory programs and associated transformation initiatives.

PRIMED is our platform for managing strategic initiatives, regulatory change and business processes. Our approach is predicated on using enterprise, regulatory, compliance and program data in a joined up way to provide better insights on the dependencies, complexities and risks associated with these type of initiatives. This reduces the number of human-driven workflows, speeds up time to understand status and risks, increases controls and reduces risk.

Four Pillars

There are four core pillars contained within PRIMED that helps drive this consolidated view of regulatory transformation:

  1. Compliance of and traceability to regulatory and business requirements
  2. Alignment with strategic objectives and KPIs
  3. Controlling key “Business As Usual” processes
  4. Integrating compliance, traceability, alignment, controls and change via a digital PMO

When you are able to bring these functions together into an integrated set of capabilities, organizations are then able to have a joined up set of dependencies, better insights and analytics regarding risk and performance, and they are able to implement stronger controls while reducing costs. This gives the users of PRIMED a lot of information, analytics and insights which we believe can be used to drive GRC from the bottom-up.

1. Compliance of and Traceability to Regulatory and Business Requirements

Many markets, industries and companies are subject to external regulatory requirements and internal compliance and policies. We help companies build up an inventory of regulatory requirements and to understand the compliance of business processes, systems and other factors against those needs. Non-compliance also drives specific risks and issues that need to be solved through immediate BAU remediation or planned change deliverables.

Furthermore, we allow internal policies (such as Information Security policies) to be related to external policies (such as specific aspects of EU’s GDPR). Thus, when new regulations come along, existing regulations or policies change, or new systems and processes are put in place, the organization can better understand the impact and ripple effect of those changes. And we apply the same principle to business requirements that are driving strategic change. These could be new business ideas and concepts, audit and compliance findings, or functional and technical requirements for specific projects and deliverables. This allows all initiatives to be tied to requirements in a data-driven and thus transparent way.

2. Alignment with Strategic Objectives and KPIs

We help companies model and visualize their strategic objectives and to build out a set of Key Performance Indicators (KPIs) that align to the objectives. This allows current and target KPIs to be made explicit, and for the realization of these KPIs (and hence objectives) to be tracked.

3. Controlling Key “Business As Usual” Processes

Often, companies treat “Business As Usual” (BAU) processes and “Change” initiatives separately, mainly due to capital versus operational cost budgeting. However, the two are intrinsically linked. Improvements to BAU leads to change. Change modifies, eliminates or otherwise improves those BAU processes. But companies often do not manage them together from a transformation perspective. This seems a little disjointed given that regulations (and associated changes!) disrupt the BAU side first.

We believe that it is important to be able to model, measure performance and analytically assess BAU processes in the context of change and vice versa.

4. Integrating Compliance, Traceability, Alignment, Control and Change via a Digital PMO

Bringing the different parts of a regulatory transformation program together is a challenge since they span the many functions, groups, processes and stakeholders of an organization. In our experience, throwing more people at the problem simply makes the challenge more difficult especially as the scale and scope grows which in turn increases complexity, dependencies, risks and variables.

For example, stakeholders and responsible parties need to understand the broader picture of what is happening, what they are on the hook for, and what is causing risks, blockers and issues. Program directors and business executives need to have a real-time view of progress, status, changes, planned activities and resourcing needs. Finance wants to know what budgets looks like and what the breakdown is into capital and operating expenditures. Procurement may need to be involved in the creation and utilization of supplier contacts. Resourcing Managers need to see what the planned demand is for people, their roles, skills and experience, and to be able to have a data-driven conversation around the allocation and optimization of people’s time.

And wait for it … this is all changing all of the time. Nightmare! Excel spreadsheets, PowerPoints and Sharepoint sites can help to a point. But frankly the increase in errors, stale data and workload in keeping things up to date is a serious risk in itself not to mention the escalating costs, loss of controls and inefficiency of understanding state.

Better Regulatory Compliance & Transformation

We believe companies need to have a holistic and analytical approach to regulations, compliance, strategy, BAU and change.

As we continue to work with industry experts, consultants and practitioners, we also continue to assert that this data-driven approach will help companies approach the regulatory transformation domain in a smarter, more efficient manner. This will also allow more robust and holistic control frameworks to be actively managed without the need for subjectivity.

Just imagine being able to have better controls, increased transparency, deeper insights, real-time updates and a more informed story to tell your business stakeholders and regulators. And depending on how you manage your organization now, there are millions of dollars to be saved in removing all that laborious, error-strewn and monotonous human effort.