The global RegTech market is forecast to reach $22.3 billion by 2027, fueled by a number of factors including the explosion of data, the ever-changing country-level rules, the global regulatory environment, cybersecurity threats, technological advancements – and last but not the least, the lasting impact of Covid-19.
This forecast shouldn’t surprise us. Due to this wide scope of the regulatory landscape, compliance is a complex and challenging process, as corporates must adhere to copious amounts of financial, operational and digital regulations. And the difficulty is constantly growing because the goal post is continuously being moved further and further away as a consequence of rapidly evolving laws and legislations. So, not only does the compliance department have to keep up with the regulatory changes, but the team also needs to be able to demonstrate and evidence adherence across the lifecycle of each and every regulation, and at all points in time.
Compliance officer liability
Furthermore, as far as the regulators and enforcement agencies are concerned, the buck stops with the senior executives and Board members in organisations. They hold individuals accountable for compliance violations. Their view? Designated individuals are not just answerable to regulating authorities, they are accountable – so when violations occur, disciplinary action follows. Already, regulators such as the UK Financial Conduct Authority have made it clear that organisations’ regulatory obligations still hold, and that post-Covid remote and hybrid working practices must not compromise compliance in any way.
This is when in most corporates, compliance department leaders are already walking the tight rope to balance budgets and the increasing cost of compliance. This, alongside limited resources, makes ensuring compliance and good corporate governance quite testing and even difficult to achieve.
Convincingly illustrating “evidence” of intent to comply and indeed compliance itself is fundamental, but often it isn’t easy because there’s no single, central repository where all the compliance-related data concerning the numerous company policies, regulations and laws, by jurisdiction, are stored. It’s commonplace to find that documents, emails and other correspondence related to ongoing investigations are dispersed across people’s Outlook inboxes, file servers, SharePoint and shared hard drives. So, the question becomes, which of all these versions is the definitive version of the “truth”?
Also, if there aren’t well-defined procedures for timely record keeping, critical documents can be missing, severely compromising compliance data accuracy and integrity.
When it comes to regulatory reporting, regulators don’t take kindly to missed deadlines. This can have serious and tangible consequences for both the compliance department and the business. However, with information dispersed across multiple locations, gathering and assembling compliance-related management information is time and labour intensive and stressful, of course, but also error-prone.
This poor visibility of data due to poor information management procedures then means that compliance departments don’t have the critical capability to undertake regular risk assessments. This impacts their ability to proactively mitigate business risk.
There’s a better approach than SharePoint
Of course, there’s business function focussed RegTech, and corporates must evaluate them to decide on the best approach for them. But prior to that, it makes sense to first put the fundamentals in place.
At the core, demonstrating compliance requires proof of documentation that is consistent with internal policies and external regulatory demands. Additionally, in order to comply with all these laws and standards, compliance departments have corresponding internal policies and procedures to ensure that the compliance effort is integrated across all parts of the business as well as embedded enterprise-wide.
Complete control of the compliance programme across such an expansive regulatory landscape, is no mean feat. At the most fundamental level, the compliance team needs visibility and easy access to every single iteration of each and every policy, regulation, legislation and framework, at any point in time – as well as historically.
To address this issue, typically, organisations use Microsoft SharePoint to store these type of documents. Whilst SharePoint serves as a good file management system, it isn’t designed to provide a high standard of control and monitoring capability for an enterprise-wide compliance programme.
Foremost, SharePoint isn’t designed to store emails, which often contain important contextual information. Neither does it offer case, matter or project-related structured workspaces where all the information and documents across multiple data sources – i.e., correspondence, images, data, voicemails, emails, and more – can be stored. SharePoint also doesn’t offer version control, search capability, full auditability and the list goes on.
To help overcome these shortcomings, compliance departments could try and customise SharePoint using bolt-on tools, but the cost can be very high. To gain the most comprehensive capability, organisations need to purchase several expensive third-party tools – they also require specialist skills, continuous software development, project management and support to integrate and ensure that the workflow across the numerous applications and SharePoint remains connected and seamless at all times.
Many compliance departments have tried their hand at SharePoint customisation too, only to find that despite the high level of investment – not to mention, effort – the workflow across the numerous applications isn’t unified, and the functionality still limited.
Best practice document and email management can help embed compliance
The days when companies considered regulatory penalties and fines a “cost of doing business”, are long gone. Today, the reputational damage of a compliance breach is far greater than any financial penalty a corporation might bear. Embedding a compliance culture in the organisation is a business imperative.
A best practice approach to document and email management can greatly help – foremost, by facilitating a single source of the truth, enabled by a streamlined workflow. This makes collaboration internally within the compliance department as well as across other functional areas such as legal, tax, HR, risk, and so forth, much easier. Such an approach allows better knowledge management, ability to deploy security policies to protect confidential compliance data, a single integrated view of content for each and every case or project, ease of reporting, full auditability and more. Consequently, compliance departments can standardise and embed business processes that make compliance part of daily business operation – in turn, freeing up time which teams can use for higher value compliance activities.
This approach is proven. By way of an example, Ascertus has deployed the iManage document and email management system in the compliance department at a leading player in the Scandinavian financial markets. Today, the department is able to apply the highest levels of security to data and is benefiting from full audit tracking capability for critical emails and documentation that are needed to support investigations and demonstrate compliance with regulations, including KYC and GDPR, among others. In fact, prior to iManage, the compliance department in this Fortune Global 500 organisation was using a combination of SharePoint, shared drives and OneDrive. They realised that even the collective security offered by these applications wasn’t sufficient to meet the high standards that the numerous regulations and legislations demand.
If this is an area you are exploring for your compliance department, please get in touch with us. We can assist and guide you so that you have a solution that meets your business need. In the meantime, do also check out our eBook that provides more detail on this subject.