This is the second in a series of blog posts by Mitch Avnet of Compliance Risk Concepts on the process of building a business case within your firm to support investment in compliance technology. Read part one here.
Trying to prove the case for investing in new technology for compliance’s sake is often an uphill battle. Unless your firm has experienced a catastrophic regulatory issue or emerged from an audit with a mandate to bring your processes into compliance, you’re likely to be met with a large dose of hesitancy.
After all, historically the compliance function has been seen as a cost center and not a very exciting one, at that. Most firms want to invest in revenue-generating projects rather than in a maintenance function that – for all its inefficiencies – seems to be working fine.
The problem with this way of thinking is that most compliance issues don’t surface immediately – they build over time. Allowing a gap in your operation to go unaddressed for a long period of time can infect your entire enterprise, leading you to invest money in new processes and systems to treat the wound that surfaces rather than the underlying illness. When it comes time to address the issue, it’s like peeling back the layers of an onion to get to the real matter.
I’m sometimes consulted by firms whose lack of awareness of an underlying issue – or inaction in addressing it – has put them under regulatory pressure. Their knee-jerk reaction is to decide their technology isn’t working and to want to go out and purchase the latest, greatest new technology. But unless they first identify where the gap lies, in time the new system will fail, as well.
In general, firms today share the same kinds of fundamental challenges. The most prevalent is an over-reliance on manual, bifurcated and disparate processes, which limits their ability to get a comprehensive, accurate view of their compliance risk in a timely manner. They hire talented, highly skilled compliance professionals, but the task of gathering information from all their various systems is so time-consuming and onerous, they spend more time amassing and packaging the information than they do in analyzing it. As a result, governance committees and boards make enterprise decisions based on incomplete, unverified information.
Many firms lack a consistent process to define key compliance risks, which makes it difficult for them to identify and assess the risks as they emerge. It’s not unusual to find the same issues being investigated and escalated from several different areas of the firm, wasting time and overhead as efforts are duplicated and affected areas are asked the same question 20 different ways.
Sound familiar? You’re not alone; the fast pace of technology development and regulatory changes have led to loose ends in virtually every firm’s operation.
The first step in building a case for investing in compliance technology is to find those loose ends – a process that is not for the faint of heart. It will take participation from virtually every corner of your organization and a willingness to challenge the status quo.
Assemble a committee of representatives from every impacted area. Make sure they understand the ultimate value to the organization, and that they embrace and internalize the mission. You want them to act as evangelists as legacy employees push back against change. Be sure to include younger workers on your committee. While many of us use technology, the younger generation lives it, and there’s a big difference. The technology you ultimately adopt needs to feel natural to them – to streamline its onboarding and to ensure your firm feels relevant and forward-thinking to the future workforce you want to attract.
Once your committee is assembled, encourage them to question every process and technology. Trace every workflow, find where processes dead end and where they overlap. Ask why they exist and how long they’ve been there. Financial services is a dynamic, ever-changing industry. Chances are if employees are still following ten-year-old methodologies, there’s a better way of doing things. Empower your committee members to be agents of change to find the gaps that are putting your firm at risk by masking problems that lead to uninformed decisions.
Once you understand your firm’s operations end-to-end, step back and measure it against your competitors and where the industry is today. Are your capabilities leading? Or lagging? Where are your hot spots? Once you understand where your system falls short, you can begin to build a better solution.
Next month, I’ll talk about the next step in building your compliance technology business case: framing solutions.