Are you successfully managing compliance in your business, or is it taking control of you? Compliance demands are many fold. If your business is regulated, that demand will dominate. But regulated or not, all firms need to comply with legislation, such as anti bribery and corruption laws. Beyond these mandatory compliances, you may actually volunteer to comply elsewhere, such as with quality standards. Increasingly though, partners may not trade with you unless you meet certain standards, e.g. those for data security, so ‘volunteering’ often isn't good enough. And if you operate internationally you will face local variants of all these demands.
Just keeping track of what you must comply with becomes a real challenge. The next challenge is achieving compliance and being able to evidence it. The final challenge is to maintain that compliance in the face of continuous regulatory and legal change.
It’s genuinely difficult for compliance professionals to stay on top of it all. Third-party vendors can help you with parts of the puzzle, but it’s a daunting, time-consuming task to pull all the threads in the compliance cosmos together and be sure you got it right. Thankfully, that’s just what the Pan Galactic Compliance Engine lets you achieve.
A Compliance Platform that lets you reach for the stars...
Decision Focus’s Pan Galactic Compliance Engine can take you beyond the world you know, lifting your compliance framework to a new level of enterprise thinking. It takes an integrated, holistic approach to deliver a one-stop-shop for literally all classes of compliance, in any industry sector, in all jurisdictions on the globe. (We said it was pan galactic). The need to sticky-tape together point solutions which only deal with part of the problem simply vanishes.
...and avoid the black holes
Across your entire enterprise, our Compliance Engine provides:
- Certainty over precisely what you need to comply with, and where
- A clear view across the board of what you are doing in order to comply
- An objective measure of compliance performance
- Automated impact analysis when requirements change
- Action initiation and tracking, from individual fixes to large scale regulatory change programs.
No information gaps, never again caught out by change, evidence always to hand. Steer around the black holes, because once you fall in, it’s hard to get out. (Take care; if you cross the event horizon you will never get out)
Let’s lift the starship’s hood and look at the engine in action
It looks like this.
It works like this.
The compliance engine pulls together 5 key compliance dimensions to form a cosmic cluster of great power. Fully connected pathways from source compliance requirements through to operational process and controls enable us to reach two important goals previously hard to achieve:
- measuring and maintaining your compliance performance
- determining the impact of change and dealing with it
Einstein believed there to be 4 dimensions to the cosmos. He was wrong. There are these 5. (Perhaps Albert was not pondering the compliance cosmos)
The first dimension - Authority Requirements
The engine is designed to formally capture the requirements you need to meet, removing doubt about what your compliance efforts need to target. That’s all your requirements, for all classes of compliance, in all jurisdictions. Importantly, it also allows you to recognise that several authorities may essentially be asking for the same thing. There may be nuances in how each has stated the requirement, but it’s the same thing. This is captured as a single harmonised requirement, explicitly linked to the originating requirements from which it derives. This saves substantial effort down the road. Deal with the one harmonised requirement and you’ve dealt with the several originating requirements in one go.
Increasingly firms seek help in determining these requirements and there are a number of third party vendors that can provide regulatory, legal or other data feeds for specific compliance areas. The Compliance Engine has an open API, which let’s it readily interface to third party data sources. With this automation, populating the Requirements Dimension is not as daunting as it may seem.
The second dimension - Board Policies
External authorities expect firms to interpret the requirements they impose in the context of the firm's business model, and decide what their response should be. This response is typically documented in a series of policies, often Board approved. Authorities will prescribe what policies you must have, but not what you put in them. That’s the outcome of your interpretation of the requirements.
The Compliance Engine allows you to collaboratively author, approve and publish policies. It also lets you take specific phrases in the policy and declare them to be a Mandate. A Mandate is both a commitment to the authority and a communication to staff about what behaviour is expected of them. They're so important it’s best to call them out: ‘For the avoidance of doubt, the Board’s Financial Crime Policy contains these 17 mandates’. Your commitment to the authority, and your direction to staff, is now crystal clear.
Here comes our first cosmic pathway. The Compliance Engine explicitly links Authority Requirements to the policy Mandates which they motivate. It’s the start of the construction of a pan galactic highway. But where does it go? Read on.
The third dimension - Business Standards
Breaking policy documents down into explicit Mandates brings some clarity, but the Mandates can still be open to interpretation. As they reside at the policy level, they are typically statements of principle. For example a Financial Crime Policy might say ‘the firm will not trade with any sanctioned company or individual’. If you say that and no more, the managers of different entities within the group might take quite different approaches to honouring the mandate, some effective, and others not so.
So we create a Business Standard addressing sanctions screening, which contains a number of Procedural Requirements which set out the characteristics that any sanctions screening process, deployed anywhere in the firm, must exhibit. These are next level down in communicating to staff what is expected of them, in this case to comply with the Financial Crime Policy, and ultimately financial crime legislation.
Which brings us to our second cosmic pathway. The Compliance Engine links policy Mandates to the Procedural Requirements which they motive. The Pan Galactic highway has grown, now taking us from external Authority Requirements, via policy Mandates to Procedural Requirements within the business.
The fourth dimension - Controls
You’re the manager of the French Branch. You know you have to implement a sanctions screening process and it must satisfy the 10 Procedural Requirements set out in the Sanctions Screening Business Standard. So you design the process so it includes the necessary checks and constraints to ensure the requirements are met. In other words you have embedded the necessary Controls within your sanctions screening process. Controls (not quarks) are the subject matter of our fourth dimension.
The Compliance Engine has comprehensive support for managing control registers across the enterprise. It also provides our third cosmic pathway, from Procedural Requirements to the process Controls which are operated to satisfy them.
The pan Galactic highway is complete, and now spans from external Authority Requirements right through to operational Controls. The whole journey is made via the interconnected data held within your organisation's single, holistic Pan Galactic Compliance Engine.
The fifth dimension - Control Assurance
The first four dimensions take you from external authority requirements through the layers of thinking and design regarding how to comply with them (policies, business standards), right through to the operational reality of controls. The obvious question is: ’is all that working?’. If it is, you are compliant. If it’s not, you aren’t. Our fifth and final dimension is Controls Assurance, the world of figuring out if your Controls are suitably designed, and operationally effective. The Compliance Engine provides a broad range of control assurance capabilities ranging from self assessment by the business (the ‘first line’) to independent assessment by compliance monitoring teams (the ‘second line’), and formal control testing by internal audit (the ‘third line). The engine lets you see at a glance where these differing views align, or more importantly where they do not.
Riding the Cosmic Highway
You can ride it in two directions:
Measuring Compliance Performance
This is the ‘bottom up’ journey along the highway. The engine’s Controls Assurance dimension gives us an objective view of whether all the controls across the enterprise that contribute to compliance are working. We can use this control evidence to objectively judge compliance performance.
If all the Controls linked to all the Procedural Requirements in a given Business standard are effective, we can argue that we are satisfying all Procedural Requirements, and so are wholly complying with that Business Standard. Conversely, if some of the controls are not working we can see which procedural requirements are not met, be specific about how we are failing to wholly comply with the Business Standard, and do something about it. The Engine has comprehensive action management capabilities.
The engine can support any bespoke scoring scheme your heart desires to arrive at a percentage complaint score for the Business Standard. We can roll the same kind of logic upwards to provide a percentage compliant score for policies, notably Board policies. That’s light years ahead of what most Boards get.
Regulatory Change Management
This is the ‘top down’ journey along the highway. External authorities continually evolve their thinking, and so adjust their requirements accordingly. If a given Authority Requirement changes the data pathways allow the Engine to provide an automated impact analysis, listing all the Mandates, Policy Requirements and Controls which may need to change to respond to the change and maintain compliance. The engine captures your ‘change/ no change’ decision against each., and its action management capabilities drive the required changes to completion.
If there’s a wholesale change, perhaps through the introduction of some entirely new regulation, the engine has full support for large regulatory change programs.
Are you ready for the ride?
With our tongues in our cheeks, we at Decision Focus have dubbed this novel approach as being ‘Pan Galactic. The end game is for the engine to be your enterprise level, go-to hub for all the classes of compliance you need to achieve across your entire organisation. The end game is pretty galactic. Getting all that in place will take time, so think of it as a journey. As with all journeys the first step is key. Just pick one area of compliance, perhaps initially in one location, and put the Engine to work there. You’ll be delighted to see the control it gives you. With that first step successfully taken, just take a second step, and then another. As your confidence builds you can get different parts of the organisation stepping in parallel. Now you’ve got a march on your hands.
Are you ready to ride the Cosmic Highway? We are ready to help you take that first step.