Compliance — It’s complicated

Geraldine H. Apostol Risk Assurance Partner, PwC Philippines 15 Feb 2019

When I was starting to write this article, a scene from a Harry Potter movie came to mind. Hogwarts School had a new headmistress in the person of Dolores Umbridge.

She issued a lot of new rules, which Mr. Filch posted outside a huge wall while patiently hammering every frame. I could imagine how the students felt – life at Hogwarts was getting to be different. There was an ever-growing tangle of rules as the so-called Regulator (the Ministry of Magic) addressed the fast-changing and maturing wizards.

In the world of business, survey after survey, our relationship with ‘compliance’ likewise continues to get more complicated.

The rapid pace of innovation and technological change characterizes how organizations deliver goods and operate internally. Opportunities abound and many chief executive officers (CEOs) in our country are optimistic about global economic growth.

The onrush of regulations nowadays seems like how Umbridge issues rules in the movie scene. We are in a more expansive and dynamic risk universe, which goes with growth and innovation. Surveys show that over-regulation remains a top threat to company growth in almost every part of the world. So how do we keep up with the times?

Stakeholders expect compliance and ethics functions to protect organizations. The importance of effective compliance has never been greater. Heightened regulatory enforcement and growing pressures from global movements and watchdogs (e.g., whistleblowers, activist groups, and investigative journalists) are fueling the value of a strong and responsive ethical and compliant culture as well as more transparent internal reporting channels.

We’ve seen in the news how compliance failures can cause huge reputational damage, high customer churn, and massive fines. Hence, executives rely on strong compliance and ethics programs to address the consequences of non-compliance, as they take risks while seizing new market opportunities.

How can we better understand the complexities or perceived complexities we face right now? How do we reduce the pressure on compliance and risk management? How do we identify and contribute to highly effective compliance habits? How can we use technology so our organizations will initially improve, then ultimately excel?

Cultivating a culture of compliance

Understanding the state of the following operational areas of compliance can give us a sense of where we are right now:

Policies and procedures. Do we review our code of conduct annually? Do we have a single policy management framework? Do we use policy management technology within the compliance department?

Training and communication. Do we update our compliance training and communication programs annually? Do we expect to increase online training courses in the next three years? Do we expect to do more frequent short-term communication in the next three years?

Monitoring. Do we use technology to monitor employees’ compliance with ethics and compliance-related policies and procedures? Have we gained better insights or done better root cause analysis from the use of technology for employee compliance monitoring? Are our budgets sufficient to meet additional needs associated with technology?

Linking these areas of compliance with business strategy sets the foundation for a culture of compliance and ethics. And the answers to the above questions will give a firsthand assessment on how to implement effective compliance programs. Risk culture behaviors that are innovative and optimistic are expected to be exhibited as we go through the journey. For one, simply emphasizing the concept of proper “tone at the top” is definitely a winning formula to achieve these distinctive behaviors.

Technology improves compliance

What can we do to have effective compliance programs? Finding workers with the right skill sets is challenging because workers increasingly need to understand technology, the business, and compliance. With multiple, new, and highly motivated watchdogs now providing their own forms of insight, the case for strengthening compliance risk management through technology is strong. To support a modern data-driven compliance function, organizations are pressed to invest in technology-enabled infrastructure.

What technology elements/tools do you have in place to support your compliance program? Data analysis tools, dashboards, continuous monitoring, data warehousing, data extraction tools, GRC (governance, risk management and compliance) technology solutions, collaboration and interaction tools, predictive and automation tools – these regtech (regulatory technology) tools help organizations quickly analyze vast amounts of data, enabling them to gain insights into the business and customer behaviors and efficiently assess potential compliance issues.

Digital upskilling of compliance and ethics team

With tools in place, focus on the digital upskilling of your compliance and ethics team. Once we know how to use the tools to identify our available data and data sources, we can perform our analyses, such as monitoring employee compliance. Technology gives better insights and better root cause analyses. Our ability to respond in real time also improves, and we can identify outliers and sort out violations.

Single policy management framework

With improved culture, skills, and tools, the organization is able to streamline policy management, and to clearly and directly communicate policies to its employees.
Readily available software that contains many GRC technology tools can measure the effectiveness of policies and procedures more comprehensively. Policy owners can give information on training, auditing, and monitoring plans for each policy. Any new or revised policy can also be configured in the system to go through a policy committee for review and approval.

A single policy management framework with documented policy governance leads to better consistency and greater effectiveness of corporate policies across multiple areas. They will be generally a lot simpler and easier for employees to understand, and therefore, follow.

Compliance training

Conduct a thorough and up-to-date compliance training that starts at the top (again). Board training can give more headway. Engaging methods are often used to conduct board training, as well as the following for the rest in the organization:

Shorter and more frequent forms of training allow employees to be more engaged and create a positive effect in the office.

TED(technology, entertainment, design)-talk-like awareness videos are considered as high-impact.

Thought-provoking messages using everyday language, as opposed to the formal style of ethics presentations, get more attention, thus enhancing interest and generating dialogue.

Mobile apps are becoming more common in distributing compliance content.

Advice in improving compliance function

Starting a more data- and technology-driven compliance function can be challenging. Completing a needs assessment and identifying existing technology and skills that can be leveraged are important first steps. Next is to prioritize areas in need of technology assistance by considering data sources. Build a case for technology investment and identify process changes to make compliance more responsive, comprehensive, and current. Then execute against a technology and skills roadmap towards a better and effective compliant environment.

So let’s stay positive about the future and do our part (no matter how small or big) as we remove the complications that surround our world of compliance. We cannot control change, but we can definitely accept them and act on it.

This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.

Contact us

Geraldine H. Apostol

Risk Assurance Partner, PwC Philippines

Tel: +63 (2) 8459 3040

Follow PwC Philippines