Changing the mindset at C-suite level that compliance is not a “tick-the-box, rule based” process at the end of any transaction or activity is one of the greatest challenges around embedding compliance into business solutions.
This is according to Kalane Rampai, director at PwC, who says: “Embedded compliance is having appropriate and effective controls, performance indicators and reporting mechanisms strategically positioned in the core business processes of the organisation,” says Rampai. “This assists in ensuring that all key regulatory, strategic and internal requirements are satisfied – without jeopardising the expected performance of the business.”
“Failure to implement a new approach to compliance and operational risk management comes at a high cost to entities,” says Greg Chamberlin, business development: compliance at LexisNexis South Africa. “These include non-compliance penalties, escalating litigation costs, brand and reputational damage all resulting in loss of public confidence and loss of revenue.”
“We have seen an increased requirement for organisations to improve disclosure, accountability and compliance to meet new and stringent requirements set by government, regulatory bodies and societal demands,” says Rampai.
The solution is not costly one-off projects performed with spreadsheets and a vast accumulation of paper-proof compliance, rather it is embedding compliance strategies into business processes. This will reduce the time and manpower cost of staying compliant.
Rampai emphasises three key steps that businesses and government departments should follow when making strides towards embedding compliance.
Set the correct organisational tone right from the top down.
To achieve a compliance-supporting culture it is essential to get C-suite buy-in and convey a unified compliance vision and strategy, recognising and rewarding the implementation of core values. Board and senior management need to commit to ethics and compliance.
Organisations require a values-based approach to ethics and compliance. Clearly defined objectives, measurements for success and project management parameters along with effective up- and downstream communication will create a consistent approach to accountability.
Integrating compliance into individual performance measurement and reward structures directs organisation wide participation.
Integrate systems and eradicate duplication
Strategically position appropriate and effective controls, performance indicators and reporting mechanisms in the core business processes of the organisation. The fragmented nature of different departments within an organisation, each working within their own isolated organisational silo, drives additional spend to meet basic business demands and creates redundant efforts to meet compliance requirements.
Use data systems and technology to full capacity
Leverage technology using tools such as Lexis® Assure and Lexis® GRC to automate data analytics and manage complexity, enabling real time compliance, monitoring, reporting and response. The volume of business activities that should be monitored within an organisation can easily overwhelm existing resources. Using technology such as key risk indicator dashboards, scenario modelling, predictive analytics and statistical analysis work hand in hand to provide management with trends and fact patterns and preventative control mechanisms.
“Compliance is not an event, nor is it an activity,” says Rampai. “Relying on ‘business as usual’ just doesn’t cut it anymore. Organisations need to incorporate fresh thinking, new systems and innovative approaches to produce the expected results.”