In an exclusive interview with CIO TechOutlook,Shankar Bhaskaran, Managing Director, India, MetricStream shares his insights on how public policy and regulatory activities are shaping the global business ecosystem and how implementing a strong compliance system is a mandate in order to have a robust organization. He has spent over 25 years in enterprise software and technology, media and new media, and has worked with large corporations such as Time & Fortune, Harvard Business Review, Bennet & Coleman, Living Media, Double-click network, and AltaVista among others, in key marketing, corporate, and brand communication roles.

Public policy and regulatory activity are accelerating rapidly, putting companies worldwide under intense scrutiny.As pressure mountsfrom corporate boards and top management for robust compliance, hefty regulatory fines and penalties are making waves in the news.

In 2023, the banking regulator, RBI, penalized several banks and financial firms for non-compliance.The fines totalled over 71 million USD.Compliance functions face many risks, including anti-bribery and corruption, fraud and financial crime, sanctions, and ESG (Environmental, Social, and Governance) issues like carbon footprint, modern slavery, and human rights. These challenges extend beyond the organization's value chain of suppliers, partners, and other third parties.

As pressure rises, it is essential to understand thata successful compliance program hinges on enhancing three core elements: people, processes, and products. These fundamental building blocks are necessaryfor compliance within the broader governance, risk, and compliance (GRC) framework.

Let's understand in detail how organizations can strengthen each of these elements.

People

For a compliance program to work effectively, awareness must extend beyond the compliance team to include every employee across all departments and business units. As a best practice, all employees should be well-versed in compliance requirements, stay updated on regulatory changes, and understand actions that could trigger violations.

In India, under the Securities and Exchange Board of India (SEBI) Prohibition of Insider Trading Regulations, 2015 (PIT Regulations), the Compliance Officer is tasked with managing the code of conduct and ensuring adherence to regulatory requirements. There have been several cases where the SEBI has held Compliance Officers accountable for failing to enforce compliance with the code of conduct and other PIT Regulations and slapped them with penalties.

Here are some essential steps organizations can take to cultivate a compliance-focused workforce:

-Regulatory and policy obligations must be documented.

-Define and document employees' specific compliance responsibilities and accountabilities based on their roles.

-Offer targeted training sessions to enhance employee awareness and understanding of compliance issues.

-Set up open and effective channels for employees to quickly report any problems or concerns.

-Encourage the reporting of possible misconduct, fraud, and other violations, including options for anonymous submissions.

Process

Developing and maintaining strong, clearly defined processes—such as a compliance framework, strategy, policies, and procedures—is crucial for a successful compliance program. Given the fast-paced nature of regulatory changes and frequent updates, the compliance program must beagile. Organizations should adopt a flexible approach that allows for quick adjustments to corporate policies and controls in response to evolving regulations.

A key aspect of compliance management is implementing and monitoring organizational controls. These controls can include regular fire drills for employee safety, hotlines for reporting abuse or discrimination, and thorough due diligence of third-party vendors to ensure their compliance. Organizations should establish transparent processes to test and monitor these controls to address gaps consistently.

Product

Given today's intricate regulatory landscape, technology-based software solutions are essential for maintaining compliance. Tech advancementshave led to a shift towards automated, self-sustaining compliance systems. Organizations should leverage these innovations and automate compliance processes. Automation enables streamlining administrative tasks. Compliance managers can use the technology to free time and focus on more strategic activities.

Here are some key areas where technology-based software products can help:

Next-Gen Control Strategies

Organizational controls play a crucial role in determining the success of compliance programs. Managing overlapping, duplicate, and sometimes conflicting controls can be challenging for organizations facing several regulations. The situation gets complicated when relying on manual methods, like spreadsheets, often leading to oversight and gaps.

Enhancing the compliance program helps streamline the control environment. AI-powered tools can automate continuous testing and monitoring of controls, identifying issues such as redundant controls and patterns of under- or over-testing. These insights are essential for refining the control environment and making more informed, timely business decisions.

Enhanced Relationship Mapping

A robust compliance program depends on a comprehensive overview of regulations, policies, procedures, risks, assets, controls, and business functions. Technology-based software solutions can help organizations create a centralized repository to map these relationships, providing a complete, 360-degree perspective of their compliance status.

Proactive Regulatory Scanning

Global organizations mustnavigate a complex web of laws, regulations, and standards. The relentless influx of new regulations and updates makes keeping up withthe regulatory landscape a nightmare.

AI-powered tools ease this process by continuously scanning for regulatory changes, providing timely updates, and alerting relevant personnel. These solutions simplify compliance and offer insights into how changes affect policies, controls, and business functions.

Effective Remediation

Technology-driven solutions simplify the investigationand resolution of non-compliance issues. These solutions improve efficiency by accelerating issue management and minimizing recurrence through a closed-loop remediation process.

AI-driven features further optimize this process by suggesting categorizations and action plans based on historical data. Automated alerts and notifications keep the process on track, ensuring timely investigation and resolution of issues.

Prompt Reporting

Organizations must consistently deliver detailed reports to boards, regulators, investors, and other stakeholders to showcase their compliance stance.

Technology-driven solutions automate this reporting process by generating reports based on essential compliance metrics, using dynamic dashboards for real-time visibility into the overall compliance status.

Key Takeaways

Building a robust compliance program is mission-critical in the modern regulatory landscape. The right mix of people, processes, and technology will determine the robustness and success of compliance programs in enterprises today.