Integrating Compliance Data Can Boost Your Firm’s Compliance IQ

This article is Part 2 of a two-part series covering how to build a smarter conduct risk management system. Part 1 published in Legaltech News in June. Smart compliance management systems bridge disconnected sources of data to help compliance teams make sound decisions and manage risk more effectively. How can you tell if your compliance management systems are smart enough to combat misconduct? A key indicator is the degree to which supervisors and supervised persons can interact fluidly with high-quality data. A centralized conduct risk management platform links a firm’s compliance policies and Code of Conduct with supervisors and supervised persons to actively engage them in the oversight process. It features an easy to access repository of conduct risk management data and workflows.

Integrating Data to Boost Your Firm’s Compliance IQ

While many compliance systems function independently, sophisticated rules-based engines integrate data stored throughout and beyond the enterprise to reveal areas of risk that firms can score and prioritize. Advanced solutions feature a centralized command control dashboard, behavioral risk monitoring, document management, reporting, alerts as well as comprehensive approvals processing. Ingesting data from upstream and downstream systems such as human resources and other compliance systems, integrated platforms are populated with not only data about a firm’s employees and primary business, but with multi-dimensional data on public and private companies. Enriched with such deep cross-referenceable insight, an intuitive command control dashboard displays a snapshot of tasks awaiting action, including compliance calendar activities, periodic testing and reviews, employee certifications, and compliance case management—from breach identification to resolution. Taking advantage of configurable workflows, authorized users can easily define firm-specific processing rules, thresholds and alerts, cross-referencing a firm’s code of conduct and compliance policies. If employees, supervisors and administrators are trained to enter conduct risk data into a single integration platform, a more consistent approach and a new level of discipline enable a firm to better manage employee and third-party conduct risk. Mobile device supported portals compel staff to uphold a firm’s code of conduct by making it easier for them to adhere to a firm’s compliance program. Whenever an employee or vendor is onboarded, a procedure is introduced, or rule is updated, the compliance team can easily alter the data and process flows impacted by that personnel or rule change. For instance, when an employee is hired, his or her outside business affiliations can be entered into a centralized database that hierarchically links the individual to his or her associated entities. This hierarchical linking is how to build a conduct risk management system that knows what to look for and can flag issues before they metastasize. Implementing smart solutions not only helps a firm better manage compliance risk, but they demonstrate to the third line of defense—the audit function, including regulators—that a company is serious about monitoring its supervised persons. Attestations can be automated as evidence that supervised persons have been informed of the rules that apply to them. Examiners look favorably on firms that leverage such techniques to manage risk proactively.

Compliance of the Now…

Smart compliance management systems help firms perform richer analyses, slicing and dicing data across multiple dimensions so the compliance team can stay ahead of misconduct. The systems score who may be riskier employees, vendors and customers. As such, the task of gathering conduct data is valuable for compliance management, but invaluable should a problem needs to be escalated. Mature systems can improve risk management outcomes by matching increasingly complex data mining techniques employed by perpetrators. Today’s detective capabilities allow compliance to extract the “signal from the noise” in increasingly dense data landscapes. If and when a breach occurs, technology will prove invaluable for understanding and remediating the incident. New conduct risk management technology is helping companies engage employees by enabling them to fulfill their compliance obligations with minimal effort, such as submitting receipts via mobile devices. Replacing resource-draining manual methodologies, reports can be generated with the push of a button, tempering the impact of employee turnover while allowing insight to be more easily shared. An automated conduct risk management platform can create an audit trail of actions taken over time. User-defined reports can be generated with the click of a button to provide visibility into the risk profile of your employees as well as third parties, and any potential collusion points. This, in turn, enables administrators to easily analyze metrics to reveal patterns of behavior over time. But not all compliance systems are created equal as many fail to integrate data to the degree that users need. Data needed to manage conduct often either does not exist or is distributed across and beyond the enterprise, such as for vendor oversight. Such areas of disconnect pose the greatest difficulties for the compliance team because they’re where there is the least available data. “Technology is only as good as the data being fed into it,” explains Ben Shorten, a Senior Manager with Accenture Finance & Risk. In addition to data quality, ease of performing smarter compliance tasks ranks as among the most important qualities companies consider when evaluating compliance technology. “Firms want to spend less time gathering data and more time applying critical thinking to accelerate compliance decision-making,” adds Shorten.

…and the Not-too-Distant Future

Technology is being called on to bridge the first line of defense—a line of business professionals performing day-to-day risk management duties—across broader areas of the second line of defense, including not only compliance but operational risk and security functions. For example, tighter data integration can be anticipated between compliance and security to help improve a firm’s cybersecurity posture and response, as well as enhancements to physical security technologies. This could include monitoring employee fob-secured access to network services and data. “We are seeing an appetite for greater integration with other control functions, such as compliance and operational risk,” adds Accenture’s Shorten. “Technology must be flexible enough to interface to other technologies within the second line of defense to be able to achieve greater integration.” Analysts expect compliance teams to rely more and more on technology because today’s most advanced and integrated conduct risk management solutions improve compliance controls and decision-making, enabling the compliance team to work as a smarter, value-added strategic function. Promising inroads are being made so that compliance technology can add even more value. For example, algorithms are being integrated to spot correlations between research and personal trading. Compliance teams need to innovate not only to stay ahead of the latest threats, but to keep up with competitors that are already harnessing the power of technology, and to keep a seat in the C-suite.

The Impact of Next Gen Systems from the Front Line to the Bottom Line

The increasingly complex compliance challenges firms face need to be solved with a new way of looking at things. Today’s dynamic demands are making next generation solutions an operational necessity. Without the ability to centrally and easily access conduct risk data, even the most thoughtfully safeguarded firms can overlook misconduct that could otherwise have been curtailed. Just as regulators are relying on more sophisticated data analysis tools, compliance officers can leverage new software solutions to gain deeper conduct risk visibility without a significant increase in resources. A centralized compliance control room enables firms to be more adaptive as rules and threats continue to change. Next generation solutions help break organizational siloes to allow proactive risk management decision-making—a paradigm shift from IT used solely as a defensive mechanism. Advanced technology solutions enable firms to demonstrate they are making a good faith effort to better manage compliance. Tools that ease access to high-quality compliance insight empower people and processes to fulfill the promise of intelligence gathering sophisticated solutions now offer. As chief executive officer of MyComplianceOffice (www.mycomplianceoffice.com), Brian Fahey has been delivering complex technology solutions to meet critical business objectives within the investment management industry for nearly 25 years. His focus over the last decade has been building cost-effective Risk and Compliance IT solutions for the investment industry that can adapt to rapidly changing business and regulatory environments.