By Amy Matsuo, Principal, Global Leader for Compliance Transformation Solutions, KPMG (US) and Todd Semanco, Partner, Banking & Consumer Compliance Risk, KPMG (US)
Technological innovation and behavioral shifts are putting pressure on organizations to improve their operations while doing more with less. Compliance is an area ripe for this type of change, as automation gives rise to hopes of reducing compliance spend while more efficiently responding to shifting regulatory expectations and the changing risk landscape. However, more than half of Chief Information Officers (CIOs) and Chief Compliance Officers (CCOs) are not yet automating compliance activities, according to a recent KPMG survey. While 90 percent of CIOs and CCOs plan to increase automation funding in the coming years, only 1 in 5 have a well-defined strategy to automate compliance in the next two years.
While organizations face certain challenges and limitations in automating compliance activities, leveraging a simple but effective step-by-step plan is a great way to enhance the success and impact of a compliance automation effort.
Overcoming the top compliance automation challenges
The vast majority of CIOs and CCOs in KPMG’s survey cited data integrity (70 percent) and data availability (67 percent) as leading factors that were limiting their ability to automate compliance activities. CIOs and CCOs also identified a range of challenges when implementing a compliance automation strategy. These challenges include:
• Dependencies that are not understood in advance or throughout (39 percent)
• The lack of attention from leadership and stakeholders (36 percent)
• Insufficient metrics for measuring progress (35 percent)
• Unavailable resources to support the automation (32 percent)
• Limited subject matter expertise of those completing the automation (29 percent)
• Unavailable data or data that does not have anticipated integrity (26 percent).
While there are significant challenges in any compliance automation effort, considering some key factors up front and incorporating any decisions into a final strategy will prepare your organization to execute the project more efficiently. To do this, companies should follow these five steps:
• 1) Identify and Assess Dependencies. An understanding of the dependencies that exist in each step of the automation initiative is essential to creating a budget, implementation timeline, and reasonable expectations for your stakeholders.
• 2) Collaborate with Relevant Stakeholders. Stakeholders typically include senior members of compliance, legal, and business or operational employees who own the compliance processes being targeted for potential automation. It is also important to involve other interested parties who can influence the process.
• 3) Establish Metrics to Evaluate Progress. Metrics should be designed to clearly reflect where in the automation initiative the organization is, what tasks have been completed, and what tasks remain.
• 4) Identify Personnel with the Appropriate Skills, Knowledge, and Availability to Undertake the Automation. Ideal resources will have a contemporary skill set—one that blends a solid understanding of business operations, compliance issues, and risk management with cutting-edge technological proficiency.
• 5) Confirm that All Requisite Data Sources are Available and the Data has Integrity. This step is foundational. In order to target compliance processes where automation can most easily be incorporated, the underlying data must have integrity and also be available.
This careful consideration during the planning stage will help the next step in the process: identifying where compliance automation opportunities will have the most impact.
Identify compliance automation opportunities
Identifying compliance automation opportunities requires organizations to determine which compliance automation activities will realize the greatest return on investment. While there are many compliance activities and obligations that could be automated, CIOs and CCOs have identified the top compliance activities that are ready for automation.
1. Compliance Risk Assessments (56 Percent): Automation of risk assessments can help organizations develop a single view of risks across their enterprise. Organizations can use automation to assign ratings to inherent or mitigating controls and in the quantitative analysis process.
2. Policy Management (40 Percent): Automation can be used to track policies, procedures, and communications; changes to protocols; and provide a workflow and audit trail for approval and certification processes.
3. Regulatory Change Processes (40 Percent): Automation can accelerate the inventorying of regulations, laws, and obligations from global regulatory sources; provide real-time notification of new rules, proposed rule changes and guidance; track regulation lifecycles; and enable a quicker impact analysis when such obligations change.
4. Due Diligence (39 Percent): Automation can reduce the costs of completing due diligence that must be updated on a recurring basis, particularly due diligence on third-party vendors, suppliers, contractors, and customers.
5. Monitoring and Testing (34 Percent): Automation can be used to extract textual information from non-machine readable documents to review transaction activity; analyze source documentation; aggregate test results for a more holistic view of risks; and assist with proactive identification and escalation of compliance failures.
6. Data and Analytics (27 Percent): Automation can also be used to develop a dashboard of risks across an organization; aggregate critical data elements for analytics into a single source; assess underlying data for completeness, accuracy, quality, and integrity via a data quality rules engine; and automate test or validation data feeds, data lineages, and report submissions.
Realize the return on the automation investment
While automation benefits can be measured in a variety of ways, organizations typically look at benefits in terms of reduced costs, improved resource allocation, reduced duplication, fewer numerical controls, and improved testing and monitoring coverage. Additional benefits include compliance effectiveness, efficiency, sustainability or overall resiliency. In addition, automation can enable organizations to aggregate reporting from across the organization, allowing for greater visibility of compliance risks and more effective compliance risk management through an integrated approach.
While the path to compliance automation contains unique challenges for each organization based on a variety of factors, the potential rewards are compelling. Most importantly, the enhanced efficiency and agility that compliance automation brings are critical to maintaining a competitive advantage in today’s market.