Business As Usual
Business As Usual

Reduced Cost and Enhanced Impact: Embedding Compliance in BAU

Graham Machray |

Compliance management has moved from being a nice to have, to an absolute need to have. For many organizations, it is part of business-as-usual (BAU). The scale and scope of compliance frameworks across the world have grown, and now covers many industries.

Globalization is compelling more companies to understand and manage compliance frameworks in other countries as well as their own. This growth in compliance is forcing more organizations to find ways of embedding their compliance efforts in their BAU. They want to enhance their compliance, as well as achieve efficiency savings and cost reductions.

Embedding compliance in the BAU has led to many organizations introducing the role of Chief Compliance Officer (CCO), a Board-level appointment. This role’s purpose is to advise their Board peers on strategic implications of compliance, as well as lead, direct and influence the compliance effort in the business.

Financial service organizations have taken the lead in creating CCO roles, to address diverse compliance regimes including Basel III, Solvency II, MiFID II, CECL, IFRS 9, IFRS 17, SMCR, and many others. U.S. publicly listed companies, and those planning to list, have done the same to help abide by Sarbanes-Oxley (SOX) legislation. Other companies have to observe regulations related to Anti-Money Laundering (AML), Know Your Customer (KYC), and terrorist financing.

GRC Summit On-Demand Video

Industry-specific ISO standards are also key for many businesses. While there may not be the business justification for a dedicated CCO head in many of the businesses affected, the role and responsibilities of a CCO are being vested in a board member and their staff, typically in finance, risk, or operations.

How does the CCO role impact the enterprise?

There are several implications stemming from the introduction of the CCO role. Firstly, it moves the perception of compliance away from ‘no we can’t’, and much more towards ‘how can we?’. It also aligns compliance within an organization’s risk management framework, rather than as a separate administrative function. It places compliance firmly in an organization’s BAU, alongside other functions.

Secondly, it changes how organizations manage their compliance. A CCO needs an enterprise-wide perspective of compliance against multiple frameworks to assure compliance, but s/he also provides advice and direction to the business. Ad-hoc or departmental systems will need to be enhanced or replaced to provide effective policy and compliance management.

This approach will underpin the need for “compliance as BAU.”  It also provides scope for scale and efficiency savings, which help reduce the overhead of managing multiple compliance regimes.

Learn more about how Mitratech and industry experts in sustaining business continuity are helping businesses to embed compliance at the core of their business: Watch our Virtual Summit, The Future of Compliance.

Manage your Shadow IT spreadsheets

With ClusterSeven, take control of the End User Computing assets hidden across your enterprise that can create hidden risk.