Live From Interact 2020, Day Two: Risk & Compliance Takes the Stage
If there ever was a time for risk and compliance management to be in the spotlight, it’s now.
For Day Two of our annual user community event, the marquee was crowded with experts whose stock-in-trade is risk and compliance management. That included Mitratech’s own experts, some of the industry’s leading consultants and pundits, and our clients. All of them had plenty to talk about as they explored the effects the pandemic has had on their organizations and the business world at large.
GRC 2020: Seizing Opportunities in Times of Disruption
Mark Delgardo, Managing Director, GRC, at Mitratech and Scott Metro, Partner at PWC explored the GRC landscape in 2020, discussing how best to overcome, and even thrive in a time of disruption and change. The recurring theme they debated was the need to constantly align compliance, legal and contractual obligations to the wider business processes. They reviewed how automation could best drive consistency, accuracy, and resilience across the enterprise and throughout the supply chain.
As Scott observed:
What is important right now? Making sure you have an understanding of what your policies are, what regulations are coming, and get them into a system where you can track them
Managing The “New Normal” with a Remote Workforce
Tony Bethell, VP Strategic Alliances at Mitratech and Jay Chakraborty, Partner, PWC considered the practicalities of managing a remote workforce in a world that still requires compliance with a host of regulations and policies, despite many people continuing to work from home.
The issues they explored included policy and compliance enforcement, management, and attestation, where people are using a host of desktop-based applications, environments, and processes featuring Excel, Tableau, and Python, for example, to deliver customer services in a hybrid office/home-working environment. Core to their conversation was how to most effectively control these processes and applications, as Jay observed:
In these times…managing those endpoints (EUCs) is extremely critical, because it may be a matter of survival.
The New Paradigm of Obligations Management
Jim Montgomery, Director, Product Management at Mitratech played host to Karen Montgomery, Director, Risk & Compliance at Mitratech, Stephen Gutleber, a leader for Information, Security & Compliance at Aimbank, and renowned pundit and analyst Michael Rasmussen of GRC 20/20.
The panel explored the plethora of regulatory and legal changes that are constantly being introduced across the world, and reviewed the best tools, strategies, and approaches to capturing them, assessing them, enforcing them, and reporting on them. The focus was on one’s own business, as well the need to look at third parties and even fourth parties to ensure comprehensive enterprise-wide obligations management, and Michael made that last requirement clear:
“What used to be understood as a compliance obligation internally now expands across third-party relationships.”
Ethics Rising: Creating a Culture of Ethics and Accountability
Dan Hamilton, President of Mosaic Consulting was joined by Brian McGovern, GM, Workflow Solutions at Mitratech, and David Esposito, Director of Legal Operations at Capital One.
“Once an email goes out the door, you have no idea where it can end up… anything you say or write down, you should just assume it can become public knowledge.”
Vendor Risk Management: The Moment is Now!
Jay Fitzhugh, Chief Regulatory Officer at Mitratech led a panel that included Rodney Campbell, Director of Third Party/Vendor Management at Valley National Bank, Hector Jimenez, Director of Operational and Vendor Risk Management at Enterprise Risk Management, and Adrian Rodriguez, VP/Internal Controls Manager at Amerant Everyone shared some excellent advice with several clear overall messages.
Vendor Risk Management is ever-growing and changing, therefore clear lines of communication are essential between contract owners and vendors through upper-level management. Automated vendor risk software is equally as important as employee training to ensure employees use the tools available to them. It’s important to take the time to draft strong vendor contracts with SLA’s and continuously monitor vendors beyond traditional, point-in-time reviews. And agility and business resiliency need to be incorporated into an overall VRM strategy, especially in today’s environment.