Future of Compliance
Future of Compliance

What Do Experts Foresee for the Future of Compliance?

When you bring together a group of risk, compliance, and business continuity experts, one should keep one’s eyes and ears tuned in for the expertise they’ve got to share. So it was with our online Virtual Summit, The Future of Compliance.

The event (now available as a set of on-demand videos) was a success by any measure, with 965 registrants from over 30 countries who were able to pick from five sessions featuring a truly blue-chip retinue of compliance thought leaders.  Who gave attendees a lot to think about.

As Mark Delgado, Mitratech’s General Manager for GRC put it during the introductory keynote with our CEO, Mike Williams, the extraordinary interest from the risk and compliance community “just shows that compliance and compliance problems are truly global problems today.”

Another relevant fact about the audience?  Mark pointed out how a large portion of them worked at multinational enterprises, and who had to deal with multilayered regulatory environments – regional, national, local – across the many countries where they might operate. The regulations they work under can be “inconsistent, often contradictory,” as he put it.  “Navigating this complexity can be an enormous problem for enterprises.”  Prompting a search for insights and solutions that leads them to events like the Summit.

GRC Summit On-Demand Video

Compliance meets Business Continuity Transformation™

In his session, Brian McGovern, General Manager of Workflow Solutions at Mitratech demonstrated how workflow automation allows professionals the agility and efficiency needed to drive a smarter, more agile form of business continuity in times of significant upheaval.

This new approach, Business Continuity Transformation, can help an enterprise exercise what Brian called proactive resilience.

BCT is a framework for sustaining business-as-usual during crises and disruptions, and risk and compliance teams are uniquely suited to implementing it by using the right tools to effectively track obligations, ensure changes to operational practices are communicated, eliminate informal and manual processes (especially any that still rely on paper), and take control of mission-critical information.

How does that work in practice?  Brian was joined by Mitratech’s Varun Ghai to demonstrate real-world examples of how clients have used workflow automation to solve a host of challenges presented by COVID-19.

The challenges of policy, model and EUC risk during COVID-19

Moderated by Mitratech’s Henry Umney, SVP Commercial, this panel drilled down into the EUC-related risks caused by the COVID-19 pandemic and the pivot to newly remote workforces.  One question they mulled? “How well have we fared?”

Igor Prizant, Managing Director at Ernst & Young, Deepa Ghosh, Head of EUCT Governance Technology and Reporting at Wells Fargo, and Jon Hill, Professor of Model Risk Management at New York University, explored the topic in fascinating depth, starting with the proliferation of Shadow IT in the form of EUC spreadsheets and models.

Companies are being faced with the need to uncover and manage their Shadow IT estate at the same moment workforces have become remote.  Regulators, meanwhile, continue to ratchet up pressures around EUCs and EUC modeling.

“We’re going to see an even greater proliferation of EUC models,” Jon Hill said, as companies try to cope with a dynamic economic situation.  That, he explained, increases the need to inventory and monitor those models and maintain compliance. Which in turn demands the use of better technologies for discovery, risk assessment, and reporting.

Compliance Management Igor Prizant

“Our hand’s been forced” – leveraging workflow automation to overcome new challenges

Mark Delgado has worked for many years with the U.K.’s Family Building Society, and Dan Condon, its Business Transformation Manager, joined him during the Summit to explain how they’ve utilized technology to rise to the demands associated with the pandemic.

As Dan said, “our hand’s been forced” by the situation, as the organization has suddenly developed what he called “an increased appetite” for solutions to meet specific operational challenges that arose during the outbreak.

DataStore Family Building Society

The one Dan related in depth was the fact the Society had an urgent requirement in front of them: While working remotely, they still had to handle the repayment agreements for customers who’d taken COVID-19 related mortgage payment holidays.  To meet this need, they needed a fresh approach.

Utilizing DataStore’s Workflow Automation functionality, his team designed a unique hybrid model that automated much of the process, providing flexibility and the ability to optimize it, while still utilizing traditional paper letters to customers.  The reason? They knew many older customers were more comfortable with mailed letters and statements.

No slowdown in data privacy regulation, but litigation is accelerating

Mark’s next job was to moderate a discussion featuring Michael Rasmussen, GRC Pundit & Analyst at GRC 20/20, and Stacey Garrett, Shareholder of Keesal, Young & Logan. The topic? Data privacy, and the fact that the pandemic hasn’t put a dent in the intentions of most regulators to enforce existing – of upcoming – data privacy laws.

In the case of the CCPA, Stacey explained how the fact it includes statutory damages has resulted in a new California Gold Rush of litigation, with multiple class-action lawsuits already underway. Unfortunately, as Michael Rasmussen commented, the growth of the Internet of Things and greater connectivity has resulted in greater potential exposure for businesses. The escalating odds of data breaches are only exacerbated by the new remote workforce reality.

Companies must, as Stacey urged, build compliance systems that are more than simply effective right now; these frameworks and tools have to have the agility and adaptability to meet new regulations and the inevitable changes to existing ones.

Compliance and Data Privacy

What’s ahead for compliance professionals?

The Summit closed with an open discussion focused on what steps can be taken to reduce current strains on the compliance department, and how compliance teams can help their enterprises do more than just survive the outbreak but embrace Business Continuity Transformation tomorrow.

Henry Umney was joined by Dan Torjussen-Proctor, Managing Director at UK Finance, Sam Lee, Head of Operational Risk, EMEA at Sumitomo Mitsui Banking Corporation, and Richard Smith – Risk & Compliance Director.

According to Sam Lee, there have been important lessons on many fronts that compliance teams can take away from the last few months.  As he reminded us all, operational resilience isn’t merely about “preventing, responding, and recovering” from issues, but learning from disruption.   The resilience of third-party suppliers and vendors, for instance, is a question that’s been brought home by the pandemic.

Among the “silver linings” of the pandemic? One, according to Dan Torjussen-Proctor, is how the pace of decision-making has been greatly accelerated in the remote working environment, in the experience of his organization’s members.  Decisions that once took weeks or longer are now made in days, even hours.

As Richard Smith observed, companies that have gone into “shutdown mode” and slashed expenditures may be doing themselves a disservice. COVID-19 has given them an opening to make changes or improvements they’d previously resisted for lack of opportunity.  Making those changes might better position them to “come out of this fighting.”

As with all the sessions, there was much more than this covered in their discussion, and audience questions were plentiful.  If you’d like to watch and share the Summit’s sessions, there’s no easier way than to simply use the link below to see them as on-demand videos.  Or bookmark this blog, as we’ll be posting detailed accounts of each area that was discussed in the weeks ahead.