Efficient workflow and automation for compliance
There’s a tension between how company leaders and employees see compliance. For leaders, the question is “How?”—or, more to the point, “How quickly?” (As in, “How quickly can we put a compliance program in place?” “How quickly can we provide reporting for this audit?” and so on.)
But for employees, the question is too often, “Why bother?”
Take, for example, the case of a European bank, as reported by McKinsey. They found that the firm’s early-warning system and handover procedures were “on paper only,” with frontline employees either entirely ignorant of what was required of them, or blatantly ignoring the policies—much to the shock of senior management.
Before learning about the “How” of compliance, company leaders need to look at the common sources of compliance failure. Once those are pinpointed, we get a better sense of what’s missing. As it turns out, investment in compliance activities need not focus on more leadership, more adults, or more binders filled with policies. When dealing with compliance failures, simple and efficient workflows are everything—which means investing in automation.
The Sources of Compliance Failures
Different authors will point to different sources of compliance failures. For example, one HBR article identifies poor metrics and a “checkbox mentality” as contributing to poor compliance programs. Another industry white paper puts “lack of leadership” and “failure to assess and understand risk” at the top of the list.
Whatever the structural reasons, most compliance failures come down to a single employee or team failing to take the necessary steps. The daily compliance workflow is where the rubber hits the road, and if that workflow is burdensome or complicated, it often doesn’t get done at all.
Take, for example, this more recent study by Gartner, which surveyed 755 employees whose roles included some measure of compliance activities. The reasons these employees gave for compliance failure paint a telling picture:
- 32% percent said they couldn’t find relevant information to complete compliance activities,
- 20% didn’t even recognize that information was even needed,
- 19% simply forgot to carry out compliance steps,
- 16% did not understand what was expected of them, and
- 13% “just failed to execute the step.”
Creating rules or policies is one thing. Many enterprise-sized companies can boast binders full of company policies and procedures created for compliance purposes. But unless those obligations are properly integrated into employees’ daily workflow, there will always be steps that “fall through the cracks.”
On the other hand, having an efficient and automated compliance workflow makes compliance tasks less burdensome.
Compliance Workflows and Compliance Automation
Employees often have a rhythm or cadence to their day. As they interact with various teams, their contributions form a workflow through the organization. Compliance activities have a workflow, too. The problem is that work time is a limited resource, and so time and effort spent in one workflow naturally takes away from others.
Compliance workflows, then, are the specific, concrete steps needed to ensure the organization is aligned with both internal controls and external regulations. Which steps are required in a compliance workflow depends on the regulations and controls involved.
Take, for example, the steps necessary to comply with data privacy laws (such as the GDPR, CPRA, parts of HIPAA, and so on). These laws are often a balancing act between right-of-access provisions and provisions for ensuring that private information is kept secure. To keep in compliance with both, any handling of documents needs to include a compliance workflow, including steps like:
- Sending or returning acknowledgements
- Tagging documents with appropriate metadata
- Storing documents securely
- Responding to requests for documentation
- Getting signatures/approvals from the right parties
- Destroying records after their required retention interval expires
Identifying the relevant workflows is just the first step, however. Even the most meticulously defined workflow will suffer from compliance failures if those steps have to be done manually for every document. This is where compliance automation comes in.
Compliance automation is the process of simplifying compliance procedures through the use of intelligent software. Taking the above example of document management, such software could automate compliance by:
- Routing documents to different people and departments as needed
- Sending receipt acknowledgment automatically as soon as documents are opened or accessed
- Storing documents securely in a central depository
- Tracking document access
- Masking sensitive information when data sources are queried
- Automating signature-gathering
- Scheduling document destruction when retention periods end
Document management is just one example of an area where compliance tasks are routinely forgotten or ignored, simply because the compliance workflow can be overwhelming. Automation centralizes workflow tasks and ensures that the right activities are prompted at the right time, throughout the document’s lifecycle. The same can be done, in theory, for things like marketing and sales collateral approval, certification processes, attestations, financial reporting, and more.
But Is the ROI There?
Cards on the table: Our own data-archiving platform, Omni Archive Manager, was specifically designed to do the above: Automate data management capabilities, including compliance tasks, to reduce risk and satisfy legal and regulatory requirements. It was created specifically because we saw how much financial services firms were losing, either due to manual processes that were too complex, or due to outright compliance failures.
What we saw out in the field has been borne out by research, too. For example, a study from the Ponemon Institute and Globalscape looked at the overall cost of compliance and non-compliance across several industries and found that:
- Non-compliance is 2.71 times more costly for an organization than investing in compliance.
- The largest costs associated with non-compliance had to do with business disruption and productivity loss. Both were many times more costly than associated fines and penalties for non-compliance.
- Corporate IT bears the majority of compliance costs, a sign that infrastructure and automation play the leading roles in compliance activities.
We have seen this kind of ROI for our clients as well—though different organizations will see different results, of course.
The Takeaway
To really get serious about compliance, company leaders have to do more than ask “how” questions. They must take a hard look at what compliance looks like on the ground.
When one does that, it becomes clear that most compliance failures are a matter of compliance workflow issues. Creating a better user experience through compliance automation can relieve many of those workflow issues. Fewer compliance failures are what will truly fuel greater savings for the organization.
So many other areas of business have been profitably automated—why would compliance be any different?
Share posts
