automating your compliance program your 2012. 10. 14.آ  1 automating your compliance program...

Download Automating Your Compliance Program Your 2012. 10. 14.آ  1 Automating Your Compliance Program Automating

If you can't read please download the document

Post on 25-Aug-2020




0 download

Embed Size (px)


  • 1

    Automating Your Compliance Program Automating Your

    Compliance program

    Ted Banks Compliance & Competition Consultants LLC

    Scharf Banks Marmor LLC

    The Key Concepts • Capture knowledge electronically

    & reuse it automatically • Figure out what you do during your compliance activities, and

    use automation tools to do it better.

    • Make it your goal to have every employee want to partake of compliance because it is so wonderful.

  • 2

    “Three Rules to Build Your Digital Experience Strategy”*

    1. Design dopamine digital experiences. – “I can’t wait.” – “This is fun.” – “I got it done.”

    2. Be everywhere. 3. Stay fresh.

    *J. Rymer & M. Gualtieri, KM World (Sept. 2012)


    • Inspiration: ABA Tech Show 60 Sites in 60 Minutes, which became 60 Apps in 60 Minutes

    • Today: A few “big” systems, a few small applications, and a bunch of ideas, some of which you may find useful.

  • 3

    The CCO Job

    • Protect the company • Do it by

    – Doing your job more efficiently (back office) – Reaching employees more effectively (front



    • #1 Help employees do their job better • #2 Make your job better • My philosophy: employees come first

  • 4

    Getting Help (or Inspiration)

    • Vendors – Beware the BS

    • Your IT Department • Benchmarking with

    other companies • Analogies from

    other systems

    The Vendors 1. They use adjectives instead of facts: “The Acme System is a robust compliance system designed to deliver the results you need. It has been specifically designed to be the most comprehensive and function tool available. It streamlines your job and will improve profitability. Call for a demonstration.”

  • 5

    The Vendors 2. They are afraid of competition: We don’t want our competitors to copy our great ideas.

    The Vendors

    3. They don’t really know how to get the word out.

  • 6

    The Reality

    • Good ideas can come from anywhere • I am not endorsing the vendors

    I mention in this presentation, but present them as examples

    of what can be done • The toughest job:

    conceptualizing what you want

    Paradigm 1: Filling Out a Form

    • Forms are a powerful tool

    • To work: – Requires that you know what

    questions to ask – Requires that it is used at the right time – Requires that can be practically used by those

    who should do so

  • 7

    Learning from Data

    Centralizing Data

    • Avoid repetitive due diligence questionnaires

    • Example: Trace International TRAC system for 3rd party verification

  • 8

    Paradigm 2: Painless Access

    • Make compliance a seamless part of business processes

    • Make access to information painless • Make the compliance experience special

    What Technology?

    Real Biz Shorts --

  • 9

    The Business Process

    • Do you know what processes happen in your company that can incorporate a compliance step? (Siemens example later)

    Making access to compliance information painless

    • Instantaneous • Automatic • Fits the way the

    employee communicates – does not require new behavior

    • Do you use an iPad?

  • 10

    Ease of Access to Information

    Do you use a smart phone (or even a not-so-smart phone)?

    Use it for compliance!

  • 11

    Send a text message • The To-do List

    – Type: todo

    – Example: todo draft social media policy

    • Voting/Poll – Type: vote

    – Example: vote 3


    WoltersKluwer ComplyTrack 6 Alpha

    Make the Compliance Experience Special

    • Can you use a geographic analogy to convey other compliance topics?

  • 12

    True Office Mobile Compliance Games

    What do you know about jobs?

    • The Amazon model: – Based on what you buy, we know what you

    probably want • The compliance model:

    – Based on what you do, we know your compliance risks

    – Therefore, we target our compliance program

  • 13

    Linking Jobs to Risks

    • No agreement on what compliance means

    • So beware of companies that advertise “compliance” software, e.g., using compliance to mean document management or workflow

  • 14

    Regulatory Compliance

    • Health care, financial services • For compliance officer, or subject matter

    expert • Make technical information more

    accessible • Make sure that processes are followed

    Regulated Industry Example: Health Care

  • 15

    Look at each step of the compliance process: What can you automate?

    • Risk Assessment

    • Compliance standards and procedures

    • Organizational infrastructure

    • Due care in delegation • Communicate compliance


    • Monitor and audit

    • Appropriate discipline

    • Periodically update the program (triggers from reports)

    • Generating heat map with audience response system

    • Managing policies • Track training of board, executives,

    compliance program for RIFs • Background checks • Conversion of PowerPoint to

    training; link of training to job descriptions; automated certification process

    • Screens; automated email monitoring; expense monitoring

    • Investigation process • Triggers from reports

    Training: WeComply Reporting Dashboard

  • 16

    Back Office System

    • Challenge: just too much to do and keep track of all of it

    • Response: a comprehensive compliance system

    Slide 32

    PWC UK Enterprise Compliance Portal

  • 17

    Slide 33

    Assessment – Template selection

    Slide 34

    Assessment - Self assessment summary

  • 18

    Slide 35

    Assessment - Self assessment details / data entry

    Assessment - Remediation plan details

  • 19

    Slide 37

    Self certification - Dashboard

    Slide 38

    Self certification - Confirmation / sign off

  • 20

    Slide 39

    Reports - Global assessment heatmap

    Slide 40

    Reports - Compliance dashboard report

  • 21

    Reports - Response breakdown report

    Slide 42

    Reports - Assessment against remediation progress

  • 22

    Slide 43

    Reports - Level of risk details

    Document library

  • 23

    Risk Assessment • Resolver Ballot + Protiviti: using audience

    response systems

    Policy Management

    • Could be something like SharePoint • Central source for policies

    – On line copies linked to master • Version control

    – Authority to alter • Distribution to impacted employees • Reminder to update

  • 24

    Policy & Procedure Management Creation, Review, Approve,


    Certification and Self Assessments

    Mapping to Risks and Controls

    Alerts and Notifications

    Awareness and Training

    Tracking and Visibility

    Policies related to -Gifts - Regulatory Compliance -Commission Payment -Expense Re-imbursement -Payment -Travel and Entertainment -Employee Background

    Enforcing the policy and guidelines and ensuring compliance on employees and Third Parties


    • The garbage in-garbage out problem • LMS,LCMS important for compliance • What do I need to know to do my job? • We fail

    – Overinclusive or underinclusive – Static, boring – irrelevant

  • 25

    Convert PowerPoint to eLearning: Articulate

    Full Escape from PowerPoint

    • The Khan Academy Blackboard Approach

    • If you know your stuff, you should be able to teach it this way

  • 26

    Track Training of 3rd Parties: Eduneering Compliance Wire


    Training Program Effectiveness

    Policy Certification


    Performance of Controls

    KPI/KRI Breach

    Risk Assessments Audit Results


    On-time Remediation mechanism

    Resource and Time Management

    Effectiveness of Compliance Program

    Example from Metric Stream

  • 27

    Administering Compliance Rules

    • Train to use tool before certain actions, such as giving or receiving gifts

    • Can combine automated process with manual review

    Protection notice / Copyright notice For internal use only / © Siemens AG 2012

    Policies and electronic tools help identify risk and balance competing i


View more >