The various legal frameworks form intersections, which can lead to conflicts or redundancies: Norms, rules and guidelines must be clear, unambiguous, auditable and consistently harmonised. Obviously, it is not effective to distribute all of the rules to all employees, so that these priorities, contradictions and redundancies are resolved ad-hoc, temporarily, locally and without strategic focus over and over again. A sustainable approach that works in the daily operations influencing employee behaviour proactively requires complexity reduction. Information should be pushed to the respective geographical and organisational units on a need to know basis. Spamming the recipients will have an adverse effect loosing everybody’s attention.
Redundancies and synergies within external regulations must be identified, analysed to streamline the internal documentation matching the capacity limits of the organisation.
Changes need to be processed quickly, efficiently and transparently.
Below we illustrate how this can be implemented based on a modern, web-based software:
Develop a coordinated approach to your organization for the regulatory environment.
Proactive compliance management: eliminate superfluous and resolve contradictions.
International regulations (Basel III, Solvency II, MiFID, IFRS, the EU Parent-Subsidiary Directive,...), national legislation (banking or securities exchange act, ...), specifications of the executive or industry associations (Corporate Governance Index, ...), statutory requirements form a multidimensional framework of requirements and objectives, standards of conduct for businesses of all sizes and service offerings.
A risk-based approach respects operational and strategic priorities in the implementation of rules. This way the compliance risk can be controlled ethically and economically. Accordingly, likelihood and impact of rule violations analysed, evaluated and assessed. An embedded in the application catalogue of risks permits a documentation of the results.
Both external standards and - derived - internal specifications can be linked to the catalogue, so that the current risk situation and the interdependencies can be reported at any time. The impact of externally or internally initiated modifications to the rules can be analysed systematically and automatically resulting in a quick and consistent change management. This approach saves time and costs minimising the compliance risk.
Multi dimensional Compliance-Requirements
One of the primary tasks of the risk management function is the analysis of synergies, redundancies and conflicts of objectives in all external and derived internal regulations. Strategic orientation, ethical standards and principles of good corporate governance increase the complexity. The derivation of a simple, clear, non-contradictory and economically viable, subset of the regulatory framework must be tailored for each part of the organisation individually. Without modern information technology allowing a reliable and transparent corporate communication this is a hopeless venture.
Therefore, the co.suite provides an integrated system for
- Representation of references of multiple, external standards with the own derived specifications and instructions,
- Risk-based implementation of policies,
- Reporting the current compliance situation,
- Concise delivery of information tailored for position place, department or location in a user-friendly manner,
- Providing an audit trail for a reliable communication – particularly for pushed information requiring recipient feedback.
- Encryption and appropriate handling of confidential content.
- Documents relates external regulations and internal control environment risk-based and process-oriented,
- Complaints collects multiple channels (social media, email, telephone, ...) criticism and suggestions from customers and employees and executes compliance compliant solutions - it can also be operated as an anonymous "whistleblowing system"
- Ideas provides a platform to improvement and creative potential within the organisation to harness and increase employee motivation and retention,
- Social Radar is an alarm system that scans the media like a radar for regulatory, compliance and reputational risks and represents the relationships of internal affairs and operations directly,
- Training ensures a systematic and verifiable mediation training need of content,
- Contract monitors compliance with the regulations in terms of contractual and commercial conditions having the documents at hand everywhere with a timely reminder for cancelations or renegotiations,
- Audits allows the systematic collection, tracking and elimination of deficiencies in the organisation,
- Issues tracks all initiatives (whether compliance-related or not) and ensures a timely implementation.
Before corporate strategies are implemented by Balanced scorecard approach or other controlling instruments, they must be first of all communicated and explained. This includes the break down of the company's strategy to an individual perspective of each geographical or organisational unit.
Compliance- best practice
co.documents allows a systemised collection and management of processes, instructions and regulations. Easy navigation by process maps, a full-text search or a traditional directory structure allows a quick and user-specific, customized access in the daily business. Process owners control and monitor the risk situation with a clear separation of responsibilities using the embedded reporting instruments.
Ad Hoc Project and Action Management
Compliance related Information
Collection of Problems – Proposing Ideas – Implementing Solutions
Monitoring the compliance risk, requires the possibility to detect patterns and cross-relationships among data from different modules. Interfaces between the Social Radar module, audit tracking, idea management and contract or complaint beings and issue management are provided on a uniform and centralised platform. Not all modules must necessarily originate from the co.suite. Relevant data can be transferred via the interface and or connected from other systems.
E.g. a customer complaint can require an adaptation of the counterparty risk rating, or a test report may reveal organisational deficiencies in the authentication process impacting money laundering controls. Whether corresponding procedures are related through standards, can only be retrieved automated, quickly and efficiently on an integrated data base avoiding a complicated manual search.
Compliance cannot be delegated to a person or a group. It is the responsibility of the entire organisation. The required collaboration can only established if
- Redundant information and communication flows are eliminated,
- The organisation focuses on relevant requirements,
- Responsibilities are clearly defined,
- Communication channels and reporting processes are transparent and
- Completion dates are monitored stringently.
Information streams may be blocked or slowed. The compliance requirements must be communicated to staff timely and completely. Today's information driven society, notifications must also be distributed so concisely dosed that compliance requirements arrives at the recipient. Logs and audit trails ensure traceable delivery of information. Information can be pushed or must be pulled according the organisational needs. A common database with standardised web access as the user interface makes the co.suite an indispensable tool for every risk manager or compliance officer. Logical access control, encryption and certified software components provide a secure infrastructure.
Tablet, smart or I-Phone: information must be supplied wherever needed by staff in the field. Search and navigation functions lead directly to the relevant content. Unnecessary complexity can be hidden, so the acceptance and implementation speed increases. Relationships among content can be analysed across all modules. Compliance risk is thus controlled throughout all process and value chains.