The different frameworks of the various regulatory bodies form intersections, which can lead to conflicts or redundancies: Norms, rules and guidelines must be clear, unambiguous, auditable and consistently harmonised. Obviously, it is not effective to distribute all of the rules to all employees, so that these priorities, contradictions and redundancies are resolved ad-hoc, temporarily, locally and without strategic focus over and over again. A sustainable approach that works in the daily operations influencing employee behaviour proactively requires complexity reduction. Information should be pushed to the respective geographical and organisational units on a need to know basis. Spamming the recipients will have an adverse effect loosing everybody’s attention.

Redundancies and synergies within external regulations must be identified, analysed to streamline the internal documentation and to respect the capacity restrictions of the organisation.

International regulations (Basel III, Solvency II, MiFID, IFRS, the EU Parent-Subsidiary Directive, …), national legislation, specifications of the executive power or industry associations (Corporate Governance Index, MaRisk, CSSF, …), statutory requirements form a multidimensional framework of requirements and objectives, standards of conduct for businesses of all sizes and service offerings.

A risk-based approach respects operational and strategic priorities in the implementation of rules. This way the compliance risk can be controlled ethically and economically. Accordingly, likelihood and impact of rule violations analysed, evaluated and assessed. An embedded in the application catalogue of risks permits a documentation of the results.

Both external standards and – derived – internal specifications can be linked to the catalogue, so that the current risk situation and the interdependencies can be reported at any time. The impact of externally or internally initiated modifications to the rules can be analysed systematically and automatically resulting in a quick and consistent change management. This approach saves time and costs minimising the compliance risk.

One of the primary tasks of the risk management function is the analysis of synergies, redundancies and conflicts of objectives in all external and derived internal regulations. Strategic orientation, ethical standards and principles of good corporate governance increase the complexity. The derivation of a simple, clear, non-contradictory and economically viable, subset of the regulatory framework must be tailored for each part of the organisation individually. Without modern information technology allowing a reliable and transparent corporate communication this is a hopeless venture

Therefore, the co_suite provides an integrated system for

• Representation of references of multiple, external standards with the own derived specifications and instructions,
• Risk-based implementation of policies,
• Reporting the current compliance situation,
• Concise delivery of information tailored for position place, department or location in a user-friendly manner,
• Providing an audit trail for a reliable communication – particularly for pushed information requiring recipient feedback
• Encryption and appropriate handling of confidential content

• Documents relates external regulations and internal control environment risk-based and process-oriented,
• Complaints collects multiple channels (social media, email, telephone, …) criticism and suggestions from customers and employees and executes compliance compliant solutions – it can also be operated as an anonymous “whistleblowing system”
• Ideas provides a platform to improvement and creative potential within the organisation to harness and increase employee motivation and retention,
• Training ensures a systematic and verifiable mediation training need of content,
• Contracts monitors compliance with the regulations in terms of contractual and commercial conditions having the documents at hand everywhere with a timely reminder for cancelations or renegotiations,
• Audits allows the systematic collection, tracking and elimination of deficiencies in the organisation,
• Issues tracks all initiatives (whether compliance-related or not) and ensures a timely implementation

Before a balanced scorecard approach or other controlling instruments try to implement corporate strategies, they must be communicated and explained in the first place. This includes the breakdown of the company’s strategy to an individual perspective of each geographical or organisational unit.

A vibrant organisation processes the changes in the business environment fast, structured and efficiently. The centralised and easy-to-use application provides a common, web-based platform for managing, coordination and tracking of these Issues initiatives.

The transport of information from one process to another or to an organisational unit to another must be controlled and traceable. All compliance-relevant modules and data require a notification system – consistent, uniform but tailored to the corporate structures. It must overcomes the drifting of responsibility by serving information needs too broadly and below the perception thresholds of the addressees.

In the modules Design Thinking and Ideas problems and improvement potential can be collected. Ideas can be shared on an open and common basis processing them to viable ideas.

Multi-standard compliance can be achieved only integrating the complete external specifications. The co_documents module includes an area for “Standards and Regulations”. All relationships and interactions of internal documentation can be retrieved by the reference list and in special reports.

Monitoring the compliance risk requires the possibility to detect patterns and cross-relationships among data from different modules. Interfaces between the Social Radar module, audit tracking, idea management and contract or complaint handling and issue management are provided on a uniform and centralised platform. Not all modules must necessarily originate from the co_suite. Relevant data can be transferred via the interface and or connected from other systems

E.g. a customer complaint can require an adaptation of the counterparty risk rating, or a test report may reveal organisational deficiencies in the authentication process impacting money laundering controls. Whether corresponding procedures are related through standards, can only be retrieved automated, quickly and efficiently on an integrated database avoiding a complicated manual search.

Compliance cannot be delegated to a person or a group. It is the responsibility of the entire organisation. The required collaboration can only established if

• Redundant information and communication flows are eliminated,
• The organisation focuses on relevant requirements,
• Responsibilities are clearly defined,
• Communication channels and reporting processes are transparent and
• Completion dates are monitored stringently.

Information streams may be blocked or slowed. The compliance requirements must be communicated to staff timely and completely. Today’s information driven society, notifications must also be distributed so concisely dosed that compliance requirements arrives at the recipient. Logs and audit trails ensure traceable delivery of information. Information can be pushed or must be pulled according the organisational needs. A common database with standardised web access as the user interface makes the co_suite an indispensable tool for every risk manager or compliance officer. Logical access control, encryption and certified software components provide a secure infrastructure.

Any device, any place, any time: information should be available, wherever needed by staff. Search and navigation functions lead directly to the relevant content. Unnecessary complexity can be hidden, so the acceptance and implementation speed increases. Relationships among content can be analysed across all modules. Compliance risk is thus controlled throughout all process and hierarchies.