Archive

Posts Tagged ‘automation’

3 steps to a Compliance Strategy – As valid now, as ever!

3Steps Compliance StrategySome of my old FileNet friends reading this article will smile… I realised today to my surprise, that it’s over 11 years ago that this simple concept was first articulated, and went on to form the basis of our compliance messaging, transitioned into IBM after the acquisition, and was presented in many conferences and briefings. The result of a quick brainstorm before a breakfast briefing for Bearingpoint, at an off-site annual kick-off session, the picture on the left is a scan from my original notebook where it first appeared, in January 2004. I have evidence of this still being included in presentations as late as 2011. In the world of PowerPoint slides, does that make it a classic?

Now, it may be an old message, but it is as valid today as it ever was. And since I’ve never written about it in this blog I thought it was worth re-introducing it to a whole new audience.

What does a company need to do, to be compliant?

There are three very fundamental and very explicit stages for an organisation to achieve a “compliant” status. These apply equally to every vertical industry, be it Banking, Insurance, Telco, Retail, Pharmaceutical, etc. And they also apply equally, if “compliance” refers to regulatory compliance in a Nuclear plant, financial compliance, or Health & Safety at a local school.

Step 1 – The Present: Become compliant

What do you need to do today, to comply with the rules and meet the regulations? What changes in procedure, what risk controls, what equipment checks, what training? This stage includes designing and implementing everything that a company needs to put in place, to be able to certify that today, it is compliant with each regulation the law currently subjects it to. Implementing this stage requires the company to (a) identify and understand which regulations are relevant and what they are expecting (b) identify possible areas and processes where the company is at a risk of not compliant with the regulations, and (c) implementing any changes necessary to remove those compliance risks.

Step 2 – The Future: Remain compliant

This is the part that is often forgotten, and ends up costing organisations millions in fines: Looking at the future. Becoming compliant is not enough, it’s just the first step. As an organisation, you need to ensure that compliance is sustained consistently in the future. That every system, every procedure and every employee remains within the controls and guidelines specified by the legal regulations or the company policies. At a manual level, this involves regular training for employees and regular testing of all the various controls and devices implemented in Step 2. The best way to implement Step 2 however, is automation. Putting in place systems and processes that not only monitor the company’s compliance, but that enforce it. The less a company relies on individual employees to maintain compliance the less likely it is to fall foul of compliance breaches through human error. Automation reduces training requirements, reduces management overheads, and it reduces wasting operational cycles for testing and reporting.

Step 3 – The Past: Demonstrate compliance

The final part of the process is looking at compliance retrospectively: Are you able to go back to a specific point in time, and demonstrate to a regulator, and auditor, or even a customer, that you operated compliantly. Are you able to shoe what decisions were made, what policies were in force, who made the decisions and what information they had available to them to support that decision? This is all about Records Management and audit trails. It’s about maintaining evidence of your compliance that is complete, accurate and irrefutable. Preparing for that retrospective compliance review in the future, should be a core part of the design of any compliance system implemented today.

So the meme Become – Remain – Demonstrate (or even “AchieveSustain – Prove”, as the alternative version that our U.S. marketing folk seemed to favour) summarises the three key steps that you need to remember about structuring a compliance programme. If you are faced with a new regulation, new management, or even a new mandate to create or replace IT systems for compliance, use these three steps to validate if your compliance strategy is complete or not.

Advertisements

Lawyers are from Mars, Technology is from Venus

September 16, 2011 Leave a comment

I spent two excellent days last week at the Legal Week’s Corporate Counsel Forum, where I’ve met several new and interesting people and learned an awful lot of things I didn’t know.

But I left the conference very frustrated.

The forum audience comprises primarily senior lawyers: General Counsel and Heads of Legal departments. The topics covered were as wide as crisis management, ‘moral’ compass, employment, Bribery Act, ‘Tesco’ law, cross-border teams, intellectual property, competition, etc., etc. Fascinating subjects, some of which admittedly I knew nothing about and learned a lot. It gave me a small insight into “a day in the life of a General Counsel” and the sheer volume of diversity that they have to be knowledgeable about, deal with and protect themselves (and their company) from.

And in 8 out of 10 conference sessions I wanted to shout: “There is a solution that can help here!”.

It amazes me (and frustrates me!) how much of the technology that other parts of the organisation take for granted seems to be absent from the legal department. As if they are the poor relatives in the organisation. I am not talking about highly specialised legal technologies such as eDiscovery, Content Analytics or even Information Risk & Compliance Governance (although these too are available and seem to be missing from many legal officers’ armoury, but that’s another conversation…). I am talking about basic capabilities that make the daily office operation significantly more efficient:

  • Digitising paper – avoiding the costs, avoiding delays of shifting piles of paper around and the risk of losing them by accident or in a crisis
  • Electronic document repositories – managing security and access controls, reducing duplication, managing versions, allowing online access from anywhere and simple searching
  • Case management – allowing lawyers to organise their work, negotiate with third parties, monitor progress, apply rules and generate reports automatically instead of using spreadsheets
  • Email management – capturing, filtering, organising and routing emails, ensuring compliance
  • Collaboration software – communicating amongst large teams, dispersed in different geographies and timezones

The list goes on… This isn’t trailblazing, these are automation tools and capabilities that have proven their value and have been helping organisations remove basic inefficiencies, for the last 10-20 years.

I am not advocating that technology is the answer to everything. Some business problems can be improved with some common sense and a bit of reorganising. Others are far too complex to be tackled by technology alone. But there is certainly enough basic technology to make a General Counsel’s life much simpler.

One of the key messages coming out of the conference was the resource constraints that legal departments are facing. Too much to do, too little time, too few people, too much information to process, too much knowledge to upkeep, too many risks to avoid, too many departments to coordinate, too many regulations to adhere to and too many stakeholders to appease.

So why are you wasting time on menial tasks that can be simplified, automated, or eliminated by use of simple tools, instead of using that time effectively to add value to the elements of the process where technology can’t  help.

Whenever I asked that question, the answer is typically “We don’t control the budget” or “We have other priorities” or “We don’t have the time to look at new tools”, etc.

Excuses! The question here is not “have I got time to worry about technology?”. The question is “Can I afford the luxury of NOT using it?”.  If these technologies can improve the productivity and reduce costs in the operations department, the marketing department, the sales department, the procurement department, why not use them to improve the efficiency of the legal department too?

(I would love to hear your views on this, especially if you are and in-house lawyer or work in a legal department)

%d bloggers like this: