After a brief hiatus, I turn our attention back to the issues of policy management and compliance. We will now explore (over several posts) the issue of Regulatory Intelligence and Monitoring.
Hordes of regulation bear down on the organization
Business is under siege by legion of laws and regulations. Compliance itself has become difficult as business is bombarded with thousands of new regulations in addition to changes to existing regulations each year.
At the U.S. Federal level alone (not U.S State or local jurisdictions; not other countries) there were over 3,500 new regulations issued last year. This brings the total number of regulations issues since 1995 to nearly 60,000 (from the Competitive Enterprise Institute’s 10,000 Commandments). In addition to that, there are another 4,000 regulations pending – waiting for approval. You add in the breadth of State laws in addition to the laws in other countries that business has to comply with and the sheer volume is staggering.
The Open Compliance and Ethics Group, in compiling its guidance on common requirements across employment labor laws at the U.S. Federal, State, and local jurisdiction level, sifting through more than 3,000 employment/labor laws and regulations across the U.S.
The problem is not just a U.S. problem. A leading Brazilian bank has catalogued over 80,000 regulatory requirements that impact its operations around the world.
Organizations are in a complex environment of regulatory risk. When the organization approaches regulatory risk management and compliance in scattered silos that do not collaborate with each other there is no possibility to be intelligent, let alone wise, about risk decisions that could impact business execution or strategy.
Lack of regulatory intelligence
Organizations suffer from a lack of regulatory intelligence. The typical organization does not have adequate processes in place to monitor regulatory change, determine impact on business processes, prioritize and make changes to policies, procedures, and controls – particularly in an environment under siege by an ever changing regulatory and legal landscape. New regulations, pending legislation, changes to existing rules, or even court proceedings all can have a significant impact on the organization.
Information itself is not enough – organizations are overwhelmed by data through legal and regulatory newsletters, websites, emails, journals, and content aggregators. In fact, the overwhelming amount of information and duplication of information is part of the problem. Organizations fail in regulatory monitoring itself, which is the first step towards regulatory intelligence. The organization needs regulatory intelligence – getting the right information to the right person to be able to decide how and when, the organization needs to process regulatory change. Organizations need to grasp the breadth of regulatory data and transform this information to intelligence which then brings knowledge that can be acted upon in a measurable and consistent manner.
Regulatory intelligence is about enabling accountability and reliability of changes in the legal and regulatory environment that the business operates in. The primary directive is to alert the organization to regulatory and legal conditions that can impact their business. It is part of a broader risk intelligence strategy that monitors external and internal changes to the business environment, and alert the organization to risk conditions (e.g., geo-political, economic, natural disaster) that can impact their business.
The corporate compliance and legal roles struggle with monitoring a growing array of regulations, legislation, regulator findings/rulings, and case law. Regulatory intelligence systematically streamlines monitoring by using an automated process with workflow, task management and accountability documentation that results in meaningful information to consistently manage regulatory change. The challenge is for organizations to develop processes to harness internal and external information to be intelligent about their risk and regulatory environments across different parts of the business from so many external sources and be able to exhibit their process and state of complying.
The Bottom Line: Organizations need to move ad hoc monitoring and execution of regulatory changes to a regulatory intelligence process.
I would love to hear your thoughts on Regulatory Intelligence and corresponding organizations strategies. Please feel free to comment on this blog.