The core elements of a regulatory intelligence process can be delivered in a GRC software platform. The solution will allow the compliance and legal functions to profile regulations, link regulatory content aggregators, and have new developments or alerts pushed into the application and disseminated to the appropriate subject-matter expert for review and analysis.
Technology tailored to this process empowers legal and compliance personnel to manage and monitor regulatory change on a continuous basis. A flexible regulatory intelligence process-management system allows the organization to standardize and automate its regulatory requirements and monitor regulatory change. It also offers the ability to manage the collection, analysis, and action on information that flows within and across business units in an organization. Core capabilities in a GRC technology platform for regulatory intelligence include:
- Content integration: At a basic level, the system should allow for simple manual entry of new changes and updates so they can be routed to the correct individual. In an advanced implementation, the software will be integrated with feeds from legal and regulatory content aggregators and pushed to the correct individual or group automatically. Additionally, organizations need the ability to search for laws, statutes, regulations, case rulings, analysis, news, and related information that could indicate regulatory risks that need to be monitored proactively.
- Workflow and task management: The primary goal of regulatory intelligence is to provide accountability. This requires that regulatory change information is routed to the right person to take action. That individual should be notified that there is something to evaluate and given a deadline based on an initial criticality ranking. The subject-matter expert must be able to re-route the task if it was improperly assigned or forward it to others for review for additional opinions. Individuals and group contributors must have visibility into their assignments and time frames.
- Document management: The system should be able to catalog and version regulations, policies and other related information. It should maintain a full history of how the organization addressed the area in the past, with the ability to draft new policies and assessments for approval before implementation.
- Ease of use: Legal and regulatory experts are not typically technical experts. The platform managing regulatory intelligence has to be easy to use and should support and enforce the business process. Tasks and relevant information presented to the user should be relevant to their specific role and assignments.
- Audit trail: It is critical that the regulatory intelligence system have a full audit trail to see who was assigned what, what they did, what was noted and if notes were updated, and be able to track what was changed. This enables the organization to provide full accountability and insight into who, how and when regulations were reviewed, measure the impact on the organization, and record what actions were recommended or taken.
- Extensive reporting capabilities: The system must provide full reporting and dashboarding capabilities to see how many regulations are changed, who is assigned what tasks, which items are overdue, what the most significant regulatory changes impacting the organization are, and more.
- Flexibility and configuration: No two organizations are identical in their processes, applicable regulations, structure, and responsibilities. The information collected may vary from organization to organization as well as the process, workflow, and tasks. The system must be fully configurable and flexible to model the specific organization’s regulatory intelligence process.