Posted on Leave a comment

Compliance Disclosure Solutions: Separating the Simple from the Advanced

GRC 20/20 is seeing a growing demand for compliance management technologies from the Corporate Compliance and Ethics department (e.g., Chief Ethics and Compliance Officer, Chief Compliance Officer). This demand spans from a broad compliance management platform to manage the range of compliance tasks and activities, to focused solutions in areas such as policy management, third party GRC (e.g., vendor/supplier), issue reporting and case management, and the area of compliance disclosures management.

The inquiries on Compliance Disclosure Management solutions is increasing as organizations look to get a handle on areas such as Conflicts of Interest; Gifts, Entertainment and Hospitality; Political Contributions; and other areas compliance disclosure.

While there are several dozen solutions available in the market that do Compliance Disclosure Management, they are not all created equal. One differentiator is the focus. Some are purpose-built for a specific disclosure area such as Conflicts of Interest, and not to be a platform to address a range of compliance disclosure areas. Others are broad disclosure platforms that are highly agile where the organization can adapt fields and customize forms, workflow, tasks, and reporting to meet a range of compliance disclosure areas. While some compliance disclosure solutions operate in a module in a broader compliance management platform (or GRC platform) where disclosure can be managed and cross-referenced to policies, regulations, risks, assessments, and cases.

GRC 20/20 separates Compliance Disclosure Management solutions in the market into basic and competitive solutions, but then also distinguishes advanced capabilities that separate competitive solutions in the market.

  • Basic compliance disclosure management solutions. These are solutions, and there are many of them, that address the basic forms, workflow, and task management of compliance disclosures management with some basic reporting capabilities. They can present a disclosure form, capture attestations, and route the form through a workflow for review and approval/denial. Most often, but not always, they focus on a single compliance disclosure areas such as Conflicts of Interest.
  • Competitive compliance disclosure solutions. These are the solutions that most often come up in RFPs regularly and have stronger capabilities to manage a breadth of compliance disclosures in the organization. They have more advanced reporting capabilities and provide a stronger portal for the configuration and customization of disclosures. Some key capabilities of competitive solutions are:
    • The ability to manage a breadth of disclosure types
    • Configurable and adaptable to organizations specific needs down to the field and value level
    • Strong graphical workflow builder and task management that allows for parallel as well as linear workflows
    • The breadth of templates for forms and reports on disclosures
    • Strong dashboard and reporting engine with pre-built reports as well as the ability to do custom reports
    • The ability to present the relevant policy, gather attestation to the policy and provide the training with the disclosure
    • Provide for regularly scheduled/periodic disclosure campaigns as well as the ad hoc/triggered disclosures when they arise
    • Ability to manage and document disclosures that are exceptions/exemptions to the defined policy and regularly track and monitor them
    • Provide a robust and legally defensible audit trail/system of record of disclosure related activities
    • Allow for attachments, such as documents/evidence, to disclosures

However, what really separates Compliance Disclosure Management solutions in the market are the advanced capabilities. These include:

  • Disclosure forms and workflow that are highly configurable by the average business user (e.g., citizen developer) without extensive IT knowledge
  • Advanced workflow based on disclosure type and role (e.g, hierarchical workflows)
  • Integration with other business systems, such as HR management systems, to populate information and provide information consistency between systems, or to integrate with ERP systems to pull up transaction history for disclosures related to gifts and entertainment to a particular entity in the past
  • Advanced reporting capabilities, including regulatory reporting in which reports are automatically generated in the format specific regulators are looking for (e.g., securities industry reporting for COI)
  • The ability to define and manage disclosure campaigns to broad and specific employee audiences
  • Integration with policy and training so the disclosure form also includes the written policy as well as training on the policy
  • The ability to provide anonymous reporting on issues related to compliance disclosure
  • Risk management capabilities to measure risk and track key risk indicators (KRIs) related to disclosures
  • Mobile interface/application where disclosures can be reported on smartphones and tablets
  • Collaborative engagement that allows disclosure reviewers and disclosures to communicate and interact back and forth to ask questions and provide more information
  • The ability to provide confidential notes that are encrypted and protected by the disclosure reviewer(s)
  • Provide for follow-up tasks and action items that may be scheduled out in advance to follow-up on disclosures that were approved but needs closer monitoring or other activities

These are some of the advanced capabilities that I am encountering regularly. If you are looking for or evaluating Compliance Disclosure Management solutions, feel free to ask an inquiry of GRC 20/20 . . .

Here are some compliance disclosure and policy management resources and events you should be aware of:

Seminars

Policy Management by Design Workshops

Published/Recorded GRC 20/20 Research

Leave a Reply