Paul is a lawyer and technologist with expertise in corporate governance, compliance, and risk management processes. Paul Wenck is also a Co-Founder of Checkbox and a number of other successful technology businesses, whose focus is empowering business professionals to automate their expertise through intelligent technologies.
Paul Wenham is a risk and compliance specialist, with a unique combination of perspectives from past management roles in big4 professional services, high-growth tech startups, and enterprise businesses. He founded a cybersecurity and compliance practice, AssuranceLab, that has developed industry-leading GRC technology. Paul now leads Checkbox's GRC Solutions team to empower assurance, risk, compliance, and security experts to provide services that integrate with technology automation to achieve better outcomes.
As an automation, workflow and decisioning platform, Checkbox is at the forefront of digital transformation in all areas of risk, governance and compliance. And, with the deployment of automated compliance solutions comes opportunities for organisation to increase their competitive advantage. This is a fundamental ingredient for commercial and operational success in the era of growing financial and non- financial regulations, as well as more demanding customer expectations. In this blog we will not simply look at how automation and technology contribute to delivering this competitive advantage. We will also explore the many challenges of modern-day compliance and how businesses need to respond to them.
The term, Compliance means different things to different people. Some shudder at hearing the term after painful past interactions with compliance teams and requirements. Others feel a sense of structure, clarity and certainty. For the purposes of this post, we use the term compliance to describe any act, actions or processes designed to meet an established approach, standard or regulation. Most organisations seek to design their compliance strategy around meeting both internal standards, as well as to adhere to external regulatory obligations.
Compliance requirements are rapidly growing in most industries, none more so than in the financial services sector. Privacy, security, contingency planning, vendor outsourcing, and risk management have evolved from good practice, to regulatory obligations. Expectations from regulators, customers and the public, have increased off the charts.
To maintain organisations’in a world of growing operational costs, compliance teams’ need to assess how they are structured and operate. They need to adopt operating methodologies and technology that best leverage their human expertise, but also allow them to operate at scale.
The big shift of the last decade was moving to agile product and technology development. This has more recently moved to agile business processes being implemented across compliance, risk and governance practices. In most cases, it improves business performance and process effectiveness. But it also presents new challenges to compliance teams that need to influence those processes to effectively achieve compliance outcomes.
Compliance teams can’t own compliance outcomes on their own. The business functions need to take responsibility for compliance within their area and lean on compliance teams for advice or support as needed. The main barrier to this in practice is that compliance teams can't be involved in everything. Others need the knowledge, awareness and effective process designs to trigger when to engage compliance teams.
Compliance professionals need to minimise the friction for all business teams dealing with “compliance”. It’s one thing to scare business users into being compliant, but it’s all too easy for them to turn a blind eye or otherwise find ways to avoid it. The onus is on compliance teams to prove compliance can be achieved without unnecessary impacts or time-wasting of the business. There is also a growing need to position compliance as not just a painful necessity, but essentially an opportunity to differentiate the business in an increasingly competitive market.
The way to enable agile processes, while empowering the business and ensuring interactions with compliance is seamless, is through integrated workflows and automation. Integrated workflows ensure compliance teams are engaged effectively, consistently, and at the right point in each process. This minimises their time and level of input required, while helping to guide teams to get the right outcomes.
Automation presents new opportunities for the compliance efforts to dramatically increase the quality of compliance actives and to do so at scale. Automating business processes can achieve ‘compliant by design’ workflows, approvals and reporting. This can remove or replace much of the ad-hoc, manual and mundane risk and compliance processes that are often prone to human error. You can also automate the roles and requirements of compliance functions to empower your compliance teams to focus on monitoring of the business activities, the big picture of compliance risks and issues, and the evolving landscape of requirements.