The time, effort, and expense involved in building a ‘compliance architecture’ can have a positive impact on a business
The rising tide of regulation threatens to drown many finance departments, as they struggle to comply with requirements such as Basel II, IFRS, Sarbanes–Oxley (SOX), and MiFID (the Markets in Financial Instruments Directive). Most affected organisations have found that the ‘legacy’ computer systems they have in place simply can’t cope, and have taken various approaches to deal with this. It is possible to buy a variety of point solutions dedicated to solving any one specific compliance problem, so some organisations have bolted a Basel II Information Management programme, or SOX compliance application, on to their existing systems, or splashed out on a corporate performance management tool that promises the solution to all of their IFRS woes.
These approaches may offer short-term pain relief, but they won’t make it any easier to deal with future compliance issues. The more systems you try to cobble together, the more difficult it becomes to provide the sort of transparency that all of these regulations mandate. Some organisations have taken a more long-term view. Instead of focusing on the needs created by one or two sets of requirements, they have opted to think about the change in emphasis that underlies them, and work towards creating a ‘compliance architecture’ that will help them deal with tomorrow’s compliance issues as well as today’s. After auditing all of the systems an organisation has in place, and considering them from a compliance perspective, many find they already have the necessary foundations. Business and continuity planning addresses many of the risk reduction issues; business process management monitors, modifies, and manages processes as required; while document management solutions can help to meet the records retention and documentation requirements that almost every regulation mandates.
A risk assessment is used to gain an overview of the major systems and applications used to support critical business processes, and to identify existing or potential areas of risk that need more detailed audits. Although recent regulations are in many ways diverse, they are unified by their aim to improve corporate governance and reduce business risk. Because of this they tend to mandate business process changes, meticulous documentation, plus flexible and transparent reporting. They are also linked by common procedural and technological elements in areas that can be leveraged from one initiative to the next, improving an organisation’s response to any regulation.
Building a ‘compliance architecture’ is no small undertaking, and it isn’t possible to make the necessary system and process changes without cost. But the time, effort, and expense involved can have a positive impact in the longer term, by dramatically reducing the need to hire consultants or external auditors every time new legislation appears and turning the tide in many finance departments.