5 Tricks for Managing Compliance across State Lines
October 29, 2021
By Jovilyn Herrick, Director of Client Solutions
In an ever-changing regulatory landscape, it’s becoming increasingly difficult for organizations to stay up to date on regulatory compliance requirements. In response to increasing demands from regulators, governance, risk and compliance (GRC) teams are devoting exponentially more resources to monitoring business actions for compliance. This is especially true for GRC leaders who manage compliance across multiple US states.
In this post, we offer five tips for GRC jugglers working to keep a variety of compliance balls in the air.
1. Create and share a single regulatory calendar for all obligations
Staying in line with multi-state regulatory responsibilities is stressful, especially for GRC teams that have the unfortunate experience of being caught unaware of a fast-approaching deadline. The first step to preventing a flat-footed stance in the face of rapidly evolving requirements is to develop a single regulatory calendar that touches all aspects of the business.
To really bring this calendar to life, GRC teams can layer on an automated GRC platform. These systems not only ensure the full GRC team has complete visibility to the calendar, but they also often provide alerts for upcoming deadlines. Two additional benefits of integrating this kind of tool are transparency and accountability. Whereas an office calendar simply notifies, an automated platform tool monitors. It can be configured to track progress and prompt individuals when their tasks aren’t completed on schedule.
2. Nurture a culture of proactive compliance
Most GRC teams are familiar with those all-hands-on-deck emergencies that pop up when a regulatory deadline has not been properly planned for. In these circumstances, it’s common for the regulatory requirements to be missing or not implemented accordingly. Especially now, with so many organizations working in a hybrid fashion, it can be tough enough just to track down the people, let alone the necessary data, to be in compliance. Reactive cultures are not only exhausting; they can also lead to examination findings or regulatory fines and penalties.
This is why establishing a proactive approach is key. The first step in becoming a proactive team is allocating ownership across multiple groups. By assigning team members ownership of certain regulatory tasks, the GRC team always knows which individuals to check in with, well ahead of when compliance requirements are due.
Many organizations that take this approach are turning to technology to help manage the collection of data from different task owners. Compliance automation platforms like ViClarity GRC allow tasks to be assigned to a business user. The system then sends reminders to accountable owners prior to deadlines. What’s more, global team members can upload necessary data directly to the platform, making it available to GRC team members any time they need access. In addition to speeding up and smoothing out the entire process, a proactive compliance culture underpinned by automation technology makes it easier for GRC teams to divvy work load out among team members and spread tasks out evenly throughout the year.
3. Gather data from all corners of the business
It’s all too easy to fall into the trap of “box ticking” when it comes to satisfying regulatory requirements. Part and parcel of all global GRC programs is that some jurisdictions require more data than others. Some teams are going to be more equipped to provide that data. Others will struggle to find and submit not only the required, but most current, information, due to the manual nature of which it was gathered.
Here again, deploying automation technology can be a big help. Systems like ViClarity allow organizations to custom configure workflows to gather the exact evidence required from business units across the organization. The data is then stored in a centralized repository, allowing the global GRC team to access it when prompted by a regulator.
4. Stay current with regulatory updates
Regulatory change is one of the most difficult challenges for businesses today, and things can be even more complicated for organizations in highly regulated industries, like financial services, insurance and healthcare.
A good GRC program avoids bad conduct, maintains proper governance, reduces risk, protects reputation and creates a better working environment. However, with new regulations emerging so fast, staying up to date on compliance changes and regulatory updates can feel like an uphill battle.
Creating a strategy for staying informed, reviewing your internal procedures and processes, implementing compliance software, championing compliance across the entire organization and holding regular training sessions are all critical steps in staying on top of your regulatory needs.
5. Spend more time on what’s next
GRC leaders have a responsibility to ensure the organization’s business activities are carried out within a regulatory framework. They do this by collecting and analyzing data, managing their team and providing data to the board. To say GRC leaders must be excellent time managers would be an understatement.
Automation and compliance software is one of the most effective ways GRC leaders, their direct reports and the department heads they rely on can manage their time in a way that strongly benefits the entire organization. Software assists multistate organizations in many ways, including maintaining local, national and international compliance standards. It also helps GRC teams keep track of policies and procedures that need reviewing, as well as whether staff are using the most recent versions.
Notably, technology frees the bright GRC minds running the show for richer exercises, such as strategic planning and emerging risks assessment. The best GRC programs lean on their talent not only to report on rearview data, but to analyze that data for prescriptive actions. This keeps GRC leaders on top of matters and helps them advise the executives and boards on best practices for today, and importantly, for tomorrow.
Services performed by ViClarity are compliance and not legal in nature, and do not form an attorney-client relationship or any of the protections attendant to the attorney-client relationship.