Why the next steps in regulatory compliance are VAR for businesses

Watch the webinar Operational excellence with ARIS: Integrate risks and secure compliance to hear from Westfalen Weser Energie (WWE) and Software AG on how they created the perfect environment to balance risk, control and performance in their businesses.

Association football’s video assistant referee (VAR) has been used in the German Bundesliga since 2017, and since 2019 also in the UEFA Champions League, to intervene in the case of significant rule violations. Its introduction was intended to intervene in case of significant rule violations. Often goals were cheered, which were cancelled one minute later. Fierce discussion ensued among football fans as to whether VARs would deliver fairer results or should soon be quickly abolished. In the meantime, the technology has been widely accepted, so what can we learn from it to monitor compliance in the business world?

The pace of regulatory change continues to increase with requirements constantly multiplying in the context of data security, quality and business continuity. Regulatory compliance varies not only by industry but also by country. Companies are already investing heavily to meet compliance requirements: according to recent studies, up to 15 per cent of financial institutions' staff now work on governance, risk management and compliance. However, even given this investment, regulatory compliance is by no means assured and companies have paid high fines for violations in recent years. For example, the UK Information Commissioner's Office (ICO) has imposed heavy fines on British Airways (BA), while the Marriott hotel chain was fined for violating basic EU data protection regulations. Financial institutions have paid well over $340bn in fines since the financial crisis of 2008-09, with one report estimating that the total is likely to top $400bn by the end of 2020.

Many organizations are now making compliance an integrated part of the business investment strategy and realizing that operational value such as better quality or an improved ‘know-your-customer’ experience, can be derived by anticipating risks and meeting regulatory requirements. While regulatory compliance is still seen by many in the corporate world as a hindrance to doing business, and many executives reluctantly accept compliance as a necessary evil, that view is changing. Business success benefits from regulatory compliance activities and companies shifting their approach to regulatory compliance to innovative and customer-driven solutions.

Despite these positive changes, challenges remain:

• In many industries, processes and systems have grown over the years and have become increasingly complex. Changes are not trivial and time-consuming.
• The role of centralized IT as master of all applications is shrinking. Based on self-service applications, low-code development and the application user interface economy, systems are now increasingly coming under the responsibility of business departments. This does not make governance any easier.

The compliance landscape is becoming dynamic, and it is not enough to think of compliance as a one-time activity as highlighted by the reason below:

• Beyond the enormous number of complex regulations, a constant stream of updated guidance and FAQs accompany these regulations.
• Developing technologies such as artificial intelligence, robotic process automation and cryptocurrency are leading to existing regulations being reexamined.
• Organizations are expanding operations in new geographies or diversifying business in other different industries.

In times of cost savings, compliance departments can no longer request more headcount. Therefore, organizations need to adapt smart technologies to deal with the growing demands. It is essential to continuously monitor the impact of any changes in the company’s environment in order to keep the inventory comprehensive and updated at any time.

A new category of software systems, ‘regulatory technology’ or RegTech, is getting ready to meet these requirements. With its origin in the financial sector, RegTech is expanding into any regulated business, with particular emphasis on regulatory monitoring and reporting to provide higher levels of transparency at lower cost. RegTech has the potential to identify and address risk, while also facilitating far more efficient regulatory compliance.

RegTech solutions cover a wide range of technologies, from optical character recognition (OCR) to machine learning (ML), with monitoring solutions playing a central role. In particular, process mining solutions which were first used to identify optimization potential in operational business processes, are increasingly being used to identify compliance issues. There are three major advantages compared to the traditional audit approach:

• The relevant data is automatically collected or extracted from the relevant source systems.
• Instead of random samples, there is a complete analysis, because every single process execution is considered.
• Real-time analysis becomes possible; instead of determining a rule violation six months later, it can now be done promptly, so it is possible to intervene in the ongoing process and prevent the compliance violation.

The particular benefit of these monitoring technologies is the ability identify both rule violations and optimization potential in terms of costs, throughput times and customer satisfaction. The technologies are now so mature they can be used without hesitation for all important core company processes. Process mining has made it into the Champions League and has become the “assistant referee” for your business operations.