Today, we return to our Compliance 101 series. We’ve already addressed what a compliance function should do, and what compliance risk management is. Next up: the role that compliance management software plays in helping you run your program.
To begin, let’s define the term.
What Is Compliance Management Software?
Compliance management software is just what the name implies: software that helps you to manage the company’s compliance tasks. The application (or just as likely, a suite of applications) coordinates the jobs to be done, tracks what is not getting done, and brings all that information to senior executives’ attention so they understand how well the compliance program is, or is not, working.
Let’s take the example of identifying, assessing, and training third parties about anti-corruption. Those are three interconnected tasks.
First, the company needs to find all the third parties it has relationships with. Then it needs to assess which ones are at high risk for, say, offering bribes. Then the company needs to train those high-risk parties on your anti-bribery policies. (And a bonus step: you might want to collect attestations from those parties that they’ve taken the training and promise not to offer bribes on your behalf.)
Compliance management software observes and coordinates all those steps so that you, the compliance officer, can understand how well the process is actually working. In practice, that means your compliance software needs access to a considerable amount of data, both inside and outside your enterprise.
For example, the software might need to extract payment data from the company’s finance systems, to determine who the company’s third parties are. Then it would need to cross-reference those parties against external databases to identify which parties are high-risk. Then the software would need to confirm that anti-corruption training materials have been sent to the parties; and lastly that the company has received attestations in return.
Spoiler alert: that process won’t always work flawlessly. For global organizations with thousands of third parties, the compliance program might never achieve perfection but the right software can help immensely with streamlining these complex processes.
The goal for compliance officers is to understand how well the organization is achieving that goal, so it can be documented and, as necessary, shown to regulators or other stakeholders who might be asking about the company’s compliance program.
That understanding of your compliance program is what compliance software brings to the surface. It helps you to organize and automate compliance tasks; and generates data about the program’s performance that you can study, and then use to improve.
Why Use Compliance Management Software?
A better way to answer that question is to consider the implications of not using compliance management software.
First, the alternative is fraught with error. Compliance tasks need to be monitored and cataloged, regardless of whatever software a compliance officer might use to do that work. The alternative is typically to use spreadsheets, email, and other desktop software — all depending on employees to record the information manually.
People make mistakes. Emails get lost. Spreadsheets get deleted. You could try to manage your compliance program this way, but you are inviting errors into your world. That ultimately leads to incorrect conclusions about the state of your company’s compliance.
Second, the alternative slows your reporting ability. All of that manual effort to document training, due diligence, assessment, remediation — it takes time. Even if you devise a manual system that works well, typically it works to address specific reports that senior executives want to see.
Then something new happens: new product launch, new regulation, expansion into a new market, a new request from the board — and you need to reinvent your manual labor all over again.
That is what makes compliance software a worthwhile investment: because it organizes the compliance tasks your company faces and generates data about compliance efforts so you can assess your risks in a more reliable, and more versatile way.
How much profit or return does business compliance software bring? That’s hard to say in generalized terms. Sometimes a company can cut costs in time or manpower; other times a company gains in responsiveness to new issues, that might otherwise cost a fortune to address. And in the modern business landscape where third-party risk is such a grave concern, managing your own compliance risks makes you a better third party to someone else; that’s profitable too. That’s what makes using compliance software inevitable, even if for some companies it might not be immediate. Compliance management is now a complex task with many moving parts. The more technology can coordinate that for you, the better.
Matt Kelly is an independent compliance consultant and the founder of Radical Compliance, which offers consulting and commentary on corporate compliance, audit, governance, and risk management. Radical Compliance also hosts Matt’s personal blog, where he discusses compliance and governance issues, and the Compliance Jobs Report, covering industry moves and news. Kelly was formerly the editor of Compliance Week. from 2006 to 2015. He was recognized as a "Rising Star of Corporate Governance" by the Millstein Center in 2008 and was listed among Ethisphere’s "Most Influential in Business Ethics" in 2011 (no. 91) and 2013 (no. 77). He resides in Boston, Mass.