The volume of regulatory documents driving compliance is an ever-increasing burden. But RegTech solutions can help.
Corporate policies are the backbone of any successful business. They guide conduct and behaviour and set out the types of behaviour a firm expects of its employees.
They are the mechanism for translating external regulatory requirements into the DNA of a firm - compliance is ensured when employees understand and operate within the policy boundaries.
Compliance Managers in highly regulated industries such as healthcare, food and manufacturing, life sciences, energy and financial services are used to grappling with swathes of regulation. There are estimates that in the financial sector alone, there were as many as 300 million pages of financial regulatory documents estimated to be in circulation by the end of 2020.
So, what may sound simple, is in practice, a significant challenge. Hundreds of separate policies must be correctly applied to different parts of each business, and just keeping track of who needs to comply with what can be a burden.
Ensuring compliance with external regulations begins with the setting of internal policies - outlining everything from data protection obligations through to HR policies on annual leave.
These corporate policies form the guide rails for the business and are an important foundation in establishing a culture of trust and integrity within the business.
Senior executives are held accountable for staff compliance with these policies - and checking this is likely to be the first port of call for any regulatory investigation.
Making sure staff are aware of these policies, that they understand them and being able to validate that understanding is key to good corporate governance and regulatory compliance.
Indeed, some regulators, including the FCA, explicitly make Senior Managers accountable through the Senior Managers and Certification Regime (SMCR). It includes two conduct rules that require Senior Managers to take reasonable steps to ensure their businesses are controlled effectively and that each firm is compliant with the requirements of the regulatory system. Both of these rules are relevant to corporate policies.
Keeping on top of regulation and making sure that policies reflect the latest changes can be easier said than done. Agreeing and then articulating each corporate policy is a time-consuming process that needs business-wide input to master.
A strategic approach is needed spanning problem emergence, agenda-setting, consideration and then the selection of policy options.
Once drafted and approved, corporate policies need to be accessible and easy to understand. Then once read, employee attestations must be sought to confirm business-wide understanding. The final step is regular monitoring to ensure your company and your people are in check.
Most companies use word-processing tools to write and amend their corporate policies. Then drafts are exchanged over email, with all the version control and tracking issues that entails. Then once signed-off, policies are emailed to employees. Finally, employees attest that they have read and understood each policy – again by email.
This approach is inefficient, fragmented and most importantly, makes it very difficult to track who has attested to what and may prompt regulators to ask some serious questions about compliance processes.
Luckily, there are RegTech solutions that can help address these challenges. Policy management platforms are a proven and cost-effective means of creating, socialising and driving attestation for up-to-date corporate policies and demonstrating constant compliance with moving regulation.
A centralised platform can enable corporate policy owners to organise their policies, documents and handbooks in a single location. Workflow processes can be streamlined through real-time collaboration, while review times are significantly reduced from policy conception to implementation.
RegTech systems can automatically notify corporate policy owners when their policies need to be updated and reviewed, while changes can be instantly cascaded to respective teams and employees. They can limit who accesses which documents, meaning that the right employees engage with the right subject matter. And they can even control the format and language too.
Perhaps most importantly, employee completion can be analysed according to geography, department and level. That helps you target your resources to where they are needed most, boosting compliance levels and ultimately saving you time and money.
If you'd like to stay up to date with best practices, industry insights and key trends across regulatory compliance, digital learning, EdTech and RegTech news subscribe to Skillcast Compliance Bulletin.
To help you navigate the compliance landscape we have collated searchable glossaries of key terms and definitions across complex topics including GDPR, Equality, Financial Crime and SMCR. We also track the biggest compliance fines, explaining what drives them and how to avoid them.
You can follow our ongoing YouGov research into compliance issues, attitudes and risk perceptions in the UK workplace through our Compliance Insights blogs.
Last but not least, we have 60+ free compliance training aids, including assessments, best practice guides, checklists, desk-aids, eBooks, games, handouts, posters, training presentations and even e-learning modules!
If you've any questions or concerns about compliance or e-learning, please get in touch.
We are happy to help!