Stu Leibowitz, Brian Safron
Regulatory compliance is a bit like brushing teeth. It’s not where you’d prefer to spend your time, but the consequences of a poor job can be serious. And while we may not have learned how to automate the tooth brushing process, we do know how to automate many aspects of regulatory compliance.
There are three common ways that business automation can streamline regulatory compliance:
While the first of these focuses specifically on compliance processes, the next two focus on processes that run your business. The important point is that business automation delivers a side benefit of generating models and data that can be used directly for compliance reporting. We’ve heard from many automation professionals that when a regulator asks for a compliance report, they (the business automation team) can “push a button” and generate the report from their process data. And if the regulator asks for proof that the process (as designed) meets regulatory requirements, they can pull up the graphical model of the process as proof of compliance.
It’s no secret that the regulatory burden in some industries has grown steadily over the years. The graph below shows the increase of U.S. federal regulation over the last seven decades.
Let’s dig a little deeper into why business automation simplifies regulatory compliance.
You can’t automate compliance until you have a good grasp of your processes.
Regulatory policies and procedures must be followed to maintain compliance. For example, Sarbanes-Oxley (SOX) changed how organizations deal with financial reporting. When that law was passed, it became immediately evident to many organizations that their processes were not clearly known. Companies that had already invested in modeling and documenting their business processes were well positioned to use business automation to ensure they remained compliant, because the automation artifacts themselves (e.g., process models, business rules) became the documentation used to report on compliance.
Automated processes can generate the data needed for compliance reporting
Business automation quickly provide auditors with the documentation needed to verify compliance, because automation produces granular historical data that shows exactly how (and when) business processes were carried out. Each step of the process, and all critical decisions along the way, are traceable. In the words of a large US banking customer, “business automation enables us to demonstrate 100% of the processes we went through to come to a decision on any loan application - to show there was no bias and that the decision was made based solely on facts. We’re also able to produce on-demand and automated end-of-month reports to demonstrate compliance with various regulations.” As stated by this bank and by many other regulated institutions, the ability to generate compliance reports directly from process data is a key advantage of business automation.
Business automation can detect compliance breaches in real time.
Business automation makes it easier to spot compliance risks and breaches in an organization's operations. If breaches occur, automation facilitates rapid investigation and remediation. For example, the Health Insurance Portability and Accountability Act (HIPAA) protects sensitive patient health information from being disclosed without the patient's consent or knowledge. Common breaches include unauthorized access or improper records disposal. Since the data generated by business automation is a factual record of what occurred and when it occurred, this data can provide alerts when the required processes or procedures are not followed.
Regulations cross departmental boundaries. Fortunately, so do processes.
Compliance management cuts across the entire organization. For example, customer consent and data management are required to comply with General Data Protection Regulation (GDPR). GDPR touches much more than one single business process; rather, it spans many processes across sales, marketing, customer service, support and more. Business automation centrally manages compliance across departments. Because companies tend to be organized into siloed departments, business automation is often the only effective way to monitor cross-departmental activity.
Email and spreadsheets are good for many things. Compliance isn’t one of them.
Some organizations still use email and spreadsheets to manage compliance. The problem is that spreadsheets can quickly become complex and unmanageable, and email is like a sieve – allowing key actions and updates to fall through the cracks. To solve this problem, a large state-regulated utility uses workflow to ensure that all procedures conform to mandatory regulations. As opposed to the ad hoc nature of email and spreadsheets, workflow automatically manages the required updates and approvals to ensure the utility remains compliant. When a regulator asks for proof of compliance, the company simply generates a report that shows all relevant dates, times, actions, and approvals.
Wrapping it up
Business automation focuses on digitizing and streamlining business processes. Once those processes are digital, it’s infinitely easier to access, analyze and report on the information needed for regulatory compliance. So, while the primary goal of business automation is to run the business, its ability to automate regulatory compliance is a significant side benefit that should not be overlooked.
For a PDF version of this paper, click here.
Don't miss the live Q&A with Mr. Leibowitz and Mr. Safron on Monday, July 17 at 11 AM, as part of the Automation GPS series. Click here to RSVP.#BusinessAutomationWorkflow(BAW)#BlueworksLive