The Evolution of Compliance Technology and the Current State of Play

Danielle Herrick, VP, Compliance, Employers

Compliance is an oversight function responsible for making sure an organization and its employees follow the laws, regulations, policies and ethical practices that apply to it. If you speak with most seasoned compliance professionals, they didn’t go to school to become a compliance officer. They fell into it by accident somewhere along their career trajectory. Today, there are universities offering graduate and undergraduate degrees in compliance. The evolution of compliance technology is very similar.

Compliance professionals have become experts at using whatever technology is available at their organization that will help meet their program needs. When I first began working in this field, Lotus 1-2-3 was the most advanced technology I had access to, and I used it for everything. When Microsoft Access became available at my organization, it was mind-blowing. For years, Microsoft Office was the only available “compliance technology.” We learned how to use macros, create formulas and develop fillable forms.

Over the years, compliance professionals became more creative and learned to use other systems and applications within our organizations. It might have been a ticketing system used by our IT service desk that we could leverage to policy manage exception requests or incident reporting. It might have been survey technology we used to gather risk assessment results from multiple countries or business areas. It might have been learning management systems we used to automate messages to new hires or obtain policy certifications.

In the early 2000’s, governance, risk management and compliance (GRC) technology was introduced. This was the first technology geared towards bringing information from these three areas together. It was often costly and very complex. As a result, many organizations were unwilling to invest in GRC technology, unless they had suffered a very significant compliance failure. Those without it, wanted it, and those with it, were trying to figure out how to make it work.

In the past couple of years, we’ve been introduced to the term regtech. Regulatory technology, or regtech, uses technology to improve regulatory processes. For instance, it uses automation to support regulatory reporting requirements or to facilitate ‘know your customer’ programs. It is widely believed that there is a tremendous opportunity to further automate regulatory processes and identify risk in real time, with a meaningful cost savings to organizations.

Today, you can find technology to support almost all areas of a compliance program, whether it be anonymous reporting (whistleblower lines), monitoring and testing, risk assessments or policy management. You can host the solution or use a vendor’s cloud platform. There are both out of the box solutions and highly customizable options. Smaller companies may continue to rely on available technology within their organization while mid-size or larger financial services firms are more likely to invest in a robust GRC system and to explore regtech solutions.

As a compliance professional, I am not only looking for simple technology to support the most challenging and time consuming compliance activities, but technology that will increase regulatory compliance and provide real time alerts. This desire for technology is balanced with budget constraints often resulting in the need for a fair amount of creativity and compromise. Choosing the right compliance technology isn’t easy, but today we have a growing list of options.