Modernizing Compliance: 6 Questions Every Finance Executive Should Be Asking

by FEI Daily Staff

There are many reasons why compliance modernization seems to evade some organizations.


After passing yet another anniversary of a major regulatory reform – this time the fifteenth anniversary of the 2002 Sarbanes-Oxley Act – we are reminded once again of the heavy and evolving compliance burden with which many companies must grapple.

Perhaps most acutely, the cost of compliance continues to challenge businesses simply because compliance is a cost center, not a revenue driver. CFOs and finance teams in particular want to understand how to do compliance better, faster and cheaper – all while leveraging the cost of compliance across other parts of their organizations.

Compliance modernization offers a key to solving this cost conundrum – and more. At its core, it’s an exercise that can be applied to evolving every aspect of the compliance function, including the way it is governed; the tools, technology, and analytics it uses; the number and nature of its connections to other parts of the business; the expectations assigned to it and beyond.

Yet even with such a tangible solution, recent data has revealed more than half (52.1 percent) of CFOs and other executives have—at best—foundational compliance programs as opposed to value creating ones. In other words, many compliance teams are primarily focused on reactively solving issues as they arise rather than spending time developing forward-looking or near real-time risk mitigation capabilities.

The challenges – and benefits – of compliance modernization

There is a reason why compliance modernization seems to evade some organizations. CFOs are often faced with a myriad of challenges in working with their compliance teams to execute against modernization programs. Chief amongst those hurdles according to poll respondents are lack of technological capabilities (22 percent), followed by a lack of the right processes and talent to support modernization efforts (respectively, 20.7 percent and 19.8 percent).

Some companies, however, have surmounted these problems. We need only look to the financial services sector, where high levels of regulatory scrutiny have given compliance modernization a greater sense of immediacy and facilitated its rapid adoption.

The successes of compliance modernization in the financial services sector illustrate that it’s no longer just a smart play for companies in that swath of the market. Its wide-ranging benefits have powerful implications across sectors, from technology to manufacturing. Responding financial professionals across sectors agree that top benefits include: reductions in regulatory fines (8.6 percent), predictive analytic capabilities (19.8 percent), better integration of the function with overall business strategy (13.4 percent), an organization-wide ethical culture around compliance (16.8 percent), and of course, reductions in costs (22 percent).

The 6 questions finance executives should be asking of compliance teams

Regardless of whether a CFO needs to support the finessing of an already mature compliance function or surpass a baseline level of compliance activity, there are some important questions all CFOs and finance executives could benefit from asking their compliance teams when considering a transformation process.

1. How are we using technology to support and enable compliance testing? If compliance teams aren’t leveraging technology enablers like robotic process automation (RPA), advanced analytics or cognitive intelligence (Natural Language Processing or Generation), they’re unlikely to be able to offload lower value, labor-intensive manual work – or add value to strategic initiatives for the organization. For example, RPA not only conserves significant time on data analysis, but also enables companies to re-deploy employees to focus on more strategic, value-creating efforts such as issue remediation and escalation, root cause analysis, investigations, and overall business advisory.

2. Are we investing in people who know how to use that technology? This is distinctively different from how compliance teams leverage resources within an organization. As technology continues to evolve at a rapid pace, it’s critical that companies invest in talent who understand how to use those technologies – or even shift complex technology needs to be handled by an alternative delivery model (e.g., outsourcing or managed services), which can supplement internal talent, enhance process quality, and accelerate the adoption of technological innovation to help companies keep up with market trends.

3. What kind of alternative delivery model strategy have we considered? It’s important that CFOs collaborate with compliance teams and other business stakeholders to determine which, if any, low-value tasks could be handled by a third-party or managed service provider. Strategic assignment of low-value tasks to business partners outside of an organization allows companies to keep processes with value-add capabilities in their core and focus more energy on building them out.

4. Have we taken a hard look at how compliance is organized throughout the business to identify redundancies in the system? Oftentimes, the compliance risk management activities are owned or executed by a number of constituents throughout an organization – from internal audit to risk management. And each group doesn’t necessarily report into the CFO’s team. When piecing together the distribution of execution and oversight activities, CFOs, in coordination with their risk counterparts, might uncover that a front-line team is tasked with the same process that a control team is also doing. Silos are out of vogue. Misalignment across groups could lead to gaps in roles and accountability. Managing compliance risk is more effective when execution and oversight activities can be integrated among all relevant business lines.

5. How are we going to see a return on investment? No matter what industry a company operates within, the cost of investing in compliance modernization can be daunting to CFOs. But remember, compliance failures resulting from choosing not to modernize certain processes could potentially result in costly legal remediation and steep penalties.

Importantly, modernization allows companies to move away from expensive, fire-fighting processes that have to be rebuilt every time an issue occurs. While more complex situations may still require the occasional one-time fix, modernization focuses on creating sustainable processes, tools, and solutions that are scalable and can be repeated in most scenarios. For example, a modernized compliance function can proactively call areas of concern to the board and senior management’s attention while discussions remain strictly internal, allowing the organization to make value-enhancing course corrections.

Remember this: a little bit of investment can go a long way.  Because compliance modernization is not an all or nothing exercise, teams can elect to grab low hanging fruit and see immediate benefits. For a modernization effort to truly be impactful, though, there is the real possibility that the CFO will need to divert budget from another area of the organization or secure additional funds. It can be hard to take on compliance costs up front in year one, waiting a second fiscal year to see the net benefits and accelerating savings in the third year.  But, the return on that early investment can be transformative over time.

6. Is our compliance function focused on making the transformation to value creation? In other words, CFOs need to assess whether the compliance function has been designed only to get the company out of trouble or if it drives strategy and enables scalable organization growth and ultimately value. Executives need to make conscious decisions on where they want to be on the so-called maturity continuum of compliance capabilities. If CFOs can help move a program to where it is proactive and predictive instead of backward looking, that adds value. If the right kind of program is in place, it also could become a competitive advantage in certain instances, allowing companies to position themselves as best in class with a sterling reputation and brand.

Again, these are questions that can help any finance executive begin to ascertain approaches to change no matter where their organization falls on the compliance maturity continuum. An organization should thoughtfully decide where it wants to be on the spectrum – foundational, modernized or value-creating – and then develop a defined roadmap to break down the necessary changes and make them happen. Each organization can determine how far it needs to evolve – whether it wishes, in effect, to have in place a check-the-box compliance vehicle or a state-of-the-art model.

As a company moves along the continuum, much more becomes possible. Companies can transform the entire compliance function, half of the function, or even just one piece of the function. It’s not about building more, but rather taking a critical review of what already exists and rightsizing administrative practices or bolt-on solutions in favor of a more strategic and agile approach. But to enter the realm of value creation, few organizations can stick with the status quo.

Tom Nicolosi is a Deloitte Risk and Financial Advisory principal for Deloitte & Touche LLP.  Carey Oven is a Deloitte Risk and Financial Advisory partner for Deloitte & Touche LLP.