What is compliance software, what does compliance software do, who needs compliance software? You Do.
When you think “compliance software,” what do you think of? We’re willing to bet that you think of big banks, investing millions in software meant to keep them from running afoul of byzantine financial laws and regulations.
But while financial institutions do rely on compliance management technology to minimize risk, they’re not the only organizations who use compliance software. All companies need it, and not just for financial or legal reasons. Running a business means lots of rules, both external and internal. Employees need to know what the policies are, when they change, and how they’re expected to act in various situations. When employees don’t, the company or its customers may be at risk.
Software Advice, a Gartner-owned company, surveyed an anonymous sampling of employees across various industry about compliance. The survey found that 51 percent of employees admit to knowingly violating policy; 21 percent say they violate regulations daily and weekly.
The top violations aren’t financial (or at least no one admitted to financial infractions). The top three areas in which employees violated policy were:
- online security
- acceptable use of company resources
- workplace behavior
This may sound terrible — and it does mean the employees are exposing their employers to risk — but when the employees who committed infractions were asked why they violated regulations their answers made their behavior more understandable.
Thirty-eight percent of the offending employees said there were simply too many compliance regulations, 16 percent said the regulations were too complex, and 14 percent said that compliance with those regulations is too time-consuming.
Simply put, compliance with every new regulation and policy is just too much for overwhelmed employees or managers to handle. Regulations change quickly, and often, even company owners don’t know when something has changed.
That’s where compliance management software comes in.
You need look no further than the European Union’s looming General Data Protection Regulation (GDPR) deadline in May, which has dominated most conversations about compliance in the past year.
Any company that does business with E.U. citizens must change the way it stores consumer data, reports data breaches, and handles consent and data subject rights. Any mistakes by employees will mean the company isn’t in compliance and will be fined. This doesn’t apply to just banks or large corporations. The GDPR affects all companies, of all sizes, in all sectors, who do business in Europe or with people who live there.
GDPR is just one of the many reasons all companies — not just the big ones — need to look into compliance software. Software can help companies keep track of all the rules, regulations, policies, and laws they need to obey. It can automate certain tasks so that already overloaded human employees don’t need to worry about them. It can help a company easily train its employees, and it can catch human error, so that a small mistake doesn’t cause a huge problem.
But first: what does compliance mean for your business?
Compliance can seem like a big, intimidating subject to businesses that have never considered it before, but it doesn’t need to be. At its core, compliance is just about doing the right thing (or at least, the smart): obeying the law, industry regulation, or sticking to best practices. It’s about managing risks that could do damage to a company, its customers, or its employees. Software is simply a tool to make that job easier.
So, what is compliance? And what does it mean for you, and the company you work for?
Compliance falls under the umbrella of Governance, Risk, and Compliance (GRC), a concept defined in 2010 by Nicolas Racz, Edgar Weippl and Andreas Seufert as “an integrated, holistic approach to corporate governance, risk and compliance ensuring that an organisation acts in accordance with its self-imposed rules, its risk appetite and external regulations through the alignment of strategy, processes, technology and people, thereby leveraging synergies and driving performance.’
In other words, GRC simply refers to whatever combination of measures a company is taking to make sure it’s sticking to the rules: its own, its industry’s, and the law itself. Those measures can be anything: communication from leadership, processes, or compliance management software.
Compliance is not just for the financial sector
Banks trade in risk, so a lot of the literature about GRC mentions financial institutions, but compliance goes far beyond the world of banking and finance — there’s a lot of risk involved in running any business.
Those risks can come in the form of tax regulations, IT security, the law, industry regulations or conduct code violations. Anything that poses a possible problem for a business is a risk. Not being aware of what those risks are, can be a huge problem for any company.
For example, in 2016 the United States’ Office of Foreign Asset Control (OFAC) cited and penalized several companies for violating international sanctions. Less than half of those companies were banks, and several of those companies simply didn’t have compliance programs in place to keep them from violating trade laws. That lack of a compliance program didn’t mean OFAC went easier on them — it was considered “reckless disregard” and weighed against them when OFAC was handing out punishments.
The problem for companies is that there is an overwhelming amount of rules, regulations and policies to comply with, governing everything from finance to cybersecurity to sexual harassment in the workplace to whether suppliers are obeying the law.
If company owners are having a hard time keeping up with new regulations, laws, and policies, it’s even worse for employees, who don’t have the same sort of stake in making sure their company is in compliance.
What can compliance software do for a company?
Compliance management software can take many forms.
In some cases, compliance technology manages risks by automating functions that would be time consuming or tedious for employees to do manually. Sometimes it’s simply software that keeps relevant information in one place for reporting purposes. Often it takes the form of software-guided compliance training, walking employees through a new regulation or policy so that they’re aware of changes.
Software plays an increasingly important role in most organizations’ overall GRC strategy. From 2011 to 2017, major companies increased their spending on compliance technology by 36 percent, according to a study by Globalscape. For financial institutions, spending on regulatory technology is projected to grow to $80 billion by 2020 — 90 percent of that spending will be on compliance software and similar tools.
GRC software is very popular with employees, on whom the burden of compliance often falls. According to the Software Advice survey, 73 percent of the respondents preferred compliance software to emails and other compliance management measures.
The reason for its popularity is simple: software takes the burden of manual compliance management out of employees’ hands. It’s also more efficient than paper-based processes; employees aren’t wasting their time on it. In other words, compliance software manages and remembers regulations so humans don’t have to.
Software-guided compliance training is also a form of compliance software. This sort of technology has had a positive effect on employees, according to Software Advice. Almost half the employees at companies that provided no compliance training said they had no understanding or an imperfect understanding of company policies.
Companies with annual or semi-annual software-based training, however, reduced that number significantly. Employees who were trained showed less confusion, with more than 65 percent of employees reporting that they were very clear on their employers’ policies.
Compliance is not just about the law
Compliance management software is best known for keeping businesses on the right side of regulatory laws — and we’ve discussed some intimidating examples of that above — but sometimes compliance is about internal regulations as well.
Every business in every industry can save money, reduce risk and increase revenue by using compliance software to align the workforce with critical information about their internal policies. Using compliance management software can reduce waste at work when employees are updated on best practices, or a new procedure. Using software to keep employees updated on new rules and regulations can keep them from unwittingly breaking one (and some software can let managers know who hasn’t read their updates.)
Businesses have rules and regulations for a reason: they help the company function efficiently, legally, ethically, and profitably.
When everyone in a company is following those rules, the company is functioning as it should be, and that means it’s not breaking any laws, taking any unnecessary risks, or losing of its profit to preventable infractions or violations. Compliance software is a tool that allows companies to get to this state.