Seven steps to effective enterprise-wide compliance
For the folks at BP in the Gulf of Mexico, the day April 20, 2010, remains deeply evocative. Touted to be the largest marine oil spill in the petroleum industry, the Deepwater Horizon oil spill (also referred to as the BP oil spill) claimed several lives and caused extensive and irreparable damage to marine and wildlife habitats. In yet another incident of negligence, 117 garment workers met their unpleasant fates in the infamous Tazreen Fashions factory fire in Dhaka, Bangladesh; in November 2012. Better fire safety and wiring standards could have averted the disaster, said the report.
Business landscape today is dotted with many such cautionary tales of non-compliance and the common refrain that follows is often, it could have been prevented. Holistic compliance is one of the foundation stones of a successful enterprise and a partner who can speed up the journey to effective enterprise-wide compliance is always very sought-after.
Before undertaking compliance initiatives
When commissioning a global compliance program, enterprises are most often clueless about how much it is going to cost them or how complex it could get. To begin with, enterprises should create an action plan that answers the following questions before undertaking compliance initiatives:
- What is the cost of setting up an in-house compliance program?
- Is the all-encompassing expertise for the compliance initiative available?
- Is data security a cause for concern?
- Who will monitor risk and compliance in a comprehensive manner?
- How soon can the desired state of compliance monitoring be achieved?
Many enterprises also prefer outsourcing compliance initiatives to a capable service partner to save cost, time, and effort, while also gaining valuable expertise. A service partner can provide enterprises with a comprehensive framework that will catalyze their journey towards holistic compliance.
A seven-step approach for a holistic compliance framework
With the right people, processes, and tools in place, a holistic compliance program is only seven steps away:
- Step 1 - Understand compliance requirements: An enterprise with a global presence needs to understand different regulations across countries. Remember, compliance is not just about regulations, it also includes organizational policies, contracts, and standards.
- Step 2 - Classify requirements into focus areas: Once compliance requirements are established, classify them into focus areas such as ethics, fair labor, medical, workplace harassment, security, environmental, incident response, and so on.
- Step 3 - Identify owners for implementation: Implementing any new initiative is usually met with resistance. To overcome this and ensure that processes are followed, identifying compliance process owners is essential. These owners would have specific responsibilities assigned to them and they would span across business functions and geographies.
- Step 4 - Evaluate risk levels: Business impact analysis, root cause analysis, probability or frequency of occurrence, risk mitigation options - these are some of the ways through which risk levels are computed. Once the risk evaluation is complete, the risks can be categorized as very high, high, medium, low, and very low.
- Step 5 - Create a compliance program: The compliance program can be industry-specific, geography-specific, country-specific, state-specific, or can even be a combination. While designing the program, ensure that you have factored in elements such as current and aspired compliance statuses, risk scores, timelines, risk management owners, and residual risks.
- Step 6 - Monitor / track the compliance program: Use a technology tool that can track and compare multiple compliance entities, generate dashboards and reports, and enable multiple user accounts. A good compliance program should be continuously measured for effectiveness and impact.
- Step 7 - Scale the compliance program: As priorities change, the compliance program should also have the flexibility to reconfigure without disrupting day-to-day operations. It should also be easily repeatable across geographies and value chains.
Infosys BPO Compliance Management tool
The best-practices outlined in the seven steps are embedded in the Infosys BPO Compliance Management tool. It is built on a strong risk methodology framework and comes with a pre-configured, workflow-based, and automated technology platform. The compliance management tool follows a four-step approach to address requirements:
- Identify regulations and process owners
- Evaluate risks and develop mitigation plans
- Implement and review compliance programs
- Increase maturity levels and scale them to match global standards
For more about the Infosys BPO Compliance Management tool, read the white paper http://www.infosysbpo.com/insights/Documents/effective-enterprise-wide-compliance.pdf
Outsourcing a few compliance processes is not the solution; it is only part of the solution. An effective enterprise-wide compliance will become a reality only with a comprehensive framework. A framework that provides the right people, processes, and tools to catalyze the journey towards holistic compliance.