You are currently browsing the category archive for the ‘Governance Risk & Compliance (GRC)’ category.
Today’s proponents of artificial intelligence (AI) tend to focus on its spectacular uses such as self-driving cars and uplifting ones such as medical treatment. AI also has the potential to aid humanity in more modest ways such as eliminating the need for individuals to do tedious repetitive work in white-collar areas. Along these lines, at its recent Vision users conference, IBM displayed an application of its Watson cognitive computing technology designed to automate important aspects of regulatory and legal compliance. Should it prove workable, the application of cognitive computing to compliance could be the first step in achieving what various “Paperwork Reduction Act” legislation has failed to do: substantially cutting the time needed to comply with rules imposed by government entities.
Regulatory compliance requires plenty of effort, especially in heavily regulated industries and especially during periods of rapid change in rules. Regulatory burdens on business in the United States have been increasing and growing more complex. For example, the number of pages added to the U.S. Federal Register, a rough measure of rule-making, grew 38 percent, from 529,223 pages in the 1980s to 730,176 in the 2000s, and that growth is on pace to reach 800,000 for the decade ending in 2019. Not all of these additions apply to a specific company’s business, and not all changes are relevant. But poring through pages of laws, rules and judicial rulings to identify relevant new requirements or changes to existing ones requires expertise and often considerable effort. Determining how to address regulatory changes and ensuring that these requirements are being met also entails knowledge and experience and consumes time. While necessary virtually none of all this work adds to the bottom line (except to the extent that it avoids fines or penalties) or improves a company’s competitiveness.
In concept, cognitive computing is well suited to help manage compliance because it has the ability to continuously scan all sources of rule-making, identify those that may be relevant to an organization, and provide suggestions on how best to comply with rules and oversee the compliance program. It can improve the effectiveness of the compliance process by reducing the risk that a company will overlook regulations that apply to it or will implement a compliance program that does not adequately address requirements. In short, by using automation, cognitive computing can increase the efficiency with which a company addresses its compliance requirements. Our benchmark research on governance, risk and compliance (GRC) finds that this is important: Companies most often focus on GRC to contain overall risk and the risk of failure to comply with regulations (77% and 74%, respectively) and much less often to cut costs (31%).
The primary steps any company faces in addressing regulatory compliance are identifying and understanding regulations that apply to it; determining how to address each of them; creating the appropriate measures and governance to achieve compliance; ensuring that the necessary documentation is created to confirm conformance; and guaranteeing that issues that arise are handled properly. Companies face challenges in doing this correctly and in a timely fashion. The process of interpreting the regulations and linking them to the appropriate controls is difficult and costly. Expertise is necessary, on the part of internal staff, external consultants or legal counsel. Historically companies have devolved responsibility for regulatory compliance to the individual business units most closely affected because it was the practical approach. However, decentralized approaches make it difficult to gauge overall compliance, and as the scope of regulation increases over time they lead to duplicate controls and increased costs of compliance.
IBM Watson is potentially a good fit for managing regulatory compliance because it pools knowledge of a topic. As in the case of medicine, the collective efforts of all companies using Watson to assist in managing regulation help all of the participants. Because their combined learning processes are cumulative, Watson can build a knowledge base fast and absorb new facts and conditions quickly. It’s to all participants’ advantage to expand the capabilities of the system cooperatively. In both disciplines, learning involves mastering a technical language and syntax and being able to link their meaning to specific recommended actions.
Watson’s approach to cognitive compliance starts by parsing the body of regulations in a fashion similar to the work it has done in consuming the scientific literature in the field of medicine. It then would identify all compliance requirements that may be relevant to a specific financial institution. The company would vet the list it produces to arrive at a list of validated compliance requirements. The cognitive compliance system would then use Watson to generate a recommended set of controls and procedures based on accepted practices (which may be rooted in anything from black-letter law to actions taken by similar companies). The user company would select those that it deems appropriate. These decisions would be made by trained individuals – for example, those with compliance responsibilities in a particular area, internal counsel or attorneys specializing in a relevant practice area. Once established, a cognitive compliance system could automate the process of monitoring regulatory actions and rule-making that is relevant to the company and flagging anything that requires review.
IBM intends to focus Watson’s cognitive compliance efforts initially on the financial services sector. In part this is because the company already has a significant presence in this market segment, but the main reason is because in the United States the complexity of the rules governing this industry has mushroomed since the financial crisis of the past decade. For example, the so-called Volcker Rule, intended to prevent banks from engaging in speculations that put government deposit insurance and the financial system at risk, was spelled out in just 165 words in the 2010 Dodd-Frank Act. However, translating that concept into practice required the collaboration of five regulatory agencies: The Federal Reserve, the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC). It took about five years for this group to assemble a 71-page rule (not written in plain English) that has an 891-page preamble. As to cost of dealing with this complexity, in 2015, the OCC estimated that the cost of complying with Dodd-Frank for the seven largest U.S. banks in 2014 was US$400 million. In another example, 13 Europe-based banks spent between $100 million and $500 million each to achieve compliance with a rule requiring them to create umbrella legal structures for their local operations and take part in the Fed’s annual stress tests. To be sure, the current regulatory conditions affecting banks is an extreme example. However, for that reason it’s an attractive potential market.
If applying cognitive computing to regulatory compliance works for financial services, there are likely to be many other industries in which the regulatory requirements are demanding enough to track and implement to make its use worthwhile. One intriguing possibility for the longer term is Watson’s potential to identify duplicate or conflicting regulations and laws and enable legislators and regulatory bodies to streamline or rationalize them. We recommend that financial services organizations and perhaps others look into this intriguing possibility.
Senior Vice President Research
Follow Me on Twitter @rdkugelVR and
Connect with me on LinkedIn.
Workiva offers Wdesk, a cloud-based productivity application for handling composite documents. I use the term “composite document” to refer to those in which text is created and edited collaboratively by multiple contributors and which incorporates tabular and numerical data from multiple sources in a controlled process. Composite documents often have formats defined by law, regulation or contract and must be created at periodic intervals. To comply with the requirement by the United States Securities and Exchange Commission (SEC) that companies “tag” their financial filings using eXtensible Business Reporting Language (XBRL), many companies acquired software to automate the creation and tagging of these composite documents.
Workiva began as WebFilings and initially offered software to streamline the SEC document submission process. In 2013 it released Wdesk to address the larger market for composite document creation. The software has uses beyond SEC filings. They include a variety of documents or presentations for external or internal purposes that corporations routinely produce, including board presentations, management reports, audit management, disclosure documents and other regulatory or compliance filings. Using such software, companies (and especially finance departments) can cut preparation time, complete documents sooner and substantially reduce errors in them.
Software products for handling composite documents like Wdesk have capabilities similar to those of document management applications except that they are designed to be easily used by business people with limited or no involvement by technical specialists and at much lower cost of ownership. This is especially true for cloud-based software. As is the case in using document management software, the text portion of the composite document is produced and reviewed by many people in multiple departments for various purposes in a defined workflow that includes approvals. To facilitate reviews, Wdesk enables approvers to read, comment on and accept a document or any component of it on a mobile device. In the process of creating the document multiple versions are created and the software ensures that people work only with the current version. Permissions for creating, editing and approving the document can be granular (such as limited to a specific paragraph or table or even a single data point). Especially for internal documents (such as Sarbanes-Oxley Act attestations) Wdesk can connect substantiating documents directly to specific parts of a document.
The sections and basic form of a composite document may be highly structured, in which case the software automatically maintains this structure and all formatting. The format includes the order of the sections, the section headings, specific wording in boilerplate sections, paragraph styles and even the typeface, to name the most common requirements. If the document is a periodic filing, it must be consistent from one period to the next, keeping the format and structure of each individual section exactly the same. Wdesk also ensures that text and numbers that are reused across multiple documents and presentations are consistent.
In addition to consistency, another major advantage of using Wdesk to automate the document creation process is that it can significantly reduce the incidence of errors while reducing the time devoted to checking the document for them. For example, numbers referenced in the commentary must agree with those in the tables. These numbers often change over the course of the drafting period, sometimes frequently and on occasion late in the process when deadlines are short. A composite document application will always contain the most accurate and up-to-date numbers. This is important because in our benchmark research on the financial close research three out of five participants said that the consistency and quality of data in company reports is a significant or very significant problem.
As the numbers (such as financial and operational results) referenced in a table change, the numbers in the narrative associated with those numbers, as well as any associated percentage, change citations. For example, in the statement “advertising expense was $X, up Y%,” the numbers X and Y will always be in agreement with each other and any table containing them. Automation can also help because some types of regulatory documents and filings have particular requirements that must be enforced. For example, when financial data is presented in a shortened form (in thousands or millions of currency units, for example), the rounding often must adhere to a specific convention.
Using a software application designed to automate and support the process of creating filing documents can reduce the amount of time and effort necessary to produce the final result. It does so by establishing a repository of record for the text and data, automating the compilation of the document including the tabular data and individual text sections, using workflow to manage the process, and applying controls and audit features.
Using such software enables corporations to achieve substantially greater efficiency as well as tighter and more consistent control over this process. Process management capabilities can cut the administrative workload for people who “own” the filing document and reduce the possibility of delayed handoffs and missed deadlines. Document management features enable administrators to track the progress of the individual components, automate reminders to individuals as deadlines approach and generate alerts if they miss start or completion times. In contrast, when regulatory filings and similar composite documents are assembled using personal productivity software and orchestrated through email attachments and notifications, the process needlessly occupies the time and attention of highly trained, well-compensated people who have to spend hours performing dull, repetitive tasks that require their skills. Automation on the other hand leaves only the essential work to be done, allowing expert individuals to focus only on that and have more time to concentrate on their real jobs.
Using software to automate and control the creation of composite documents for external or internal users can substantially cut the risks of errors and missed deadlines. This software can be used broadly to address multiple regulatory and legal requirements in the finance, legal, internal audit and other departments. I recommend that companies – especially their finance and legal departments – that create composite documents automate their production and investigate whether Wdesk will address their requirements.
Senior Vice President Research
Follow Me on Twitter and
Connect with me on LinkedIn.