In part 1 of this series, we discussed the pitfalls of relying on desktop applications like Word and email to manage policy updates and communication. Now we explore the alternative.
How about centralised storage, version control, single source of the truth for review, comment and approval? Workflow? Document mapping? These alone should improve any poor policy management process by a lot.
The true benefit of a good policy management system is to establish a firm foundation for setting compliance standards for which the business must apply. These standards set out expected behaviours of staff throughout the organisation. In order for this to be successful, the information that is input and subsequently output, is vital. Think of it as if you were to build a house. Pouring the concrete foundations of a house isn't much to be excited about, however, without this, there's no chance of creating a functional, comfortable and safe home.
Policy management is a fundamental part of the 'Regulatory Landscape' process. Broadly, this is regulator contact, horizon scanning, obligations, policy management, controls, various reporting needs. And, importantly, the surfacing of policy information to users.
Policy is fundamentally driven by regulation and what you are obliged to do as a company. As we all know, the regulatory burden will continue to grow. Do you really want to leave your policy review in the hands of a compliance team (let alone other, equally busy teams like risk, technology and operations) to 'remember' to identify something that has changed? Surely, this isn't the reason you hired highly experienced and expensive compliance resources?
You initially hired Compliance staff to provide valuable insight, partnering with your business to meet company objectives. Not to rely on their collective memory to manually piece together various planned changes by a multitude of regulators that could impact any number of policies.
The RegTech world provides many solutions to challenges found throughout the management of the 'regulatory landscape'. Many of these solutions offer 'hooks', via APIs, to push and pull information from one application to another; connecting policy management processes to regulatory horizon scanning and obligations assessments. As changes are assessed and implemented, impacted policies and procedures can automatically flag up.
Relevant individuals and teams that have ownership of specific policies can more easily engage and collaborate as changes are reviewed, approved and new versions are published to staff.
No more need for all of those Word documents flying around on email! One single place to manage every stage of the policy life-cycle. One place to record all changes and approvals.
One portal to ensure staff have access to only, the latest version, of any particular policy. One, dynamic, integrated, solution to provide assurance to senior management that the relationships between published policy and the firm's regulatory obligations are understood and continually monitored.
Back to the housing analogy, even this isn't really the exciting bit as now all you have is the basic structure to the property although perhaps now it's also waterproof!
The exciting bit (where to position the TV, place the smart speakers or hang the family portrait) comes when we can link to 'controls' and start surfacing policy information.
If you missed out on Part 1, you can read it here.