Alyned Thinking

Why new thinking is needed and how we are putting our expertise to work.

Can Risk Management and Compliance be digitalized?

A typewriter and an old printer on a street next to a park

Digitalization is a seemingly new buzz word on the agenda in many organizations as well as in pitch decks of savvy consultants. It describes the introduction of digital technology to an organizational process to make existing activities more effective or deliver a new service to the organization. Avoiding manual steps, human intervention and any unnecessary interfaces are commonly a focus point. Over the past decades, the term has been used in various contexts, from actually transforming physical processes like type setting to digital printing or using computer aided design instead of pencil and paper. However, in today’s practice, businesses usually mean leveraging X-as-a-Service offerings to apply flexible and scalable technology to optimize a specific business outcome when talking about digitalization.

What does digitalization mean for Risk Management and Compliance?

You could argue that Risk Management and Compliance are already largely digital domains and digitalized, however it’s worth taking a second look when you consider the following characteristics I’ve encountered in these functions in companies around the world:

  • Lots of manual interaction
    Many Risk Management and Compliance processes in organizations involve multiple separate spreadsheets, feedback and additions being sent back and forth via emails, spreadsheet outcomes pasted into slide decks and probably still some printouts with a busy executive’s hand-written comments.

  • Labor intensive processes
    Compliance reporting and Risk Management requirements have developed so rapidly, that especially highly regulated companies like banks have solved an immediate need by hiring more people. Compliance and Risk Management departments have grown to enormous dimensions.

  • Generic and outdated toolsets
    While digital tools are used in Risk Management and Compliance, these tools are often generic tools, such as spreadsheets or outdated solutions, like many GRC tools currently on the market. Processes are not necessarily streamlined and the quality of the output is highly dependent on the structuring and content of the user, as little guidance or content is provided.

So how can digitalization add value?

I believe there is huge value to be added through digitalizing Risk Management and Compliance processes, and the emergence of RegTech as a trend in late 2015 seems to support this.

If you are a company looking to optimize these domains or you are a RegTech with a solution you think can drive digitalization, try benchmarking them against the following questions:

  • Does it save money?
    Risk Management is an expensive undertaking and measuring return on investment is difficult. Cost of Compliance is always matched against the Cost of Non-Compliance. Your solution needs to significantly tip the scales.

  • Can it commoditize something you do today?
    Many Risk Management and Compliance processes are driven by experts applying knowledge or skills to analyze a specific issue. Digital solutions need to at least commoditize the legwork allowing experts to focus on high value risk analysis and decisions.

  • Is greater transparency enabled?
    Assurance is generally provided on a sample based auditing approach. Highly scalable technology may allow full assurance coverage to increase compliance transparency, allow for better insights and enable more powerful risk analytics.

  • Are insights delivered faster?
    With business moving faster, Risk Management and Compliance is more about detecting and reacting appropriately to a risk event than trying to prevent every possible scenario. The faster risk insights are delivered, the more powerful the GRC solution.

  • Does it create actionable results?
    Most organizations have plenty of risk data, few can derive actionable compliance insights in near time from it. Smart RegTech solutions should streamline the process from capturing risk data to delivering actionable compliance insights to the right stakeholders.

I’m certain we will see some powerful RegTech and FinTech solutions in 2016 that can contribute to digitalizing Risk Management and Compliance successfully. Our vision for Alyne is to support Risk Managers and Compliance Professionals in focussing on developing and executing Risk Management and Compliance strategies. Their core competence should be finding smart ways to effectively comply with laws and regulations and mitigate risks. The heavy lifting of identifying and analyzing risks and compliance requirements should be digitalized and left to Compliance as a Service or Risk Management as a Service such as Alyne.


Image credit: CC-BY 2.0 Matt Jiggins on Flickr
Karl Viertel
Author: Karl Viertel
About the author
Founder & CEO of Alyne, IT security professional, gadget enthusiast.