Calendar An icon of a desk calendar. Cancel An icon of a circle with a diagonal line across. Caret An icon of a block arrow pointing to the right. Email An icon of a paper envelope. Facebook An icon of the Facebook "f" mark. Google An icon of the Google "G" mark. Linked In An icon of the Linked In "in" mark. Logout An icon representing logout. Profile An icon that resembles human head and shoulders. Telephone An icon of a traditional telephone receiver. Tick An icon of a tick mark. Is Public An icon of a human eye and eyelashes. Is Not Public An icon of a human eye and eyelashes with a diagonal line through it. Pause Icon A two-lined pause icon for stopping interactions. Quote Mark A opening quote mark. Quote Mark A closing quote mark. Arrow An icon of an arrow. Folder An icon of a paper folder. Breaking An icon of an exclamation mark on a circular background. Camera An icon of a digital camera. Caret An icon of a caret arrow. Clock An icon of a clock face. Close An icon of the an X shape. Close Icon An icon used to represent where to interact to collapse or dismiss a component Comment An icon of a speech bubble. Comments An icon of a speech bubble, denoting user comments. Comments An icon of a speech bubble, denoting user comments. Ellipsis An icon of 3 horizontal dots. Envelope An icon of a paper envelope. Facebook An icon of a facebook f logo. Camera An icon of a digital camera. Home An icon of a house. Instagram An icon of the Instagram logo. LinkedIn An icon of the LinkedIn logo. Magnifying Glass An icon of a magnifying glass. Search Icon A magnifying glass icon that is used to represent the function of searching. Menu An icon of 3 horizontal lines. Hamburger Menu Icon An icon used to represent a collapsed menu. Next An icon of an arrow pointing to the right. Notice An explanation mark centred inside a circle. Previous An icon of an arrow pointing to the left. Rating An icon of a star. Tag An icon of a tag. Twitter An icon of the Twitter logo. Video Camera An icon of a video camera shape. Speech Bubble Icon A icon displaying a speech bubble WhatsApp An icon of the WhatsApp logo. Information An icon of an information logo. Plus A mathematical 'plus' symbol. Duration An icon indicating Time. Success Tick An icon of a green tick. Success Tick Timeout An icon of a greyed out success tick. Loading Spinner An icon of a loading spinner. Facebook Messenger An icon of the facebook messenger app logo. Facebook An icon of a facebook f logo. Facebook Messenger An icon of the Twitter app logo. LinkedIn An icon of the LinkedIn logo. WhatsApp Messenger An icon of the Whatsapp messenger app logo. Email An icon of an mail envelope. Copy link A decentered black square over a white square.
Insights

OPINION: Culture, values and technology – the world of compliance is changing

By Rob Haden, Forensic & Integrity Services, EY
06/09/2018, 6:00 am Updated: 06/09/2018, 7:43 am
Rob Haden, Forensic & Integrity Services, EY
Rob Haden, Forensic & Integrity Services, EY

The current compliance landscape is one of rapidly changing regulatory requirements, continuous advances in technologies, and declining consumer trust. Energy companies’ compliance functions are being asked to deliver more in a constrained cost environment, facing increasing regulation and responding to the demands of multiple regulators. Luckily technology changes in the form of Automated Compliance are now able to really help.

The compliance landscape

The landscape is already dispersed with domestic and international bribery legislation, stringent health and safety regulations, and a wide array of region-specific matters including sanctions and local content. Failure to adapt compliance to existing and new regulations could have a serious reputational and financial impact for Oil & Gas companies as recent newspaper headlines, scandals and eye-watering penalties have demonstrated. Recent additions such as the UK Criminal Finances Act, GDPR, and the Network and Information Security Directive (NISD) will only intensify the pressure to comply and many Company boards are asking compliance functions how automation and machine learning can help. So how do firms redefine their compliance functions to respond to, or even pre-empt, emerging challenges?

What is Automated Compliance?…

In a nutshell, Automated Compliance is preventing the occurrence (or recurrence) of incidents or breaches through data-driven monitoring.

Embracing technology to manage compliance risks may take many forms. In moving towards automated compliance, businesses may make a number of interventions aligned to their risk appetite. In taking any step, we suggest that clients ask, and answer, several key questions when seeking to realise benefits from any intervention.

  • What could be the early warning signs of a behaviour or incident?
  • Can those warning signs be converted into a signals from data?
  • Can sensors placed in the systems generate those signals?
  • How frequently do you need to review those signals for genuine insight?
  • How will you review (and refine) those signals?

The answers to these questions will help inform the design and implementation of individual components of automated compliance. The more areas it is applied to the further down the automation journey an organisation will be.

The human factor…

A well-built compliance programme minimises the time and cost of response, and mitigates damages from a breach. To be truly effective though, compliance and ethics needs to be embedded in an organisation’s culture. Having the right culture and values in place within an organisation will always be vital, and developing and harnessing automation can give a board useful tools and indicators to focus effort and prompt action.

Businesses need to be aware that monitoring data points could be perceived by employees and stakeholders as a form of ’big brother‘ supervision, particularly where these questions are asked and forms of automation are implemented across a broadening scope of organisational activities. It is important to acknowledge this challenge in order to balance it against a legitimate need to leverage the tools available and manage potential breaches or inappropriate behaviour.

Automation should not be at the expense of human insight, and red flags from automated monitoring must be addressed by the right people, showing the appropriate levels of care, and with collaboration from all multiple areas of the organisation. As regulatory and compliance risks evolve there will be an increasing need for this multi-disciplinary approach to ensure the right organisational knowledge is around the table. This will involve more than just compliance professionals as the sphere of regulation widens.

As the quantity and complexity of data captured by regulation increases exponentially, proactive data-driven compliance supervision systems are likely to become the only practical way to address compliance risks, meaning that a purely people-driven compliance strategy becomes more strained and unsustainable as a long term solution.

The rewards can be significant, as transparency of compliance is emerging as a competitive edge, particularly in fields such as data privacy and data utilities.  Effective compliance monitoring can surface issues and insights of value to the business including acting as a gauge on culture and can be central to strategic objectives.

Recommended for you