As seen in risk.net
KPMG’s Todd Semanco discusses how the leveraging of regulatory technology, digital labor and data analytics is transforming compliance programs, and why cognitive automation is seen as the future of regulatory infrastructure.
In today’s environment, risk and compliance leaders are increasingly challenged to take on more responsibility though funding levels often do not keep pace. This is prompting many to pursue sustainable means of becoming more efficient while improving quality and broadening capabilities. Two areas rife with opportunity for redesign are monitoring and testing, and leaders are considering how digital labour and automation can transform the function in a variety of ways: broader, deeper and more frequent coverage; enhanced synergy across multiple assurance functions; a more dynamic and robust risk assessment process; and more meaningful and streamlined reporting, including data visualisation.
What should organisations consider when transforming a monitoring and testing programme?
Todd Semanco: In order to maximise the value in such a transformation, it is essential at the outset to confirm an enterprise view of all the various testing activities across the organisation. Not only will this be critical in identifying gaps and redundancies in coverage, but is also required to evaluate and determine an optimal target-state model – whether it be a centralised monitoring and testing function or a decentralised function operating under a common mandate and set of standards. Test scripts and procedures should be analysed to confirm appropriate alignment to regulatory obligations and policies, and such analysis should include the availability and integrity of testing data, as well as documentation of the products, activities and systems covered by the respective testing and monitoring plans. Considering these elements, leaders can develop tangible, prioritised automation road maps focused on addressing gaps and/or shifting execution from human capital to digital labour.
The foundation of monitoring and testing programmes is a robust compliance risk assessment. What are the recent trends in this area?
Todd Semanco: Risk assessment continues to represent an area of heightened attention for many. Among the top focus areas are the breadth and frequency of risk assessments, key variables and drivers considered during the risk assessment process, the qualitative and quantitative mechanics, and, of course, the alignment of risk assessment results to testing and monitoring efforts. Risk assessment is a dynamic exercise in which numerous inputs such as testing results, complaints, hotline calls, investigations, etc, are considered ‘real time’, and testing and monitoring plans are either confirmed or adjusted accordingly. The reality is, given the volume and pace of change of this data, many organisations struggle to surface and apply insights at an appropriate rate. For many, it is becoming clear that enhanced automation, leveraging integrated regulatory technology and digital labour, is a ‘must-have’ to sustainably assess risk in a timely manner.
What role is technology playing in monitoring and testing programmes?
Todd Semanco: Regtech – broader than fintech and not limited to a specific echnology – and digital labour are being leveraged to transform programmes end-to-end. From the way organisations monitor and manage global changes, to regulatory obligations and how testing is performed, analysed and reported, all components of managing the function are under review. The demands, from internal and external stakeholders alike, to demonstrate adequate coverage and provide precise impact and root-cause analysis are very high. To meet these demands, leaders are increasingly turning to technology to collect, consolidate and map key data elements together – for example, obligations, policies, risks, controls, process detail – at a granular level. This capability supports not only dynamic regulatory change management activities, but also the oversight of business process and technology changes. Further, by consolidating and integrating monitoring and testing scripts within this technology, forming rules engines, outcomes and impacts may be more immediately assessed and remediated while data is accumulated to support predictive analytics.
With the speed of technology advancement, how are organisations leveraging digital labour?
Todd Semanco: We’re seeing all levels of organisations – from the business to risk, compliance and internal audit partners – intensifying their efforts to further cognitive automation, integrate digital labour and establish an enterprise-wide automation infrastructure. Efforts are typically phased along a continuum – from basic process automation of repeated high-volume transactions to enhanced robotic process automation reliant upon both structured and unstructured data sources, through to cognitive automation. In the monitoring and testing space, digital labour is driving a shift from sample-based testing to the testing of full populations, and resultant outcomes are increasingly available for use in analytics, predictive forecasting and enhanced monitoring and surveillance. Leading organisations are viewing this as an investment opportunity to revamp monitoring and testing capabilities in a sustainable way while operationalising compliance – often while yielding a compelling return on investment and competitive advantage.