Get Started
Automating Risk and Compliance

Q&A | June 22, 2023

Automating Risk and Compliance

New technologies are keeping corporate leaders in compliance with the fast-changing rules that affect their businesses

Companies, especially those with operations in multiple countries or regions, must stay on top of an ever-changing regulatory environment to manage risk and compliance. Some policies such as the European Union’s Digital Operational Resilience Act, are designed to strengthen IT security practices at financial institutions only, while others, like the EU’s General Data Protection Regulation or the U.S. Securities and Exchange Commission’s proposed cybersecurity rules, have broader reach.

Up-to-the-minute awareness of regulatory developments and their potential impact on a company’s business practices and overall risk profile is crucial, according to Devin Amato, global integrated risk management automation leader and U.S. digital automation and risk leader at Deloitte & Touche LLP. In a conversation with Workflow, he explained how moving essential processes out of spreadsheets and slide decks helps break down silos, which makes such awareness difficult across an entire organization.

This interview has been edited for length and clarity.

Related

 Facilitate Collaboration Between IT Operations Management and Security Operations with AIOps

Get eBook

Staying abreast of regulations has always been a challenge for companies. Most have a legal function and a compliance function, which are tasked with tracking key areas like data privacy or antitrust, that may be particularly relevant to the industries they’re in. But they may not have a centralized, dedicated regulatory shop. Historically, we’ve seen a shortage of staffing in that area—and that might be difficult for many organizations to change in the current business environment. As a result, companies may lack a broad view of the regulatory landscape. The intelligent use of automation can help increase visibility across silos, helping companies do more without necessarily adding headcount.

A lot of organizations have one person or team that's responsible for a specific set of regulations, and it's up to them to understand how laws change. To do so, they monitor regulators’ websites or updates from a trade organization or a third-party provider, and then reconciling the new regulations with the old ones. When that’s done, they try to understand the impact on the organization’s policies, risks, and controls. Many rely on spreadsheets and slide decks to do this—not exactly an efficient process. Companies can streamline that process—and gain a competitive advantage—when they use technology that automatically identifies regulatory changes, points out where those changes affect current practices, and even suggests what can be done in response.

Risk is multifaceted. Regulatory risk is a challenge for many organizations, especially multinationals, but when you layer on additional elements like cyber risk, financial risk, and so on, it grows exponentially. Leaders need a broad view of risk across the entire enterprise. Disparate systems designed to manage one element of risk make that much more difficult to achieve.  When we speak with chief information security officers or chief risk officers, we hear their desire to get all these platforms working together.

Trending articles

Related

Navigating the future of data privacy

Read article

Related articles

The future of security is automated
COLUMN
The future of security is automated

There aren’t enough security analysts in the universe to manage a rising tide of threats. Automation can help.

Share me the details
COLUMN
Share me the details

Hyper-personalised experiences blur the line between employee and customer

Change is hard
ARTICLE
Change is hard

Tech transformation requires employee buy-in. Here’s how to earn it.

Digital gold rush
REPORT
Digital gold rush

Finding Australia’s new common wealth: Why ethical AI, human-machine teams, digital identity and diverse perspectives will transform the next decade