Intelligent GRC (iGRC) and Compliance Automation

Intelligent GRC (iGRC) and Compliance Automation

  • Nov 16, 2019

While interpreted differently in various organizations, traditional GRC classically incorporates activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations. While the conventional GRC system is a significant step in the right direction for governance and risk management, a more robust GRC is needed to handle the increasing global regulations and critical business processes. This level of regulatory supervision and erudite business processes require an Enterprise GRC ecosystem that spans across and aligns with enterprise business operations. As a result, we see more and more organizations initiate programs to design enterprise GRC ecosystems that include a sophisticated regulatory change management taxonomy. Global regulations are ogling all industries in the face and negatively impacting their operating budgets. The roles of the C-level executives must change to effectively have oversight and insight of the business and its governance protocols. Business executives must have systems and technologies in place to receive accurate and timely insights into regulatory events to address regulatory matters. Do you think enterprise GRC ecosystems are needed? What are your thoughts?


Looking at Regulatory Situations By Industry
Financial Services.  The 2008 global financial crisis embodied a crucial time that unglued preceding stages of the development of financial technology (FinTech) and regulatory technology (RegTech) from the current paradigm. The financial services industry is normalized and branded by unparalleled regulatory dimensions and complexity. Capital requirements, cybersecurity, privacy, data protection KYC, AML, securitizations, leverage, and supervisory reporting, have increased, in efforts of keeping financial services firms solvent in a crisis. While the simplified language concerning the requirements appears simple, the regulatory requirements are stringent and financial services companies, both small and large will struggle to meet this year’s deadline.  Why? According to a previous Thomson Reuters compliance maturity assessment report, resources and talent are insufficient to handle the regulatory demands. FinTech and RegTech have morphed themselves as potential solutions to solve the regulatory change management issues; however, FinTech and RegTech come with another set of problems for both, regulators and financial services industries. For FinTech and RegTech to effectively drive down regulatory costs and reduce headcount needs, the regulators themselves must develop a robust framework that promotes innovation.  I’ll tell you the innovative solutions below.
Healthcare. The Healthcare industry is no stranger to regulatory and risk management requirements either. In fact, Healthcare companies are attractive targets for hackers, which is why the HIPAA regulation requires them to have security policies and to monitor and respond to security incidents in a timely fashion or risk enforcement by the Department of Health and Human Services’ Office for Civil Rights’ (OCR).  Two thousand sixteen was the year the OCR started to ramp up HIPAA compliance audits and enforcement, including those on Business Associates. I don’t think the OCR will stray away from their plans of enforcement, especially since the reviews are essentially self-funded by fines the OCR collects from violations.  The OCR collected nearly $27M in 2016, not to mention Anthem alone paid a hefty $16M in 2018. For risk and compliance teams in the healthcare industry must take proactive measures to stay prepared for these types of regulatory audits. This audit readiness includes enterprise processes, i.e., cybersecurity, privacy, data protection, operational compliance with various agencies, which is consistent across these two verticals.
Cannabis. “Let the high times roll.”  Ten states have already legalized recreational and medical use of marijuana, and many owners of these dispensaries have developed the “high syndrome” – meaning customer highs, high prices, high revenues, and high volumes that have placed many of them in the fortune levels, with revenues topping $500M.  Sounds great and who won’t be tempted to do business in all cash and from a B2B perspective, get paid in cash?  Before you go applying for a license to sell CBD and its big brother THC, be aware that this industry is heavily regulated and controlled. The regulatory requirements range from a strict application, physical security, operational, manufacturing, public use, delivery of goods, operating capital, and many others.  Most of the states that have legalized recreational use, as well as Canada Australia, have a common theme.  In every cannabis regulation that my team has interpreted, there is at least two hundred pages of strict regulatory requirements. It is imperative that cannabis business owners implement regulatory and risk management frameworks as other industries are doing.  The cannabis vertical is a lucrative one, and I hate to see honest-hardworking businesses receive the placard that says “Permanently Closed”!
The Solution. We discussed two important concepts above – FinTech and RegTech.  While these concepts are prevalent in the financial services verticals, RegTech is becoming increasingly popular in other industries, like Healthcare.  Integrated Insights and Intellimation, I3Mation for short, supports the use of these concepts. While most organizations map the concepts to digital transformation efforts, we take the models to deeper learning levels by incorporating Automated Neural Networks (ANN).  Our Automated Cognitive Compliance Platform (ACCP) is powered by ANN to provide sophisticated models and algorithms to automate more than 60-70% of the regulatory compliance process. The artificial intelligence, machine learning, and robotic process automation solutions can perform turnkey functions from ingestion, legal interpretation, mappings of risks to controls to policies/standards to business processes, evidence collections, and conduct compliance validations in a fraction of time compliance teams can achieve.  We use cognitive RPA to perform mundane operations while applying ANN on more sophistical transactions with accuracy and insights.  The critical takeaway from this blog is the need for a more comprehensive enterprise GRC ecosystem combined with automation and intelligence.  At I3Mation, we call it the Intelligent GRC (iGRC) model. This model puts the future of your business processes – here now!
I want to hear your thoughts. Enjoy Dr. Primus C. Neural The RegTech Scientist I3mation.com