Regulation can apply to each of our industries in such specific ways—from a liquidity coverage ratio in banking to an ICD-10 code in medicine—that we may sometimes feel the very process of regulatory compliance is unique to our industries too. It isn’t, of course. Regulatory compliance is an experience we share across many ways of doing business.
On October 29, 2014 Deloitte’s Center for Regulatory Strategies invited more than 30 corporate compliance chiefs, regulators and others to use that common experience as a bridge. The Cross-Industry Compliance Leadership Summit was a day-long dive into well-earned wisdom and leading practices across not only financial services and healthcare but also energy, education, life sciences, retail, and other sectors.
Throughout the day, we convened discussions on Building Compliance into Culture and Strategy, Evaluating Compliance Programs, and Managing Regulatory Relations. My colleagues who led each of those interactive sessions have all blogged separately about them, and I invite you to use the links here to learn about some of the discussion highlights.
What stood out most for me were the reports each industry group made back to the whole group after dividing into breakout sessions.
The financial services group told us its members are working hard to leverage leading technology tools and data analytics to add to methods for compliance—and that staffing people with the skills to match is one of their biggest challenges.
In the life sciences and healthcare group, compliance officers told us they are focused not only on program effectiveness but also on how to drive efficiencies within their respective organizations and support their businesses as they continue to grow through M&A as well as new products, services, and markets.
In the consumer and industrial products industry group, participants from various sectors relayed that implementing compliance metrics continues to be a challenge across most sectors. Most companies have basic compliance reporting metrics, but few companies have the infrastructure in place to advance to truly strategic compliance metrics. In most cases, companies are using a portfolio of desktop applications and GRC-related tools that contain disparate data repositories that need to be linked and analyzed in order for further progress to be made.
Finally, the energy and resources breakout group told us its members are waiting for performance to catch up to promises in areas like GRC, and that a mix of outliers and private indices continues to characterize the metrics different companies use to chart compliance. They told us it’s a challenge getting regulatory culture to permeate from top to bottom in an organization, and they are looking at celebratory models to encourage people to do their part.
Overall, the day resulted in a gratifying level of agreement. We learned that our problems and solutions across disparate industries are more common than we think. And together, I feel our guests and panelists reinforced a 360-degree approach to regulation and compliance. It’s about rules and metrics, but also about culture and relationships. It’s a complex job that requires its practitioners to keep up with the latest tools. Finding the right balance in interaction with regulators is a challenge and the right approach is often based on the unique circumstances of each regulated company.
The evening before we convened our summit, NASA’s Bill McArthur gave a talk to our group. He’s a veteran of four spaceflights, including more than six months as commander of the International Space Station in 2005 and 2006, and today he works at the Johnson Space Center as Director of Safety and Mission Assurance.
In Bill’s stories about daring exploits in orbit, he found a common theme: Complying with rules isn’t about keeping us from doing risky things. The rules are there precisely because some risky things are worth doing. What we need is a way to reconcile the risk and the benefit so we know how to move forward.
As it turned out, that set the perfect tone for the following day’s dialogue. Compliance isn’t a contest with winners or losers. It’s a process that works best when everyone involved brings his or her best to the table.
Posted by Tom Rollauer on February 19, 2015.
|Tom Rollauer is the executive director of Deloitte’s Center for Regulatory Strategies.|