RegTech: Evolution or revolution?

Digital technology is having a big impact on risk management and regulatory compliance in financial services. And it’s not just hype. By harnessing the power of risk & regulatory technologies (RegTech)—which includes innovations such as artificial intelligence, advanced analytics, and robotic process automation—financial services firms are boosting their risk management and compliance capabilities and quality while dramatically reducing the required time, cost, and effort.

RegTech might not sound particularly new or revolutionary – after all, financial services firms have been using technology to automate their processes for decades, right? However, the level of sophistication that is possible today—as well as the resulting impact and benefits—is much greater than in the past.

Continue reading “RegTech: Evolution or revolution?”

What is the role of compliance in battling cyber risk?

Cross-Industry Compliance Leadership Summit eyes the intersection of two disciplines

“It’s called the cloud,” Deloitte & Touche LLP Principal Julie Bernard remarked. “It’s not called the vault. Keep that in mind.”

Bernard and Deloitte & Touche LLP Managing Director Susan Ameel moderated a session at Deloitte Advisory’s recent Cross-Industry Compliance Leadership Summit about the ways compliance and cyber security meet, and how the executives responsible for those areas might benefit by coordinating their efforts.

Many of the industries most subject to cyber attacks are also among the ones that have the most sophisticated regulatory and compliance obligations. Financial services, energy and utility companies, health care organizations, defense and aerospace – they all have to safeguard their own sensitive data, their customers’ information, or both.

Continue reading “What is the role of compliance in battling cyber risk?”

So be good, for goodness’ sake

Predictive technology can help employers find the roots of both personal and corporate noncompliance. Where are the ethical boundaries?

As data-gathering and analytics technologies amass more and more ability to squeeze information out of what may feel like thin air, employers face new questions about using these tools to predict and detect behavior. “Can” vs. “can’t” isn’t the only frontier. There’s also “can” vs. “should.” At least one participant in Deloitte’s Cross-Industry Compliance Leadership Summit described themselves as “slightly aghast” at the possibilities.

In addressing the summit, hosted by the Deloitte Center for Regulatory Strategy Americas, Deloitte & Touche LLP Advisory Principal John Lucker said that whatever the benefits of predictive technology, one thing organizations “shouldn’t” do is allow the perfect to be the enemy of the good.

Continue reading “So be good, for goodness’ sake”

Ethics has a strong business case, but measurement is less certain

Cross-Industry Compliance Leadership Summit explores corporate behavior

Are a “culture of ethics” and a “culture of compliance” the same thing? How does an organization build an ethical culture, and how can it measure the results?

At the recent Cross-Industry Compliance Leadership Summit hosted by the Deloitte Center for Regulatory Strategy Americas, New York University Professor Jonathan Haidt suggested there is a method corporate leaders can use to tackle these questions – and he compared notes with compliance executives who tackle them in real life every day.

Haidt is a social psychologist and author of the New York Times bestseller “The Righteous Mind.” His view is not only that there is a business case for ethics beyond “ethics for ethics’ sake,” but that large organizations can design ethical systems by working from the individual level on up. And he says the practice of measuring ethical culture is evolving.

Continue reading “Ethics has a strong business case, but measurement is less certain”

Compliance to power performance

As demands on the compliance function continue to increase in an era of enhanced regulatory scrutiny, data from the 2016 Deloitte Insurance Ethics and Compliance Survey demonstrate a correlation between financial performance metrics and the maturity levels of insurance and ethics programs.

Continue reading “Compliance to power performance”

A closer look at a new anti-discrimination rule

Putting the ACA’s Section 1557 into perspective

Posted by Tom Delegram, Deloitte Advisory managing director, Deloitte & Touche LLP and Karolyn Woo, Deloitte Advisory principal, Deloitte & Touche LLP on August 17, 2016

A key anti-discrimination section of the Affordable Care Act (ACA) went into full effect this summer, which has potentially significant cultural and operational shift for organizations across the healthcare payment and delivery system.

The portion of the law, Section 1557, prohibits discrimination on the basis of race, color, national origin, sex, age, or disability in any health program or activity that receives federal financial assistance. Section 1557 also applies to any program or activity administered by an executive agency or any entity established under Title I of the ACA or its amendments.

The US Department of Health and Human Services (HHS) finalized the rule for Section 1557 in May 2016, with the rule becoming effective on July 18. For health plans, the regulation will have an impact on benefit design for the upcoming plan year. Continue reading “A closer look at a new anti-discrimination rule”

Impact of updates to the CFPB “Know Before You Owe” mortgage disclosure rule

Posted by John Graetz, Advisory principal, Deloitte & Touche LLP on August 12, 2016

The Consumer Financial Protection Bureau’s (CFPB) “Know Before You Owe” mortgage disclosure rule became effective in October 2015.  During the implementation of the rule, financial institutions encountered scenarios where the path to compliance was complex and resulted in uncertainty on the part of lenders and vendors, as well as additional costs due to revised disclosures.  On July 29, 2016, the CFPB proposed1 updates intended to formalize guidance on the rule and provide greater clarity and certainty in four key areas as follows: Continue reading “Impact of updates to the CFPB “Know Before You Owe” mortgage disclosure rule”

New file layouts, test procedures call for vigilance in preparing for CMS audits

Posted by Tom Delegram, Advisory Managing Director, Deloitte & Touche LLP,  and Jack Scott, Advisory Managing Director, Deloitte & Touche LLP on August 1, 2016

Health plans that participate in the Medicare Advantage (MA) and Part D programs should already be preparing to adapt to a large number of potential changes to the data and testing protocols the Centers for Medicare and Medicaid Services (CMS) uses during its audit process. CMS released the draft 2017 audit protocols in June 2016 and the comment period for the proposed changes extends until August 12, 2016. The rules may not become final until late in the calendar year, but there are steps plans can take now that will help them prepare for the 2017 audit season. Continue reading “New file layouts, test procedures call for vigilance in preparing for CMS audits”

Your vendor’s keeper–managing compliance risks in the extended enterprise

Low-angle view of hospital sign

Extended enterprise risk, or third-party risk, is a significant concern at most large organizations. One compliance executive recently said that according to his organization’s regular internal surveys, third parties pose at least double the risk of any other risks they measure. Yet this is a variety of risk over which organizations tend to have less control. What practices can help manage it?

That conversation was part of the recent Cross-Industry Compliance Leadership Summit that Deloitte hosted at Deloitte University. At the event, which gathered risk and compliance leaders from industries like health care, entertainment, financial services, consumer products, and retail, I moderated a discussion about the challenge of managing third-party risk. Because companies in different industries use and relate to vendors in different ways, there were a variety of stories. But a few common leading practices stood out.

Continue reading “Your vendor’s keeper–managing compliance risks in the extended enterprise”

Compliance risk management starts at the top, but depends on the front line

Low-angle view of hospital sign

Compliance would be easy—well, easier—if the Chief Compliance Officer controlled all of the business processes that create compliance risks for the organization.

In the real world, the decisions and actions that add up to compliance happen all over the organization. Business leaders make decisions while balancing multiple concerns and competing objectives. It isn’t a surprise to any seasoned CCO that compliance isn’t always the top priority. As a result, it’s up to the CCO to understand the business and to exert influence over those decisions that drive critical compliance risks. And if that isn’t hard enough, CCOs also need effective processes to identify and measure those risks on an ongoing, real-time basis.

Continue reading “Compliance risk management starts at the top, but depends on the front line”