I recently had the chance to visit with two representatives from GAN Integrity, Inc. (GAN) Peter Chang, Head of Customer Success, and Martin Albertsen, Chief Technology Officer (CTO), for a five-part sponsored podcast series that will run next week on the Compliance Podcast Network. I visited with Chang on how to construct a connected compliance program and with Albertsen on the role of technology in a connected compliance program.

Chang noted that while many organizations have a good idea of whether their compliance processes are connected or not; an independent third party such as GAN can provide some different perspectives. The first is insight into what other customers in the compliance space are doing and what GAN sees out in the larger compliance arena. This means that while most compliance practitioners understand that some portion of their system is automated or even connected, GAN can elevate their current situation by showing some of the best practices that others are doing or identify issues the customer may not be observing. This can provide what Chang characterized as “some low hanging fruit” for quick and easy compliance wins. Finally, Chang and his team can provide advice in terms of what an organization can do to make sure that their systems are connected and that they understand the immediate benefits derived from doing so.

Chang said that an analysis usually begins with the size of the organization. As with everything around a best practices compliance program, there is no one size fits all. This means for every company, type and size, there are varying degrees of connected systems. Unfortunately, the larger the company, the more complex the situation usually is going into the process. Chang stated, “For a company of under 10,000 employees, there’s usually not a ton of different systems in place. This means making the connection between the systems is not going to be a huge undertaking.” However that situation quickly changes if the company is moving up towards 100,000+ employees. In those situations, “there’s typically multiple systems and companies may have different iterations of systems obtained through acquisitions. This means there maybe multiple HR systems, multiple ERP systems and can make connecting them for the compliance program a lot more complex. So depending on the size and type of customer that we interact with, we would probably parlay a different type of solution for them.”

It is incumbent on organizations to think through what they are trying to achieve. A basic question to connected compliance is what are the metrics your organization would like to measure? Chang provided the following example: “does the company want to track the lifecycle of a particular vendor or employee? Would it be throughout the lifecycle management of this vendor or person? Would it be through the different programs they had with the company? Finally, what are the things that are detrimental to the reporting aspect that you are looking for?”

This really unearths the true goal, which is to demonstrate that properly focused compliance can increase business efficiency and enhance overall profitability. This is not simply a compliance focused solution, but rather an efficiency focused solution by bringing greater conducted analysis and then developing a set of bespoke metrics tailored to the company. This allows more than simply the Chief Compliance Officer (CCO) to determine what is working and what is not so that you have a roadmap to improve going forward.

This brings up another problem for both compliance functions and other corporate disciplines, because there can be so many disparate systems, that there is no “single source of truth” or facts within an organization. A company can have multiple master data inputs, vendor and ERP systems. Chang said in such a situation, “we really rethink our approach about why the customer has these systems. From there can you identify, where the single source of truth can be found. From there you have to move to a focus on consolidating those systems. This is the first step of having a well-connected compliance process.”

Chang concluded by noting this process is something which resonates greatly with GAN’s customer base. Yet, at the end of the day, the system itself is only going to be as good as the data input and the people using it and reporting on it. This requires a strong level of consideration about what it really means to be connected. As Chang said, your organization must “think about what is most important to them. This is the first step to being able to configure a company to a manner that makes sense for the company.” The key is that the vision must be aligned.

As you might expect, Albertsen brings tech focus to connected compliance. Yet, he began by articulating that technology must work for you and not the other “way round”. This maxim has led many compliance practitioners (and others) to persist in using now-outdated low-tech solutions to compliance such as spreadsheets, SharePoint and other tools that may have been innovative when developed but now are seen as continuing to add inefficiencies to the business process of compliance. Albertsen phrased it in another way, saying its “all about the productivity and also being delighted with the solution that you’re using. It’s important to put design and usability front and center.”

I asked Albertsen what a CCO or compliance professional should look for in a connected compliance tech solution. He said, “first of all, both compliance programs and compliance technology change. This requires the compliance officers to be able to adapt to that change. If the compliance officer wants to be successful and be enabled by technology, they need to work with a product that’s flexible and able to adapt to change. For the technology itself, the synergy does need to be highly configurable and those configurations should not be long as several months development projects.” Albertsen believes there should be configuration options in the solution and that should be something that the technology solution provided takes care of for them.

Next the CCO and compliance professional should consider technological solutions which can expand beyond one specific task to make a more efficient overall business process. There are multiple opportunities for increased efficiencies in business processes through connected compliance. Albertsen noted there are opportunities for integrating compliance management all the way into other systems like the procurement, ERP or Contract Risk Management (CRM) systems. This can move compliance from being a little side branch to a key and proactive part of the business processes. It allows the CCO to shine and expand the compliance footprint in the organization.

Albertsen also said a CCO should look for unification in a tech solution. By this he meant that a customer should have a seamless experience from the sales perspective to the design perspective to the implementation and execution perspective. From the regulators perspective I would add that adaptability to a changing risk profile is a key ingredient to bake into your technological solution.

Their two perspectives were outside the usual legal trained compliance officer perspective. Yet their professional backgrounds lend themselves to properly understanding compliance as a process that can lead to greater business efficiencies and, at the end of the day, greater profitability.

This publication contains general information only and is based on the experiences and research of the author. The author is not, by means of this publication, rendering business, legal advice, or other professional advice or services. This publication is not a substitute for such legal advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified legal advisor. The author, his affiliates, and related entities shall not be responsible for any loss sustained by any person or entity that relies on this publication. The Author gives his permission to link, post, distribute, or reference this article for any lawful purpose, provided attribution is made to the author. The author can be reached at tfox@tfoxlaw.com.

© Thomas R. Fox, 2019