Bloomberg BNA’s Corporate Law & Accountability Report is available on the Corporate Law Resource Center. This news service keeps corporate practitioners informed of legal developments of...
By Michael Greene
Oct. 29 — To effectively manage governance and risk management issues, organizations need a “federated approach” to compliance, according to Michael Rasmussen, chief pundit for governance, risk management and compliance with GRC 20/20 Research, LLC.
Compliance issues are often distributed to various roles and departments within an organization, and there should be a common architecture that allows these departments to share information and resources, he said. Only a federated approach, as opposed to a centralized or scattered approach, can pull this off.
Rasmussen spoke Oct. 28 at the Network's “Compliance By Design: Federating the Disconnected Silos of Compliance” webinar.
According to Rasmussen, the two greatest challenges that organizations will face in the next decade are staying compliant in a changing regulatory environment and managing third-party risks.
Organizations will need operational compliance to combat these challenges, he said. “Regulators are tired of paper-based compliance programs,” he said, which means that regulators want to know how organizations are operationally compliant—not just how they document compliance issues.
To meet this criteria, the policy must be understood within the organization, he added.
Rasmussen also mentioned that more compliance programs are moving out of legal department because often there is conflict between a legal department's duty “to deny and protect” and compliance's duty to “discover and fix.”
Compliance is a very “distributed function,” Rasmussen explained.
Accordingly, centralized approaches to compliance do not really work, he said, because different groups lose visibility and focus, which can lead to disasters.
Moreover, although organizations may have chief compliance officers, they are probably not “truly responsible for all of compliance.” Instead that role is focused on big picture, enterprisewide issues, he said.
Therefore, most organizations have decentralized approaches to compliance—i.e., “scattered silos of compliance,” Rasmussen said.
But these departments often do not collaborate, which leads to wasted resources, and these silos are often disconnected and “do not see the big picture” of compliance risks and exposures, he said.
Accordingly, Rasmussen said that organizations need a “federated approach” to compliance.
In this approach, different groups within the organization share services, technology and information that can be used in different ways.
Organizations can “harmonize and rationalize” their enterprise and local business units levels under this approach, he said.
Rasmussen noted that organizations might still have visible compliance leaders that organize and ensure everybody is working together.
However, what is most important is that the organization create a compliance architecture, he said.
This architecture creates a framework where all the different compliance roles can come together for strategic planning and information sharing.
To pull this off, organizations need technology that enables this framework because organizations are often buried in documents such as e-mails and spreadsheets that are difficult to produce and share, he said. This allows organizations to become intelligent in managing compliance issues across many departments sharing the same architecture.
To contact the reporter on this story: Michael Greene in Washington at email@example.com
To contact the editor responsible for this story: Ryan Tuck at firstname.lastname@example.org
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)