Summary

Key regulatory details, made up of company external obligations such as legislation and international standards, are digitised and logged in a Regulatory Universe (RU) Register.  High-risk regulations are unpacked to identify all obligations and create Detail Level Requirements (DLRs) that are logically grouped into themes for streamlining business controls.

Not Knowing What You Don’t Know

Often we have seen companies blindsided by the fact that they don’t know what they don’t know when it comes to complying with the full extent of the legislation, and other external obligations their Board is accountable for. One crucial requirement sitting hidden in a secondary piece of legislation could create a vulnerability at any time that can undermine the integrity of the entire company and bring its Board into disrepute.

A Single Repository Of Crucial Information

So we help companies reduce their cost, complexity and risk by automating key governance, risk and compliance operations in their business, starting with digitising all their regulations that contain statutory obligations that come from regulators, industry bodies and other authorities.  Many of our clients have hundreds of regulations across numerous jurisdictions in which they operate that create significant challenges.

We can help you create an online register of these regulations – what we call a Regulatory Universe (RU) Register – that contains all the reference information needed for processing these records by your staff across your organisation in an automated manner.

Once the RU Register has been digitised, we can then help you digitise all the clauses in the regulations – what we call the Detail Level Requirements (DLRs) – where the nature of the risk requires you to have a more granular approach.  There are thousands of DLRs you can then process and keep under change control at the touch of a button.

 

“IBM estimates over 300 million pages of regulations by 2020 in the Financial Services sector.  Thomson Reuters states that there was a daily average of 216 regulatory change alerts in 2019.  The simple conclusion: every client is out of control unless they master the digitisation of regulatory content.”  

Tim O’Hanlon: founder of TOSMS

 

What This Service Entails

The help we provide takes the form of nine steps that follow two very distinct stages of engagement.

The first five steps deal with the digitisation of the regulations and the establishment of an online Regulatory Universe (RU) Register.  Here is a breakdown of this first stage:

  1. Establish the list of regulations for each jurisdiction
  2. Obtain the official reference document for each regulation
  3. Populate the reference library for the RU Register
  4. Establish Governance Controllers for each regulation
  5. Capture supporting information online for each regulation

The second stage entails four steps that cover the digitisation of extracted obligations into online Detail Level Requirements (DLRs):

  1. Unpack and colour code regulations using our page-turn standard
  2. Capture extracts and create DLRs with links to additional references
  3. Capture penalties, definitions & associated extracts for each DLR
  4. Logically group into workstreams & sign off content with the client

What follows is a description of the two stages with illustrations of the vital outputs that are so important for creating a solid foundation on which the GRC operations can build their efforts for mitigating risk and keeping their company on track.

Digitising the RU Register

Each official statutory reference document is captured digitally in a dedicated client folder and linked to its online content.

While we are helping you create the list of regulations in your RU Register, we establish owners for each regulation by identifying what we call Governance Controllers (GC) who have specific duties to carry out for keeping the RU Register up to date.

There is key information about each regulation that is captured from each source document to provide for processing and change control of all the records created (see the screenshot from the system shown above).

With the digitised information captured, you can then process the hundreds of regulations using the online filtering and sorting capability.

Some of the filters for processing regulations include being able to view records in the RU Register by:

  • Content Groups;
  • Country of Origin;
  • Regulation Owners;
  • Business Unit Groupings; and
  • Regulation selections.

Digitising the DLRs

Once the RU Register has been digitised, we then help you digitise all the clauses in selected regulations – the obligations that you need to comply with that we extract and convert into Detail Level Requirements (DLRs).

This is a crucial step to get right.  We have had auditors and regulators call for evidence to show how regulations have been internalised by our clients.  We have a unique standard we follow that provides an audit trail with full traceability when we carry out the page-turn analysis.

It starts with colour-coding every paragraph in a copy of the source document for each regulation and keeping this analysis in the RU Register library.  Our standard provides a specification of each colour and what  it represents in terms of grouping the content logically.

Clauses that have been colour-coded as obligations, and associated content, are extracted into tables for traceability and audit control purposes.

This is a powerful part of our standard for dealing with the need for integration of regulatory content.

Every extract has a unique reference number that caters for search engine and change control functionality.

Details in the various tables are then converted into DLRs with the use of plain and simple language to deal with legal terminology that may not be easy to understand in the extracts themselves.

During the colour coding exercise, a key step is the grouping together of like content into what we call workstreams.  This allows for the significant streamlining of DLRs so that common themes can be dealt with as one when designing business controls to mitigate the risks, such as disclosures, records management, client servicing, etc..

The final result is a set of logically grouped DLRs with all the necessary supporting information together in one screen layout.

Once you have digitised this content it is possible to start harnessing the power of integration and automation that this services enables.

Request for Information

Should you wish to find out more about this or any of our other Portfolio of GRC Services or Solutions, please don’t hesitate to give us a call or email us.  Our details can be found at the bottom of this screen or under Contact on the main menu.