Automatically monitor regulatory updates to map to your internal policies, procesures and controls. Learn More

1558 Enforcement Actions in the U.S. over past 30 days


FTC enforcements decreased 55% over the past 30 days


SEC issued enforcements: $37,812,859 over the past 30 days


50 Final Rules go into effect in the next 7 days


49 Mortgage Lending docs published in the last 7 days


1670 docs with extracted obligations from the last 7 days


new Proposed and Final Rules were published in the past 7 days


11906 new docs in within the last 7 days


Considering RCM Solutions?  Here’s an RFP to get started.

NEW BRANDING Blog Post and Advisor Templates 2 1

A global pandemic, economic turmoil, and a series of far-reaching, consumer-privacy regulations enacted in response to high-profile data breaches have combined to create a regulatory landscape that is constantly in flux. 

The trouble is that in the early stages of responding to widespread societal changes, various jurisdictions and regulatory bodies tend to act in isolation. Thus, their mandates are often out of alignment, creating confusion for the already overworked compliance teams in heavily regulated industries. 

Even so, legislators and regulators tend to ignore compliance stresses, believing that businesses can easily meet higher standards, largely due to the perception that technology can plug the gaps. This is true, but only to a point. 

Technology can indeed help businesses stay ahead of the regulatory curve, but to consolidate the gains that technology can drive, businesses must also train their employees to embrace the novel, streamlined workflows to keep up with the accelerating pace of regulatory change. 

Can agile methods work in heavily regulated industries? 

One tactic businesses have created for coping with chaotic environments has its roots in the software community: agile development. Back in 2001, 17 developers who were frustrated with the waterfall method of software development released the Agile Manifesto. The authors based their approach to development on these four foundational values: 

  • Individuals and interactions over processes and tools
  • Working software over comprehensive documentation
  • Customer collaboration over contract negotiation
  • Responding to change over following a plan

At first glance, these core values seem to be a poor fit for heavily regulated industries. Valuing “working software over comprehensive documentation,” could roll you behind the eight-ball come audit time. Auditors will want to see “comprehensive documentation,” after all. Similarly, auditors value “following a plan,” regardless of the amount of change in your industry. 

While agile methodologies may help businesses stay aligned with rapidly changing market conditions, the perception has been that those same methods, if applied to compliance, will leave your organization exposed to heightened risks. 

Agile versus compliance creates some obvious contradictions. Agile is intended as a method to prioritize customer needs and streamline development. To oversimplify, agile requires a “ready, fire, aim” mentality. “Working software” that is good enough, but no better (ready), is released into the market (fire), so customer feedback can guide the next stages of development (aim). 

In heavily-regulated industries, on the other hand, “ready, fire, aim” is a recipe for disaster. Auditors expect a thought-out compliance plan and documentation that shows how well your organization has stuck to that plan. 

Will the high cost of noncompliance drive heavily regulated businesses to agile? 

What gets lost in discussions of business tactics and compliance is the fact that regulatory frameworks function as the infrastructure of free markets. It’s not just supply and demand that move markets. As regulatory frameworks change, markets change with them. In recent years, three major changes have occured that enable businesses to bridge the agile-compliance disconnect. 

First, according to a 2018 study by the Ponemon Institute (commissioned by data-integration company Globalscape), noncompliance is now nearly three times more costly than complying with industry mandates. Ponemon found that the average cost of compliance for companies with 5,000 – 25,000 employees is $5.5 million, while the cost of noncompliance averages an eye-popping $15 million, and this figure doesn’t factor in penalties from not complying with new consumer privacy laws, such as the GDPR and CCPA. 

On average, companies that don’t invest in the tools and people necessary to meet regulatory requirements spend more than $9 million annually than their compliant peers. That’s a massive competitive disadvantage.

Second, modern compliance software has evolved away from separate, monolithic platforms that lock data into silos to modern, cloud-based RegTech software that leverages AI, Big Data, and Machine Learning to create a “ready” state that is leagues beyond the “aimed” state arrived at through legacy tools and tactics. Thus, switching from siloed suites to on-demand services gives businesses the ability to measure time to value in hours, not days or weeks. 

Third, while Compliance Officers may still be wary of agile methods, other business units have seen their compliance obligations rise. In fact, a 2016 study by the Project Management Institute found that 62% of agile teams must now cope with compliance issues. For teams that already embrace agile, such as DevOps and cybersecurity, agile then becomes the default method to tackle new challenges. When these teams successfully execute agile compliance on a small scale, their efforts create a proof of concept that can guide other business units as they adopt agile processes. 

How heavily regulated industries can leverage agile for continuous compliance: 5 steps

If your business is struggling to keep up with regulatory mandates, the first step towards clawing back that $9 million cost for noncompliance is to formulate a plan. If you follow the five steps listed below, you’ll be able to leverage agile workflows to scale up your compliance efforts quickly: 

  1. Create a compliance lifecycle that incorporates agile-based continuous improvement methodologies 
  2. Clearly define roles, so you know who is responsible for what
  3. Establish clear KPIs and auditable goals. Should auditors knock on your door, the data that serves as the foundation of those performance indicators and helps you define (and redefine) goals will also demonstrate your ongoing compliance efforts.  
  4. Identify repetitive, labor-intensive workflows and offload them to modern tools that can automate those error-prone processes, such as modern RegTech software
  5. Measure results, incorporate feedback from all stakeholders (data owners, developers, business leaders, auditors, etc.), and adjust your process over time to ensure continuous compliance

In a regulatory environment characterized by constant change and increasing complexity, compliance is an ongoing process. With new far-reaching consumer privacy regulations, such as the GDPR and CCPA, impacting businesses of all sizes, the time to modernize compliance programs is now. After all, waiting could cost you. . . millions.

Tags: , , ,