Managing the risk of regulatory changes

What can companies do?

Given the aforementioned factors, it is important for companies to have effective methods to monitor and evaluate regulatory changes in real time.

The following are some of the methods our clients use to of mitigate the risk associated with regulatory changes:

• Regulatory news sources and alerts through in-house staff: Companies can access regulatory news sources, which report on legislative changes and analyze their impacts. Further, companies can subscribe to and set up alerts for regulatory changes based on their industry, regions, or specific topics such as money laundering, cyber security, or data privacy, to receive real-time updates. These alerts are email notifications sent by regulatory news sources, government agencies, industry associations, legal firms, among others that provide updates on legislative changes.   
  • Benefits: Alerts can be partially customized to provide relevant regulatory updates, reducing the volume of new legislation that in-house staff must read. The updates are also more relevant to the company’s industry and jurisdiction. Additionally, in-house compliance or legal staff have relevant expertise to assist with regulatory tracking.
  • Drawbacks: If alerts are not set-up correctly, or if regulatory news sources are not robust enough and/or regularly and thoroughly read, it can be easy to overlook new or changed legislation. Additionally, there is a risk of error in judgement by in-house staff, which may lead to noncompliance. This method also requires a significant amount of time for users to read all potentially relevant legislation, which can be time-consuming, especially for heavily regulated industries like financial services and healthcare.
• Legal advisors: Companies can hire law firms and regulatory consultants to receive personalized advice on legislative changes and navigate complex regulatory compliance requirements.
  • Benefits: Legal advisors possess extensive knowledgeable in regulatory compliance and can be an asset in understanding newly released legislation and its applicability for a particular company. For example, a legal advisor can track regulatory changes taking a company’s specific operations into account. Furthermore, advisors can provide interpretation and recommend compliance measures for the company to follow.
  • ­ Drawbacks: The cost of hiring legal advisors is a significant factor to consider, as it may not be feasible for many companies to retain legal advisors for long-term periods, specifically to aid in regulatory compliance. Additionally, there is a risk of human error with legal advisors, as with any human-executed task.
• Regulatory tracking software: Companies can use regulatory tracking software that offer real-time, automated updates on new regulations and changes to existing ones. These tools can be customized based on specific regulatory bodies and/or topics and often utilize machine learning to scan regulatory databases and news sources for pertinent information.
  • Benefits: The automation of this typically tedious task saves a significant amount of user time. The tools are customizable, allowing users to filter through the vast influx of data to only legislation that is truly relevant to their operations. Additionally, the centralized nature of regulatory tracking software allows users to view updates from multiple regulators in one centralized location.
  • ­Drawbacks: Some regulatory tracking software may not be user-friendly, leading to difficulties in navigation. Additionally, relevant regulatory data sources may not be integrated into the tool, which leads companies to miss pertinent updates. Unexpected outages can also pose problems. In such cases, companies without proper procedures in place to continue tracking updates may miss pertinent regulatory updates.

These tools help companies to stay up to date, prepare for changes, and ensure compliance with ever-changing regulatory requirements. As presented above, each method has its strengths and weaknesses. 

The rise of technology in tracking changing regulations

Historically, CCOs were estimated to spend approximately one third of their time tracking legislative changes.[1] However, due to a lack of sufficient qualified in-house compliance professionals, many companies have chosen to outsource their compliance function and regulatory tracking, which is typically a short-term solution due to cost pressures. Consequently, companies are seeking cost-effective, long-term solutions to assist with regulatory compliance.

With the increased need for fast, reliable monitoring of regulatory changes, automation tools have emerged to address this challenge. Companies now widely use automated tools to identify, analyze, monitor, mitigate, and report external noncompliance risks. By automating their monitoring of external data sources, companies can comply with regulatory requirements, monitor wrongdoing, develop a more comprehensive approach to data management, and improve overall efficiency.

Moreover, companies can now access the relevant data related to their industry quickly and without adding hours of manual effort to their staff workload. The most effective software solution can crawl the web, collect appropriate data, structure it into a unified data feed, and enable filtering and searching by specific attributes for more granular data analysis.

The advantages of using automated tools for regulatory monitoring and tracking are manifold. First, automating the monitoring process saves time, boosting overall efficiency and productivity. Second, automated tools enable companies to identify and mitigate potential risks quickly, reducing the likelihood of noncompliance violations.

Automation can accelerate the inventorying of regulations, laws, and obligations from global regulatory sources; provide real-time notification of new rules, proposed rule changes, and guidance; track regulation lifecycles; and enable a quicker impact analysis when such obligations change (through a mapping of the regulations to applicable controls).

Consider a new solution (or approach)

KPMG has developed a proprietary regulatory tracking tool that streamlines the regulatory tracking process and addresses the underlying challenges. This tool allows regulatory changes to flow from the initial tracking in the inventory of obligations, through mapping, and to compliance testing and reporting. Like other regulatory tracking software, the KPMG regulatory tracking tool collects regulatory data in real-time and parses the relevant information. However, the KPMG tool provides an end-to-end solution with several additional potential benefits, including:

• Monitor, Prioritize, and Action Dashboard: The dashboard includes an automatic categorization feature that classifies regulatory updates into buckets based on the nature of the content. Additionally, users can then create and assign tasks for the next steps that need to be taken.
• Obligation and Risk Mapping: The tool reads laws, rules, and regulations maintaining an inventory of regulatory obligations and mapping them to an individual company’s risk taxonomy.
• Curated Ingestion: Filters data for identified relevant laws, rules, and regulations reducing the time spent managing regulatory changes.
• Translation: Enhanced translation capabilities that are able to read and translate laws, rules, and regulations in both single-and multi-byte language characters (i.e., ability to translate Roman character-based languages as well as Asian, Hebrew, Arabic, etc. languages), resulting in the elimination of language barriers that impede the adherence of new regulatory changes.
• Red-line parsing: One-of-a-kind logic to track regulatory change by producing a red-line comparison between laws, rules, and regulations currently in effect and those being proposed and/or finalized thus streamlining the regulatory change management process and the identification of those changes.
• Workflow: The tool provides embedded workflow technology to route regulatory notifications to the most appropriate party/parties for review, making it easier and faster to identify changes that may require action.
• Tool integration: The tool has the ability to sync with any existing governance, risk, and compliance tools that are already being used by a company. This allows clients to have a holistic view of any regulatory changes and be able to obtain a greater understanding of any potential impacts to the organization.

Each of these features facilitates prompt identification and comprehension of new or changed legislation and establishes actionable steps towards complying with regulatory requirements. In addition, within the customizable workflow technology embedded in the tool, KPMG uses AI and Gen AI to tag laws and rules to topic categories, extract regulatory obligations, provide legislative summaries, as well as map laws and rules to compliance documents.

In conclusion, the use of automated tools for regulatory monitoring and tracking is a necessity, not a luxury for businesses operating in a constantly evolving business environment. Companies considering adopting technology to stay ahead on compliance requirements can gain competitive advantages in their respective industries.

A plan for moving forward 

Determining appropriate follow-up actions and having a documented procedure in place is as important as promptly identifying legislative changes. To ensure effective compliance and management, companies can establish a policy governance procedure that outlines clear and actionable steps for updating current policies and procedures in line with the applicable regulatory changes. The typical policy governance procedures include the following:

Conclusion 

Companies with effective compliance programs can demonstrate to regulators, auditors, and internal stakeholders their ability to regularly amend policies and procedures to align with regulatory changes. Having clear processes in place that can manage any applicable and relevant regulatory change, gives companies confidence that their key risks are mitigated.

This, in turn, allows senior leadership time to focus on developing business across the world. With proper policies and procedures in place to address new and changing legislation, companies can safely do business in any market in the world.