A rapidly changing business world with a continually shifting regulatory landscape means every major organization now must navigate a labyrinth of rules and regulations. Indeed, one of the biggest risks to businesses today is that of compliance failure. In addition to regulatory compliance, which is a significant challenge, businesses must maintain operational compliance with the terms and conditions of their contracts (both buy-side and sell-side) as well as maintain operational compliance in governing a company’s own internal processes. To top it off digital businesses must maintain data privacy and security compliance with major data protection legislation like the EU’s GDPR and upcoming California Consumer Privacy Act.
While bad actors using technology have necessitated much of today’s strict regulations, technology itself can serve as a remedy to the compliance challenge. In fact, many global enterprises and corporations have successfully automated compliance and serve as a model for organizations struggling to keep up with the massive burden.
Below we’ll provide a closer look at each type of compliance and how some businesses have employed enterprise software to automate key processes that reduce compliance failure risk.
We will begin with regulatory compliance, which includes strict government regulations like Sarbanes-Oxley (SOX), HIPAA, and other industry or state-mandated rules. The first step in automating regulatory compliance is to audit your current contracts and ensure they have the appropriate clauses related to data privacy, arbitration, confidentiality, or other regulations that affect your business. Once you’ve identified the gaps, your legal team can update the contracts with the appropriate language and contact any third-party signatories.
This process is relatively straightforward if you have your contracts in digital form in a central repository which can be easily searched. If your contracts are not in digital format, it is going to be an incredibly time-consuming. So, our recommendation is to kill two birds with one stone and convert to digital format before beginning the audit.
Of course, the bigger the company, the more complex and daunting compliance becomes. One of the largest publicly traded energy companies in the world, Chevron, automated their compliance with custom-built workflow automation that documented everything required by SOX and the corporation’s internal policies. With full auditability built into the configurable platform, Chevron maintains compliance with today’s regulations but is also agile enough to quickly adapt to future regulatory policies. Read more about Chevron’s automated compliance here.
Operational compliance relates to the terms and conditions of your contracts and could be thought of as operational risk. Facebook’s Cambridge Analytical Scandal (which was a whopping $150B compliance failure) is a cautionary tale of what can happen, but for most companies, the risk is more around revenues and expenses.
As a basic best practice, your contracts should clearly define performance obligations that your contract lifecycle management (CLM) system can track and manage. A simple example is payment terms. Most companies have payment due dates in contracts with penalties for missing the deadline. But how many companies track those late payments or even enforce the penalties? If your customer declines to renew its contract, is there an automated mechanism by which they are invited to tell you why and through which you can collate and analyze this data? If your CLM does not provide this through customer and/or vendor portals is it really delivering its full value as a CLM system?
On the supply side, one of the most common forms of operational non-compliance is overpaying due to not keeping track of volume or other discounts negotiated in the contract. Of course, putting performance metrics in place is the easy part. The hard part is matching real-world behavior to contractual obligations and taking timely action. Doing this is impossible without automating contract management.
A good example of a comprehensive approach is OB Hospitalist Group, a provider of healthcare services with more than 120 programs covering 560 doctors in 28 states. Keeping track of the expirations and renewals in contracts associated with hundreds of vendors and ensuring that discounts were being applied and obligations met was a massive overhead. And on the revenue side, matching insurance payments against the services delivered was equally daunting.
When the hospital group automated its CLM, the system delivered accurate, up-to-date cost and renewal information, eliminated overpayments, and provided visibility into their revenue cycle. The result has been not just cost savings and better use of resources. It has also contributed business insights that have helped it make better strategic decisions and continue to grow profitably. Read more about how Ob Hospitalist Group automated their vendor and contract management here.
What about GDPR compliance?
While GDPR and the California Consumer Privacy Act (CCPA) could fall under the category of regulatory compliance, data privacy is so vital today that it warrants its own category. After all, what’s the point of automating compliance and CLM if you put your customer and company data at risk?
To ensure compliance with data privacy and protection regulations, companies must deploy advanced platforms that are highly secure with advanced permissions that permit the data owner to access its own data and also to delete its data at any time. This can only be accomplished with field-level permissions that are protected through state-of-the-art two-factor authentication with all data and connections fully encrypted. For compliance, the system also must be fully auditable, which means every view, edit, and deletion must be documented automatically. Read more about what GDPR means for today’s data-based commerce in this white paper: “GDPR: What You Need to Know.”
Do you have questions about how you can automate your organization’s compliance? Click here to set up a chat with one of our compliance automation experts or read more about compliance on the Agiloft blog.