There are some key focus areas that have been brought to the fore by the pandemic, especially communication surveillance given recent announcements by the FCA on the subject of monitoring home working users as effectively as those in the office environment. Others continue to be a priority focus, including, AML/KYC, regulatory horizon scanning and Regulatory reporting.
These are the big subjects that you often see splashed across the press/LinkedIn. They are all very important, but they often take up all the space and eclipse others. Sometimes the smaller pieces get lost amongst these items. Take policy management.
On the face of it, who needs a policy management system? Surely, a waste or luxury for all those valuable change budget $/£/€? After all, it can't be that hard, right? You just write a document, get it reviewed and approved, store it somewhere centrally and send it out to your staff then periodically update it when regulations or processes change. Easy.
Word hell when it comes to policy management
Let's take a look at word processing packages like MS Word. It has an extraordinary amount of functions that, on the face of it, appear to allow you to produce a policy document; capture versions, share with others, collect comments and overall provide some structure via a universal template.
Unfortunately, it doesn't really play out that way. Instead, you're probably more familiar with the following scenario:
- You email a policy created in Word to colleagues to review
- You then receive multiple versions of the Word document by email from reviewers all with suggested changes you should make; some in tracked changes, some in the body of the text, some in different fonts and colours, some even return their response in paper with handwritten changes!
- Even if some reply with a 'reviewer' version of the document, all nicely marked up, you still now have 5-8 separate documents to merge into your master version
- Late reviewers reply to versions that are now several versions behind
- You are now juggling so many versions and you're not sure exactly which is the latest
- The final approval of the document comes in the format of emails, telephone calls, PostIt notes, printed paper copies with 'approved' written on the document pouch
- In the midst of all of this, some fundamental changes come in and you have to start re-writing it all again
- Finally finished, someone in the front office tells you that they don't read policy documents as they are too long, boring and they don't even know where they are stored (someone actually told me this once)!
The regulatory landscape is changing continuously as regulators worldwide pour out more and more changes. These changes can also have an impact across multiple policies and so the above scenario becomes even more complex and frustrated. It is not unheard of for organisations to take 6-9 months to get policies through their internal processes.
Is this acceptable? Probably in the 1980s, but in the 21st century, not really.
We need an agile and effective policy management system. Or do we?