Alongside "unprecedented" and "now more than ever", "the new normal" has been one of the most oft repeated phrases throughout the Covid-19 pandemic.
But what does this new normal actually look like for regulated businesses? How will it affect compliance and the way compliance teams do their jobs moving forward?
In our latest webinar The New Normal: What Does it Mean for Compliance?, we brought together a panel of experts to discuss Covid-19's long-term impact on compliance and how technology can help.
Here's a summary of the key takeaways.
Businesses need to become more nimble
"From my perspective," says GRC pundit Michael Rasmussen, "the new normal means being pulled in many different directions… There's greater regulatory change happening in a more dynamic environment."
Many organisations, continues Rasmussen, rely on inefficient manual processes or have fragmented systems. This is no longer sustainable.
"I've spoken to companies that have told me 'We have over 20 different policy portals while we have to communicate and update policies such as a home office expense policy, work from home policies, an IP security policy… and they're all changing at once at the same time as market conduct, data protection, and other rules.' That's unhelpful at any time, let alone during a crisis.
"Compliance must be efficient, effective, and agile... You need a singular point of communication… an easy way for staff to access policies and procedures… [and] the right audit trail system. And I think the only way to achieve that moving forward is going to be through technology."
Nirvana Farhadi, Hitachi Vantara's former global head of regtech agrees: "The new normal is going to be a more permanent shift to flexible working arrangements, and that will make mitigating compliance risk quite difficult.
"We're used to relying heavily on training programmes and infrastructural policies and procedures to keep things going, but that's not going to be possible with more people regularly working from home. I think this is going to speed up our timeline and force us to embrace digital transformation more quickly."
Regtech has reached a tipping point
Of course, the case for compliance technology isn't new.
Says Index Ventures' principal Ari Helgason: "There are over 800 regulators globally, and they've been working overtime for a long time. Pre-Covid-19, the pace of regulatory change was already very fast."
Rasmussen agrees:
"Thomson Reuters figures there were 217 regulatory updates a day in 2019. That's a lot of change. Even knowing the law inside out, you won't necessarily be compliant because business processes change and employees move to new roles and take on responsibilities."
That said, Covid-19 has poured petrol over a raging fire. Continues Helgason:
"We've been speaking to CIOs, CEOs, chief risk officers, and other folks impacted by Covid-19. And what they've all said is that, at the beginning of lockdown, they were just trying to keep the lights on.
"Now, we're seeing them move from defence to offence. There's a growing appetite for building long-term resilience. And folks who've been thinking about moving to the cloud are saying 'We need this now, because if this is going to be the new normal — if people are increasingly going to be working from home — we're going to need software that allows us to stay on top of that."
Regulators are getting proactive about tech too
If businesses are realising digital transformation needs to happen sooner, rather than later, regulators are also waking up to it. Case in point, the US Department of Justice recently issued guidance which, according to our panelists, will make the case for regtech even more compelling.
Rasmussen explains:
"The guidance says you need to be able to demonstrate your compliance programme was effective — Who has access to the policies? Who read them? Were they understood? How have you trained staff?
"They want to see what was assessed, dates and times, what has been communicated… and it all has to stand up in court. So you need a foolproof system of record and audit trails."
Regulated businesses, finishes Rasmussen, are unlikely to achieve this without technology. Similarly, in Europe, says Helgeson:
"I'd say the big takeaway for me, is that… the folks that have been most successful at adapting to huge regulatory changes like GDPR, have approached it using automation."
That said, the practical realities of the markets in which businesses operate is also hugely important.
"What Europe proves over and over again," says Farhadi, "is that the infrastructure that's been put in place to adhere to regulations matters.
"It's a simple process [In Europe]. You've got the directives, which each member state has time to implement. But then you've got the regulations where there's no scope for interpretation.
"In the US, things are more complex, because there may be regulations at state level that aren't adopted at federal level. This creates a lot of challenges."
Looking ahead: it's time to take control of compliance
The size of compliance teams' workloads have made it so they've become bogged down by busywork and less able to manage compliance effectively.
"I was talking to one midsize bank here in the United States," says Rasmussen, "and they said compliance staff spend 80% reconciling documents.
"Another company I talked to is spending 200 hours trying to build a compliance report for the board of directors. That's one employee working a full 40-hour week for five weeks to create just one report per year. That is NOT managing compliance, that is reacting to issues"
Technology has the potential to flip this on its head, enabling us to accomplish at the push of a button what previously took months or years. Post-Covid-19, this will be key if businesses are to build resilience in the face of rapid change.
"When we started, everyone kept calling regtech a buzzword," says Farhadi. "Well, we're beyond that. Regtech is here to stay. This is the only way we're going to go forward... it's going to bring agility, and it's going to reduce costs and risk burdens for organisations."
Want to delve deeper into Covid-19's implications for compliance, regulators' evolving approach to technology, and the future of regtech?
Listen to the full webinar The New Normal: What Does it Mean for Compliance?