Companies can't do regulatory compliance accurately without doing the technology accurately, and they can't do the technology accurately without doing the regulatory compliance accurately.
This is according to Candice Holland, director of the Risk Advisory Practice at Deloitte SA, speaking yesterday at ITWeb's Governance, Risk and Compliance 2017 conference in Johannesburg.
Holland explained how technology, through automating reporting systems, simplifies an organisation's management information process, ultimately allowing easy management of reports to the regulator and stakeholders.
"From a regulatory perspective, there are many things that organisations can do to understand how to deal with data before they implement a technology solution," she noted. "Many regulatory compliance initiatives involve the collection and maintenance of various data types, often with similar data fields required. However, the lack of integration between regulatory requirements and technology systems results in insufficient data fields which cannot capture mandatory data required by regulations."
Regulatory complexities and the constant changing of regulatory requirements drive constant system modification, which requires further integration between systems.
Holland referenced the Financial Intelligence Centre Act, which requires people to keep a long list of different data fields and different evidentiary documents that support those data fields.
"Then came the National Credit Act, which also had a list of regulatory requirements and then most recently we saw the introduction of the POPI Act, which teaches businesses how they should be treating their data. Over the years, we have seen how some of these laws focus on how organisations should collect data, while others focus on how the data should be processed, stored and destroyed."
Organisations with a global footprint are faced with more complexities, as the privacy legislation in one country is different to the next, and these organisations would need to understand which laws they are compliant to, especially if their business involves transfer of information, Holland pointed out.
"So there are all these layers of regulation that should be impacting how organisations design their technology systems and how they achieve their end goal - complying efficiently to regulatory requirements. Through adequate use of technology, organisations are able to use it to their competitive advantage as automated systems are able to report which data fields are missing and which data is incorrect."
Therefore, compliance professionals play a pivotal role in looking at the legislation, understanding the organisation's regulatory environment and being able to put these things together where true value will be added through compliance.
Share