Regulatory Compliance and Risk Management continue to be focal issues in the board rooms of our financial institutions.
Instead of the old ‘once every 12 month’ activity that made sure Compliance was met, the new direction is now toward ‘continuous compliance’. Instead of silos of people with spreadsheets that list out the checklist of regulations, there is now a need for centralized data stores that record substantiating proof and history on the issues.
This evolution has spawned new terms for us to learn. This is OK, actually, because it helps us to wrap our minds around the issue.
One term used to describe the new way has been GRC (Governance, Risk, Compliance). Another has been Compliance 2.0. I especially identify with the term Compliance 2.0 because of its subtle association with Web 2.0.
Web 2.0 was the leap that the Internet took when it stopped being a set of stagnant sales brochures and became an interactive platform that brought people together. The services that made this transformation possible were Information Sharing and Collaboration. The new Compliance era is using the same capabilities to achieve its objective of being continuous and integrated.
Another aspect of Compliance 2.0 has been the need for a continuous Risk Management Program. I ran across a document from the Meta Group from January 2005 called “Unraveling Security and Risk Regulation” that talked about this very point. It got it right. It states “Regulation must be addressed holistically, rather than with a piecemeal approach. To accomplish this, it is critical to understand the fundamentals of regulatory requirements, so a comprehensive, proactive program can be put in place that addresses all applicable regulations.”.
So here we are in 2009. As we have already moved to Web 2.0 in our everyday life, we will now be participating in Compliance 2.0 as part of our regular work day.