BY Fraser Tennant
Compliance leaders in the US are yet to fully automate their compliance activities in order to respond more efficiently to shifting regulatory expectations and a changing risk landscape, according to a new KPMG report.
The report, ‘Innovating compliance through automation’, found that only one in five chief information officers (CIOs) and chief compliance officers (CCOs) said they had a well-defined strategy to automate compliance in the next two years. However, 90 percent did say they had plans to increase funding for automation in the coming years.
Among the report’s key findings: (i) 36 percent of CIOs and CCOs said that attention from leadership and stakeholders is a top challenge they have encountered or expect to encounter in implementing compliance automation; (ii) when asked what is limiting their ability to automate compliance activities, 70 percent of CIOs and CCOs named data integrity and 67 percent pointed to data availability as leading factors; and (iii) 32 percent of CIOs and CCOs said the availability of resources to support automation is lacking.
Furthermore, CCOs and CIOs differ on their view of the subject matter knowledge their organisation requires to tackle compliance automation, with approximately 18 percent of CCOs stating knowledge was lacking while 40 percent of CIOs pinpointed this as the main automating compliance challenge.
"Companies are automating routine operational tasks to increase efficiencies and lower costs," said Amy Matsuo, a principal in KPMG’s risk consulting services and national leader of regulatory insights practice. "The next step is for organisations to pivot from using automation in operational processes to deploying it for compliance analytic and predictive purposes. To do so, they must first prioritise compliance activities that can be automated while setting expected returns on investment."
According to the report, compliance activity priorities are based on product safety (42 percent), industry specific regulations (41 percent), cyber security and information protection (36 percent), privacy (29 percent), fraud (27 percent) and consumer protection (22 percent) regulatory obligation categories.
Ms Matsuo concluded: "Organisations will need to identify personnel with the appropriate skills, knowledge and availability to undertake automation. This requires a unique skillset that blends an understanding of business operations, compliance issues and risk management with technological proficiency."