According to Wikipedia, “in science, computing, and engineering, a black box is a system which can be viewed in terms of its inputs and outputs, without any knowledge of its internal workings. Its implementation is “opaque” (black) .The opposite of a black box is a system where the inner components or logic are available for inspection, which is most commonly referred to as a
white box (sometimes also known as a “clear box” or a “glass box”)”.

If we bring the concept to the context of risk and compliance management, it is an excellent metaphor for inefficient, sometimes poorly executed, programmes that are:

  • Not well documented

  • Difficult to measure and lack traceability

  • Reactive – rather than proactive

  • Reliant solely on people’s skills over systems and processes. 

Do any of these ring a bell? If so, it might be time to reevaluate some of your compliance processes so that it can become a “white box” instead. In our interactions with financial services institutions and other heavily regulated organisations, oftentimes the weak link is on manual, inefficient compliance document management processes. Investing in a fit-for-purpose platform sometimes gets relegated as a “nice-to-have” or a “I’ll do it next year” but in truth, firms that are still relying on spreadsheets, email chains and generic tools are exposed to greater compliance risks by operating in a “black box” model.

Here are 9 questions that you can ask yourself to understand whether this is the case in your company:

  1. Are you able to effectively monitor regulatory developments and quickly cascade updates down to all relevant documents – policies, procedures, controls and others?

  2. Can you map document dependencies at a granular level, allowing you to seamlessly drive necessary changes?

  3. Do you have solid processes in place for painless and timely document drafting, review and approval?

  4. Are you consistently meeting document review deadlines?

  5. Are your document management processes smart and automated, designed to prevent human error?

  6. Can you record a full audit trail of all changes made to your compliance documents?

  7. Are you able to swiftly communicate new and updated policies and procedures to staff?

  8. Do your existing systems allow you to gather attestation from employees to prove compliance?

  9. Are you able to demonstrate compliance and draw insights through reports on the documents’ lifecycle at the click of a button?

If you answered “yes” to these questions, you can rest assured your compliance documents are being managed in a “white box” manner and you’re minimising your company’s exposure to the risks of non-compliance. However, if your answer was “no” to some – or most – of these questions, then I’d recommend you bring up the topic in your next team meeting and try to get internal buy-in to do something about it – before it becomes a big incident.

Are you ready to take the plunge and strengthen your compliance programme or are you ok with operating as a “black box” and taking a chance with the Board and regulators?

Source: https://www.finextra.com/blogposting/24445/are-you-managing-compliance-as-a-black-box?utm_medium=rssfinextra&utm_source=finextrablogs