According to Wikipedia, “in science, computing, and engineering, a black box is a system which can be viewed in terms of its inputs and outputs, without any knowledge of its internal workings. Its implementation
is "opaque" (black) .The opposite of a black box is a system where the inner components or logic are available for inspection, which is most commonly referred to as a
white box (sometimes also known as a "clear box" or a "glass box")”.
If we bring the concept to the context of risk and compliance management, it is an excellent metaphor for inefficient, sometimes poorly executed, programmes that are:
-
Not well documented
-
Difficult to measure and lack traceability
-
Reactive - rather than proactive
-
Reliant solely on people’s skills over systems and processes.
Do any of these ring a bell? If so, it might be time to reevaluate some of your compliance processes so that it can become a “white box” instead. In our interactions with financial services institutions and other heavily regulated organisations, oftentimes
the weak link is on manual, inefficient compliance document management processes. Investing in a fit-for-purpose platform sometimes gets relegated as a “nice-to-have” or a “I’ll do it next year” but in truth, firms that are still relying on spreadsheets, email
chains and generic tools are exposed to greater compliance risks by operating in a “black box” model.
Here are 9 questions that you can ask yourself to understand whether this is the case in your company:
-
Are you able to effectively monitor regulatory developments and quickly cascade updates down to all relevant documents - policies, procedures, controls and others?
-
Can you map document dependencies at a granular level, allowing you to seamlessly drive necessary changes?
-
Do you have solid processes in place for painless and timely document drafting, review and approval?
-
Are you consistently meeting document review deadlines?
-
Are your document management processes smart and automated, designed to prevent human error?
-
Can you record a full audit trail of all changes made to your compliance documents?
-
Are you able to swiftly communicate new and updated policies and procedures to staff?
-
Do your existing systems allow you to gather attestation from employees to prove compliance?
-
Are you able to demonstrate compliance and draw insights through reports on the documents’ lifecycle at the click of a button?
If you answered “yes” to these questions, you can rest assured your compliance documents are being managed in a “white box” manner and you’re minimising your company’s exposure to the risks of non-compliance. However, if your answer was “no” to some - or
most - of these questions, then I’d recommend you bring up the topic in your next team meeting and try to get internal buy-in to do something about it - before it becomes a big incident.
Are you ready to take the plunge and strengthen your compliance programme or are you ok with operating as a “black box” and taking a chance with the Board and regulators?