Optimizing compliance response

6-minute read

Quick summary: Discover strategies to optimize compliance response amid a rapidly shifting regulatory landscape, with a focus on proactive documentation and streamlined regulatory inquiry management.

One of the greatest difficulties compliance managers face is the rapidly changing regulatory landscape. New laws are being enacted and enforced at accelerating rates, creating challenges for compliance teams that are further complicated by the rate of technological change.

In this article, we’ll explore how to handle the changing regulatory ecosystem and, in particular, how to operationalize the response to regulatory inquiries.

The regulatory landscape

The compliance regulatory landscape is constantly in flux, with the pace, volume, and complexity of new requirements increasing rapidly. In the United States, individual states are creating their own legislation, many mirroring the rights and obligations of the landmark European privacy regulation, the General Data Protection Regulation (GDPR). Since states are taking an individual approach to these laws, U.S. companies must deal with the disparate elements between specific states.

The same trend is occurring abroad, with many countries creating and enforcing their own regulations to various extents and creating challenges for global companies. Rapidly changing technology, especially in the realm of artificial intelligence (AI), is giving rise to new and fast-evolving legislation aiming to keep pace with the rate of technological progress.

These regulations can cover a broad range of topics, including AI, digital safety, data privacy, and security. Furthermore, they are increasingly prone to covering multiple topics, blurring the lines between what are often or historically siloed areas. Laws dealing with child safety, such as Florida’s HB3, which would restrict minors’ use of social media accounts, touch on the areas of privacy, security, and safety. Some elements of this legalization would require age verification, which can carry both privacy and security risks from the potentially sensitive data required to achieve verification. This overlap requires compliance teams to collaborate to arrive at solutions that meet requirements of all areas.

Not only is the rate of legislative action increasing, but enforcement activity is accelerating as well. GDPR, which came into effect in 2018, is an excellent example of rapidly increasing enforcement. As of February 2021, 600 fines relating to GDPR had been issued, but by February 2024, that number had grown to 2,092. Furthermore, in that period, the total sum of fines grew from just over $250,000 to nearly $4.4 billion. As new laws come into effect and enforcement, compliance teams must have scalable processes to comply with and respond to these disparate regulations, especially in global companies.

Keeping up with regulations and enforcement

Given this rapidly evolving regulatory environment, the first element to address is how to keep up with changing laws. While many of the early phases of this process require legal input to address obligations and requirements, operational implementation is essential to keeping teams compliant.

At Logic20/20, we have found in working with clients that the key is having up-to-date compliance review documentation on what teams are doing and their current state of compliance. This allows us to investigate which teams may be in scope for changes based on a given regulation and understand how it may fit into their circumstances at a high level by querying their data or documentation before even talking to the teams directly. This approach saves time for both compliance managers and engineering teams. Proactive documentation of the state of compliance expedites the process to find affected areas for a given regulation and understand what changes may be required.

The second element, handling regulatory enforcement, also benefits from the practices described above. Regulatory inquiries may require large amounts of information to be provided on a quick turnaround. This means if you do not have comprehensive and agile documentation of the state of compliance in your company, you may be left scrambling and disrupting essential business processes to gather the information you need. With this robust documentation, you can query your data to find information specific to regulators’ questions, find the necessary information more quickly, and decrease the disruption to stakeholder teams.

Creating proactive documentation

As mentioned above, Logic20/20 has found that the key to keeping up with these rapidly changing regulations is proactive documentation. This begs the question, “What does proactive documentation look like?”

We have found the key to this documentation comes from comprehensive compliance reviews. If compliance reviews are well documented, with questions aligned to various compliance policies, this information can be reused for many areas, like regulatory documentation, and the resulting metrics can help you optimize the business.

We have used tools like Power Apps from the Microsoft Power Platform to create dynamic forms that capture data in structured and reusable ways, enabling this documentation and these insights to be created. Furthermore, the dynamic nature of these forms allows us to scope questions to specific types of teams, gathering the necessary information for a given scenario but minimizing questions that may not apply to a given team or situation. This kind of proactive documentation also helps you find and mitigate compliance issues early, rather than waiting until a regulatory inquiry occurs, which could lead to fines and decreased consumer trust.

Enabling scale with proactive documentation

With the reusable data collected in these proactive reviews, you have the further ability to introduce automation and artificial intelligence to help scale your program. Automation can be used to scale the creation, update, and/or maintenance of regulatory documentation. For example, robust compliance review information from teams can be funneled into regulatory documentation templates, or AI could be used to create initial drafts of these documents. Furthermore, AI can help determine whether regulatory documentation requires updates based on information provided in reviews, saving time for compliance managers.

In sum, while the regulatory landscape is complex and rapidly evolving, teams can handle this challenge by collecting detailed documentation that can be reused to create compliance documentation and enable key metrics.