Regulatory activity forces compliance officers to spend more on GRC tools
Legal and compliance investments in GRC (governance, risk and compliance) tools will increase 50% by 2026, according to Gartner.
Insurance executives are looking for technology solutions to help them meet the growing regulatory focus on executive risk oversight and control.
“Recent actions, ranging from the U.S. Securities and Exchange Commission (SEC) to the U.S. Department of Justice (DOJ), demonstrate a focus on executive oversight and risk control,” said Lauren Kornutick, director analyst at Gartner Legal Risk & Compliance. “For example, the DOJ encourages companies to voluntarily disclose misconduct, but companies can only do so if they have effective compliance programs and risk management strategies in place that leverage controls to prevent and detect misconduct. mistakes.”
Improve risk management with GRC tools
Without true self-discovery, companies risk being subject to criminal prosecution, and officers and directors may be subject to shareholder derivative litigation for failing in their oversight duties.
“While most organizations already have compliance programs in place, legal and compliance leaders need to ensure they are empowered to capture and convey the right information to management and the board, take action appropriate measures and to maintain documentation relating to these processes,” Kornutick said.
GRC tools for insurance executives help compliance, enterprise risk management (ERM), and other assurance teams develop a more holistic understanding of risk. The tools integrate and consolidate risk and compliance data as well as processes and terminology.
Practically speaking, GRC tools can help assurance teams evaluate and modify compliance programs in near real time, stress test system operations and, in collaboration with management and the board, improve monitoring processes.
Navigating new regulations
With an increasing emphasis on reporting misconduct as soon as it becomes known, legal and compliance leaders should consolidate their insurance partners’ existing risk management methodologies. ERM and audit may have an existing methodology that they can contextualize to predict or detect misconduct that has gone unreported and help validate the effectiveness of controls.
“Understanding existing insurance partner methodologies can help legal and compliance leaders more accurately understand the likelihood and likelihood of misconduct based on the available data source,” Kornutick said.
Organizations have traditionally focused on having sufficient oversight processes in place by the board of directors. However, recent regulatory activity indicates that agents must also have effective oversight processes. Legal and compliance leaders must establish an overview of controls and procedures, clarify management roles and responsibilities, improve compensation structures and establish clawback policies.
Recent enforcement actions indicate that all employees, with increased oversight placed on management, are expected to conduct themselves in accordance with the company’s values, policies and all legal obligations. When compliance officers update policies and procedures in response to regulatory changes, they should prioritize testing the effectiveness of policy changes by measuring whether employees understand their obligations regarding business conduct and reporting. mistakes.
“Compliance officers should also conduct role-based refresher training, emphasizing understanding by including gamification, scenario-based role-playing and improving two-way communications in the process of learning,” Kornutick said.
