By [ad_1]
For organisations operating in highly regulated sectors like healthcare and financial services, modernisation and adherence to strict compliance standards can feel like mutually exclusive goals.
By eliminating outdated – often manual – processes, they’ll generate valuable efficiency gains. Plus, they’ll be able to engage in new digitised ways of working, collaborating and transacting. However, concerns will be high that initiating automated systems could give rise to regulatory violations. Something that will result in unexpected costs and cause harm.
So, how do engineering managers resolve this challenge?
I recently sat down with Neil Fitzgerald, Director of Engineering at StarCompliance, who has spent most of his career navigating this very issue. He shared his insights on what to keep in mind when undertaking modernisation projects in highly regulated environments.
Preparation is key – how do you bridge the gap?
Understanding the business drivers behind any modernisation project is vital for ensuring that the solution being designed is fit for purpose – and not over engineered.
It can be tempting to go all out and build the perfect system that covers all use cases. But in reality, that may not be what the organisation wants or needs. Especially when the cost and time involved in delivering an ‘all singing, all dancing’ solution proves prohibitive. Or the aim of the game is to get to market fast.
With that in mind, talking to people whose tasks have been designated as ripe for automation will provide valuable insights into what they do, how they do it – and why. Experts in their field, using their unique perspectives, can help clarify the root challenges the business is actually looking to resolve through automation.
In Neil’s experience, these conversations will help engineering directors establish what is really needed. Instead of a highly complex new application, the requirement could prove much more straightforward. For example, a reporting tool that delivers the oversight functional managers need to address risks or gaps in compliance proactively.
Finding the right balance between risk and reward
Different organisations have different risk appetites and this can vary depending on the specific use case or business drivers behind a modernisation project.
To get to grips with this, engineering directors need to have frank conversations with key decision makers across the business. They will want to understand how they interpret (and plan to apply) specific regulations and what compliance checks and balances (controls) will need to be put in place. For example, a small charity may only need to undertake money laundering or KYC checks on an annual basis. Whereas a big retail bank will need to monitor certain transactions, all of the time, and in real-time.
Ultimately, the role of the engineering director is to help key stakeholders make decisions based on business priorities and risk evaluations. By providing a choice of ‘acceptable, better and best’ solution options, together with associated costings and a timeline, decision makers will have everything they need to weigh up the options and determine a course forward. That includes communicating the risk and compliance management challenges that need to be dealt with if the decision is made to go with a ‘quick and fast’ solution.
For Neil, this is aptly illustrated by one US firm that needed to build out its first GDPR compliant solution. Rather than missing out on a UK launch date, the organisation decided not to re-engineer certain processes. Something that would prove costly in terms of time and money. Instead, it built a façade to capture address IDs rather than a social security numbers, so it could hit its original release date and scheduled a full rework of system features for the next quarter.
Initiating important conversations
Andrew believes that engineering directors need to acquire a deep understanding of the regulatory frameworks that relate to their organisation. Alongside industry standards, that means reading up on privacy and data protection requirements so they can communicate confidently with stakeholders across the business and ask questions – a lot of questions.
These conversations will help cross-functional project teams work in a trusted and open way. As well as providing a platform for educating stakeholders on the costs associated with highly complex ‘bells and whistles’ solutions that cover every regulatory aspect, engineering directors will be able to get the direction they need to handle instances where regulations overlap.
Ultimately, the engineering director acts as a bridge between the tech organisation as the business. Despite being responsible for surfacing potential compliance risks and implementing safeguards that will eliminate legal and reputational risk, any key compliance decisions will always need a stamp of approval from the organisation’s Chief Compliance Officer (CCO).
Keeping up with regulatory change
Everyone remembers how GDPR changed the rules of the game on how organisations handle data. Fortunately, big regulatory changes like this don’t happen every day and typically have a long lead time before coming into force.
That said, today’s ever changing regulatory and compliance landscape means engineering directors need to regularly sit down with their organisation’s legal and compliance experts. So they can plan ahead, prepare roadmaps for updating systems in step with upcoming requirements, and share with all stakeholders the structural changes (and challenges) involved.
As Andrew puts it, regulations exist to make the world a better and fairer place. By talking to subject matter experts and understanding the compliance context, engineering leaders will be able to prioritise what needs to change and brainstorm novel ways to solve compliance challenges. This may include proposing beneficial solution design alternatives or compromises that are acceptable to key business decision makers.
To find out more why not get in touch. And if you fancy deliver a little deeper into the topic of modernisation, the podcast provides plenty of food for thought.
[ad_2]
Source link
