Governance, risk and compliance (GRC) is a perennial focus for FS firms, involving multiple divisions, often multiple geographies, and cross-functional approval workflows. GRC reporting is complex and must be done for a myriad of agencies, both internal and external. As a result, IT spend on GRC is a significant portion of a CIO’s budget and tends to increase as the number of regulations increase.
There are a number of technology solutions on the market today that address the various types of risk (liquidity, market, credit, counter-party, etc.) and compliance requirements from state and federal agencies. However, they are limited in scope, suffer from interoperability issues, and are not really geared toward a seamless enterprise GRC workflow. Furthermore, in today’s digital enterprise, compliance formats have expanded to include semi-structured and structured data such as images, video, text, tweets, etc.
That’s where digital asset management (DAM) platforms come in. They have traditionally been used for digital marketing and campaign automation but are a highly efficient way to enhance the productivity of an enterprise-wide GRC function and handle the growing complexity of compliance formats. Some, like Drupal and Joomla, are open source; others, like Sitecore and Adobe Experience Manager, are licensed.
Mitigating non-compliance fees
One of the challenges in a large distributed FS enterprise is poor data and document archiving. This presents a challenge to real-time pricing and downstream risk reporting. The SEC and other regulatory bodies levy large fines for non-compliance related to late, incomplete, or inaccurate documents and reports, including publishing mutual-fund fact sheets late and having inaccurate data on a website. This type of error often stems from inaccuracies in data collation from multiple data sources or poor annotation and validation by fund managers and financial experts participating in publishing workflows.
DAM platforms began as tools to create taxonomies for document archiving, annotation, and search. Today, they have evolved to include web and mobile content/report publishing, workflow automation, and the ability to integrate with multiple other upstream or downstream systems. They also have strong analytics features to help users determine the effectiveness, accuracy, and timeliness of content, as well as how well the content is matched to the target audience (e.g., a particular regulatory agency). As such, they are tremendously useful in automatically generating, curating, and publishing compliance information, as well as ad-hoc searching and inquiry handling in case of an audit. They can also help with modifying compliance control points or workflow and on-demand reporting (versus traditional push-based reporting).
Without a DAM, disparate compliance systems must be custom-stitched together to ensure GRC content flows accurately and in a timely fashion through the system. Given the number of home-grown systems and variety of technologies involved, this can be an expensive endeavor.
Cost savings aren’t the only benefit of DAMs, either. Rather than GRC compliance being a major burden on the enterprise, what if it could double as a revenue stream? Think of a content subscription service that your compliance office can run, similar to how companies can subscribe to 10K filings for a specific industry from the SEC. The compliance office could charge subscribers (think partners, suppliers, vendors, ancillary divisions, etc.) for this timely, customized information, offsetting some of the costs of setting up and maintaining the DAM.
As a digital business platform, a DAM is not just a silo-buster, it can be used to turn an area of spend into a revenue source.