In recent months, business continuity planning (BCP) has been highlighted as a critical element in global and regional businesses surviving the global COVID-19 pandemic, especially in the APAC region. Some businesses are also moving into the adaptation or innovation stage since the pandemic hit and recent events have accelerated and transformed how teams work, collaborate and mitigate critical risks to their operations. Compliance teams are no exception, and they bear the broad majority of the responsibilities resulting from or leading to sweeping changes in the business. For example, a recent spike in cybersecurity threats highlighted the need to look at business continuity plans to ensure the business stays compliant to secure the business in the long-term as a focus.
In Asia Pacific, according to a report by the TMF Group, while regulatory frameworks in APAC were already quickly expanding and evolving to keep up with business growth, the pace of change was accelerated by the COVID-19 pandemic. Changing regulations and new support measures in APAC in sustaining business activities have threatened how companies conduct BCP because of the speed at which they must adapt and execute changes. It is only logical that compliance and risk teams, who have transparency into all regulatory, operational, financial, and market risks facing the business at any given point in time would be central to if not driving business continuity management (BCM).
The reality is, regardless of the presence and efficacy of BCP (even according to BCP regulatory requirements) in large enterprises, the planning and management itself is largely not compliance and risk driven, creating a rift between how enterprises assess and respond to the risks of today versus the larger potential risks of tomorrow.
One informs the other, and the processes required in BCM should ultimately be born of a larger compliance and risk management framework that exists within the enterprise already. It is imperative that BCP and BCM are an integral part of today’s compliance and risk management procedures and that they are conducted with urgency and with appropriate technology to lessen the gap between planning and actual responses to risk factors.
Companies with global offices have traditionally struggled with communication and coordination to streamline and regulate their policies across multiple jurisdictions and with internal teams. With over 80% of an enterprise’s compliance and risk management process still relying on Excel spreadsheets, it is clear that if compliance units do not modernize their approach with software technology, their involvement with business planning will suffer a similar outcome. Following the outbreak, it is likely that there will be a continued need to align compliance expectations in a remote environment. There should be an emphasis on well-integrated technology to place the business back on its feet.
Among success stories for BCP during COVID-19 is a NY-based hedge fund with global offices. They quickly moved to remote working before it was mandated and were actively testing parts of their BCP before the pandemic hit the US. In a brief interview, the Chief Compliance Officer shared that before recruiting an additional senior staff, she was a main stakeholder in BCP strategy. Later on the newly recruited CIO was critical in integrating the technology that would fully execute the BCP, and facilitate automation and collaboration at scale to keep key systems and processes operational. The marriage between compliance and technology in most cases is critical, but compliance being central to BCP and BCM were larger factors. The BCP was also based on key learnings from past compliance challenges. In cases at peer companies where the compliance team’s involvement was after thought, BCP was often shortsighted, only meeting requirements as communicated by the regulator, and therefore largely ineffective in critical situations. Silo mentalities that ignore input from compliance at critical planning stages produced sub par results and as a result the effect of technology on collaboration and executing the BCP was minimal. A key factor in BCP effectiveness from both compliance and technology perspectives was budget, which further supports a strong case for a collaborative approach to BCP and BCM from compliance and other parts of the company.
In APAC, 64% of jurisdictions still maintain traditional requirements that add to business complexity, such as the requirement of an official stamp to ensure legal probity. Remote working is becoming a norm, and as a result regulators are compelled to relook their requirements on stamps and seals. According to the report, Hong Kong and Malaysia are becoming more modernised by removing the requirement for official chops or seals. Additionally, Singapore is considering expanding the acceptability of e-signatures for trust, property, and financial instruments.
With movement restrictions lifting gradually and the economy recovering, how should compliance teams strategize and implement best practices to quickly respond to changing regulations while effectively building a formidable business continuity plan centralized around compliance and risk management?
Here are four steps you can take to strategically prepare for better integrated compliance and BCP/BCM.
The pandemic has proven that timeless business, societal, and technological challenges are converging at an unprecedented pace that might not have been possible in the previous year. Evolving mindsets and old thought patterns and replacing them with new opportunities and solutions is the only way to thrive in the times ahead.
The Compliy platform is an ideal solution for businesses to improve how they navigate regulatory compliance in a remote environment, remain operationally agile, and simplify and automate risk management workflows with a well integrated business continuity plan.
Request a demo today to speak to the team and learn about how Compliy can help your compliance team better prepare for business continuity planning and management.