Modern compliance programs, especially at large financial institutions with multiple business lines, would not exist without the ingenious adaptation of Microsoft Excel files — they have become an essential tool for managing the first and second line of defense. Each file is filled with regulatory intelligence data, compliance tracking, internal controls, or incident reports to varying degrees. Using Excel is a practical requirement of compliance work. Unfortunately, compliance programs that depend primarily on Excel are bound to falter with few options for recourse.
They should be replaced immediately with viable software alternatives that address the following challenges:
Experienced compliance officers are not strangers to wide-reaching and complex requirements. Several conversations with compliance professionals at banks, asset management companies, and insurance companies in APAC, yield that one of their top challenges is organizing the various forms of data from regulations into valuable and actionable outputs. This challenge arises from the fact that regulatory requirements must be first understood, then processed manually into a simplified, uniform format determined by the compliance officer’s skills, experience, and company or individual interpretation. Whereas integers and number formats are easily handled in formulas, the value of complex string data is determined by semantics and context derived by the compliance officer. The manual intervention required for complex regulatory obligations is not limited to one person but may also involve multiple members on the compliance team. Dozens of labor hours are thereby dedicated to adding and updating regulatory data in Excel. As such, even the most experienced compliance officers must use significant manual effort to maintain Excel files that track and organize regulatory requirements.
Recognizing this shortcoming does not mean entirely eliminating Excel files from compliance, but rather using them for initial gathering of data points. This can be done before they are placed into a centrally managed database or system that can analyze the varying data structures from each regulation. The key to reducing manual intervention at this stage is identifying software that can manage data in Excel files while integrating and analyzing new regulatory data feeds. While regulatory intelligence solutions may boast their ability to supply new data feeds, they underdeliver on the ability to capitalize on existing company knowledge and data from the compliance officer. The goal is to integrate and supplement Excel’s simple storage function with high-level regulatory insights or data extraction that is driven by technology. Solving this challenge alone is a major leap forward in reducing the level of manual labor required by compliance officers operation solely with Excel files.
Beyond structuring and analyzing essential data from regulatory requirements without manual intervention, a major limitation of Excel files is accurately representing processes and process dependencies for daily compliance procedures. Excel can document workflows but it cannot fully administer a multistep process between several stakeholders and dependencies without human assistance. In addition, data must be manually moved from one stage of a workflow to another and it must be checked for human errors before each stage can commence. With these constraints, automating basic workflows becomes a gargantuan task, hence why despite a plethora of resources at large financial institutions, few boast of basic semi-automated compliance workflows.
Outside of compliance, alternatives to Excel for process management are usually project management tools such as Trello, Asana, or Jira, and have varying levels of automation capabilities. Marketing and product teams, also subject to complex daily processes with back-and-forth exchanges of data, adapt to changes and growth by quickly migrating from exclusive spreadsheet-based project management as soon as their processes involve more than two individuals. While the aforementioned tools are not particularly suited to the complexities of regulatory compliance data, they provide a glimpse into the power and simplicity offered by process management solutions as opposed to Excel spreadsheets. Available GRC solutions too often neglect the larger role the business units play into the daily workload of compliance officers, requiring compliance officers to still rely on Excel. This presents an opportunity for a solution that can be as easily used by business unit members as it can be used by the compliance team, and it is a valuable consideration in choosing software alternatives for workflow management in compliance.
Finally, true ownership of the data in Excel files is limited to a few individuals at a time which presents significant challenges for executive management and oversight of the compliance function. Oftentimes spreadsheets still need to be reorganized and essential data extracted to present a top-down view of compliance functions and the most relevant regulatory data for company executives . The limited ownership births the lack of transparency, which makes managing the Excel files a cumbersome burden for the few individuals that have the privilege of holding responsibility. The sensitivity of the data presents another layer of complications that cannot be easily addressed with Excel files. Though data transparency is mostly limited to a need-to-know basis in financial institutions, the limited ownership of the Excel files means the burden of compliance falls on a select group of compliance professionals. The opportunity for a larger culture of compliance embedded throughout the organization is easily overlooked in favor of immediate accountability of key compliance team members.
This final challenge is one easily addressed with collaborative, multi-user software design. User management and permissions are functions that most software solutions build with several degrees of customization and should be key concerns for compliance officers. User management capabilities that grant varying levels of access to a shared data pool ensure that compliance is an organizational responsibility as opposed to solely the burden of an overworked compliance team. Need-to-know basis policies can still be enforced and workflows and processes can be automated with ranging levels of shared ownership for all stakeholders in the company. This is not a software solution itself but it is a critical component of any software that solves the first two challenges presented by Excel-based compliance management. Without these capabilities, solving the first two challenges produces an effective compliance program that works in a silo, away from the needed participation of other members of the organization.
As great as Excel was for compliance officers of the past, it does not address the relevant challenges for evolving, modern compliance programs. Similar to Excel’s limitations as the ultimate solution for compliance, one product will unlikely be the silver bullet for all current and future compliance needs of the organization. Instead, a composite solution consisting of easily integrated parts, either from the same vendor or different vendors, is a more practical and timely approach. Doing such is an expedient way to quickly migrate from heavy dependence on Excel in compliance while significantly reducing manual intervention in organizing and analyzing complex regulatory data; enabling process management and automation of routine workflows for multiple stakeholders; and increasing oversight and transparency of the entire compliance function. Excel excelled in flexibility, intuitive design, and simplicity. These are key attributes for compliance officers to prioritize in selecting an ensemble of software products that will transform their compliance program.