When it comes to ensuring regulatory compliance across companies, you have to be able to both simultaneously manage and coordinate adherence to different laws and regulations, and continually adapt your practice to changing scenarios as part of your ongoing tasks.
In essence, robust compliance is fundamental to any organization's productivity and well functioning, but sometimes it can be hard for teams to thoroughly understand its relevance and importance.
To help break down the process and change the mindset regarding its position within companies, on episode 79 of Ticket Volume, Jordan Thurston, SVP at Citi, shared his insights into how to ensure regulatory compliance.
Here we have summarized the episode’s highlights, including Jordan’s take on what it means to work in compliance with real life examples. Plus, he got the chance to explain in his own words the Dragonfly Construct, a framework he put together to foster process improvement and growth.
Without further ado, let’s start.
|
|
What is Regulatory Portfolio Management?
To quick off the conversation, Jordan defined the scope of Regulatory Portfolio Management, the specific niche of IT that he works in. He explained that the practice comes to address the constant changes that one has to work with within Compliance Management and the regulatory landscape.
So, in short, the practice involves looking at the lines of business across the firm and making sure that the decision makers have the right level of insight into what is happening in their countries and how to stay compliant to any new laws and regulations that come out.
|
|
"A good example of that too is around the GDPR space. When that came out, initially it was very vague and things started to adapt and shift. From that spawned your CCPA within California and I believe Vietnam just came out with one last year as well. So you are starting to see it shift and adapt, and understanding where it is evolving from and who it is impacting. To have those kind of resources when you can then take it back to senior leadership teams and say “Hey, this is coming up and it is an emerging risk, how do we stay compliant."" Jordan Thurston |
Each regulatory portfolio will depend on the specific company’s internal policies and the country in which it operates in. For this, another big part of the job has to do with setting out what is most relevant to your organization to avoid wasting time.
Finally, an important aspect of Regulatory Portfolio Management has to do with changing teams’ and individuals' mindsets regarding compliance. In the context of constant changes and adaptations, it’s essential to bring awareness of its relevance for companies and their governance.
ITAM and Regulatory Management
Ensuring regulatory compliance and IT Asset Management (ITAM) processes are closely aligned. There are many laws and regulations set out to manage assets correctly and a big part of ITAM has to do with ensuring that companies have an effective compliance process in place to avoid disruptions and other types of penalties.
To illustrate this, Jordan brought some of his work experience, particularly in relation to software. He highlighted the importance of certain practices that help to achieve compliance, such as cataloging and Inventory Management, focusing on the management of assets' full lifecycle, and setting out a strategy to avoid redundancies.
How to go beyond ensuring compliance
Having collected many years of experience in the regulatory compliance field, Jordan explained what he believes to be the fundamental strategy to implement to go beyond just ensuring compliance.
For this, he shared the simple mantra he uses with his team: “Do the right thing, not the convenient.” This has to do with shifting people’s mindset away from always going for the easy, fast, and convenient option, but rather putting in the extra effort into what the right option is.
To really excel in compliance, and particularly in the complex and ambiguous current scenario we work in, this type of mindset and way of working can have positive impacts that you might not even be aware of in the moment and will help you stay ahead of the curve.
|
|
"In my interpretation, compliance is just adhering to the laws and regulations that are set forth by government entities, as well as your own companies internal policies and standards. So, going beyond that is more than just checking the box. Yes, we’ve met this, you may see it in companies that have annual attestations. Like, yeah, we did it, life is good. But how do you take that one step forward? We’re going to do something because it’s right, not because it is convenient." Jordan Thurston |
The Dragonfly Construct framework
Finishing off the conversation, the guest shared the main aspects of the Dragonfly Construct, a framework he built to give resources and support to organizations for process improvement, growth, and maturity.
Here, Jordan compared the lifecycle of the dragonfly with the first six months in a new position, making the argument that when you overlay them too they fit perfectly together. So, divided into the egg stage, the larva stage, and the adult stage, he explained that these are the steps and the time it takes for someone to understand their role and where they fit in within the organization's structure, regardless of which their seniority is.
Through this, he looks to create awareness both within individuals, teams, and companies as a whole about the importance of going through each one of the stages before looking to implement hurried changes and modifications. Taking elements from different methodologies, the framework looks to foster strategic planning when it comes to process improvement.
Final thoughts
Every regulatory compliance portfolio and strategy looks different; it will all depend on the country where it is operating and its specific rules and laws and on the company's internal policies and priorities.
There are, however, a few aspects that you will always have to keep an eye on, fundamentally incorporating adaptability and changing scenarios to the equation, and fostering awareness and accountability related to compliance across the organization.
And this was just a recap of some of the main points discussed during the conversation. Get access to the full episode to get that extra knowledge on Apple Podcasts, Spotify, YouTube, or choose your favorite podcast platform!
