Rules Management Software - Inside story for Compliance Managers

How do we equip a company with clear visibility of applicable rules and their changes? Is there a way to automate the management of rules? This is an inside story of our effort in designing the Rules Management Software module in Compliance Track. We thought of sharing this story as a thanks to various customers and partners who gave us inputs during the development stage and to provoke the thoughts of compliance professionals by enumerating the practical problems in automating rules management.

Introduction

A compliance manager should know the rules from various regulators which apply to his firm. He should put in place the policies and procedures for the firm as per the governing rules. He should then conduct compliance testing to ensure that the business is conducted as per the policies and procedures. Finally, he should have compliance reports and collate the supporting documents for proof of compliance for regulators and other stakeholders. The same principle applies for auditors who should do similar testing and report weak areas of control.

Our first effort was to conduct a contextual enquiry to understand the real issues facing the compliance managers in the area of rules management. Our second effort was to design a solution to meet the user’s need without the complexities of technology.

Rules Management for Regulatory Compliance - Practical Issues

Based on our research among compliance managers, following list emerged as a summary of major challenges in managing rules.

1. With the wide number of regulations imposed on companies, it is an onerous task on the compliance manager to keep track of all regulations and their changes. For example, if a change occurs to a rule, it is the task of a compliance manager to see its impact on existing policies and procedures and the corresponding testing and reporting effort.
2. Even if the compliance manager accomplishes the task of collating all the rules and their changes applicable to his firm, it is an impossible task to create visibility for himself and other stakeholders that those rules are incorporated properly into the company’s policies and procedures. In an email application, it is easy to visualise which emails are read, and which are yet to be responded. However, such a visibility is difficult with the rules applicable to a firm, as different regulators have different drafting standards for rules and they are not always created to match the user’s mental model in mind.
3. On a Monday morning, when you sift through your emails, there are certain emails to delete, some which need immediate attention and some which need actions with less priority. In a standard email application, there are simple ways to do this demarkation. In a similar manner, among the rules applicable to a sector, a compliance manager needs to prioritise the rules applicable to the firm as per the risk it poses and incorporate policies and procedures and devise appropriate testing and control mechanisms.

Rules Management Software - A quest for answers

While designing a Rules Management Software module in Compliance Track to address the above mentioned challenges, we categorised the problems into two areas - 1) Managing rules content - from the source and 2) Managing rules content - within a company.

Managing rules content - from the source

If there was a universal drafting standard for regulators and law making bodies, we could have made a tool which automatically reads, updates and categorise rules for a firm, in a similar manner where you have an Email application to read emails coming from any source. There are various initiatives in this area and are far from becoming a global standard. Today, each regulator drafts rules as per their model without much consideration how these rules could be easily consumed by the end users from an automation point of view.

The above puzzle can be divided into two. First, the problem of converting any rulebook into a format easy for automation. Second, notify and update stakeholders, when there are changes.

Answering the issue of converting rulebooks into a useable format

Initially we toyed with the idea of providing a tool for users which allows them to do text mining and possibly do rules annotation. You can read more on this technology and examples in Adam Wyner’s blog. However, we realised that the complexity involved in such technology may render the application not useable for compliance managers.

We therefore created a simple to use import functionality which can import formatted MS Word documents or HTML and worksheets. This will work if the rulebook has some form of formatting. For example, the FSA rulebook has a formatting which is useable. However, certain rulebooks have no formatting. For example, the Solvency II from the European Union. These are to be manually formatted or use text annotation techniques. Adam Wyner joined us to provide such service to our customers if they need to do such annotation of rules. If you are interested to read about the advances in text mining technologies in this area, please read a more in-depth article written by Adam Wyner.( Legislative Rule Extraction)

Answering the issue of notification and updating of existing rules

Notification and updating of rulebooks is another major challenge. To solve this issue, we devised a framework to empower regulatory experts who are up to date on their area to look after area of regulation. We therefore created a framework for existing regulatory experts to publish and update content to Compliance Track and make it available to our customers. Such experts are then provided with latest text mining tools and expertise from Compliance Track.

As a starting point, we got two Solution Partners providing two different types of rule books using our rules publishing framework. The framework allows compliance manager of a firm to subscribe to existing rules already published by partners or even create rulebooks using our framework and tools.

Managing rules content - within a company

The second and third user problems cited above can be categorised under the area of information retrieval. It is about the relationship of rules to company policies and procedures, risk and controls and compliance or audit testing. While creating a system solution for user problem some solutions are more than 50% in the system domain and the remaining in the user domain. A system renders to be user friendly when it is more in the user domain than in the system domain. Therefore, our objective in designing a solution was to empower the user with a design in his context. Compliance Track provides a visual mapping framework for information architecture. I have discussed this concept at length in the context of policy management software information architecture.

Conclusion and update

The Rules Management Software module in Compliance Track is now ready for customer usage with easy to use visual mapping techniques for managing rules content within a company. One of our partners is releasing a Solvency II Compliance Solution in April 2010 using the Rules Management Software module. United Nation’s URI is in the final stages of releasing a compliance pack for UK’s 2400 local government bodies for complying with the Audit Commission’s KLOE on Diversity. For more information visit the Rules Management Software page in the Compliance Track website.

About the Author and the background for this blog

John Cyriac is the CEO of the Compliance Software as a Service company Compliance Track.

The views expressed in this article are based on his interviews with various compliance managers across the industry and across the globe.