No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Integrating Remediation Management Into Your Operations

by Steve Hall
September 26, 2018
in Compliance, Featured
stack of books titled compliance, regulations, standards

Addressing Regulatory Compliance Issues

Point B’s Steve Hall and Sydney Rickelman discuss the benefits of a remediation management office (RMO) and how organizations can establish and execute one, leading to significant time and cost savings.

with co-author Sydney Rickelman

Maintaining compliance can feel like a moving target. Organizational growth resulting from an acquisition or introduction of a new product or service can trigger increased regulatory scrutiny in the form of an audit. If you get audited and a series of noncompliance issues are uncovered, you may be given a warning and a short window of time to fix or remediate the issues before receiving a penalty, which can be hefty: banks globally have been hit with $321 billion in fines over the past 10 years.

However, if you have findings, an effective remediation management program in the form of a remediation management office (RMO) can minimize penalties and fines, potentially saving your organization millions of dollars.

What is an RMO?

An RMO is a program management office (PMO) set up to deal with the list of specific noncompliance issues a regulator has identified during an audit. An RMO creates value from both a regulatory and execution perspective, helping organizations address critical issues highlighted by a regulator, who typically gives just a short timeframe in which to resolve issues before enforcing regulatory action.

If the program management status quo of your organization is not set up to deal with critical regulatory issues that include expedited timelines, a large volume of issues or the impact remediation will have across your entire business, then there is significant value in setting up an RMO.

An RMO helps you right-size your effort. Given the importance of execution on an RMO, you need to have all the right structures and leadership in place, and the organization has to support it. If you’re executing well, the team on the ground knows exactly what they need to do, especially when faced with a very short timeline in which to correct issues.

Business Value of an RMO

Once a regulator has identified noncompliance of critical issues, the overall value of the organization is reduced. However, the business value can be stabilized and even increased through fast, efficient and effective remediation efforts.

Responsibilities for managing regulatory risk can be spread throughout the organization. However, decentralization can result in slower adoption of priorities, different priorities and goals across the organization and varying degrees of responsiveness from the impacted business owners. The RMO can provide a single point of coordination and prioritization to drive the outcomes you need and start closing the gaps, aligning investment with regulatory exposure and business risk.

To decide where to direct resources, determine what revenue streams are at risk, whether you’re at risk for continued fines or what business areas are most critically impacted. The key is knowing your business and wisely diverting your corporate resources.

5 Key Considerations in Establishing an RMO

As you look to establish an RMO, the following are critical areas to consider.

Understanding the Environment

To quickly mobilize to fix noncompliance issues, be clear in how your business operations align with regulatory mandates. A business must understand the scope and severity of the noncompliance issues at hand, the financial and nonfinancial consequences of remaining in noncompliance, the timeline by which remediation must take place and the extent of the impact to the business.

In one example, a financial services institution had undergone a period of rapid growth through acquisition and was unable to adapt to new regulatory implications in a timely manner. As a result, the institution received an enforcement action that included a fairly extensive list of findings with a mandated date, but the regulatory mandate was otherwise fairly vague. The financial institution understood the noncompliance issues at hand, as well as potential consequences, and developed a timeline that gave priority to the findings with the biggest impact on the business. Additionally, they identified the areas of the business that were the most impacted and would require action and input on a regular basis. Next, they created a team that included key individuals, along with sponsorship from executive leadership, to give the remediation effort the necessary focus and attention.

Governance and Ownership

There are multiple levers that can help you determine where an RMO fits within your organization, including the size and structure and the ultimate responsibility for where remediation lies.

As you begin, be clear on what decisions need to be made to drive regulatory remediation and when they need to be made. Think about the scope of governance over your mediation efforts. This could include establishing effective governance bodies, whether a regulatory steering committee or an operating committee, to drive the operational efforts toward remediation, identifying a clear sponsor or identifying business owners and how to involve them in governance and decision-making around your remediation efforts. Define accountability and decision rights not only for the governing bodies, but for individuals within the governing bodies so you have clear accountability. Finally, determine the management processes you want to put in place and how to manage the cadence.

Additional questions to help guide you:

  • Do you need effective governance mechanisms over policies and procedures?
  • Is there a complete requirements inventory with traceability from findings to business owners? If so, how do you establish controls over it?
  • What applications do you use to help manage your regulatory environment?
  • Is there an enterprise compliance or management suite that provides visibility into your overall enterprise risk status? If so, how do you make sure that the data in those systems is accurate?

The Need for Speed

Time is of the essence once your organization has been flagged for noncompliance. With a typical project, you establish a plan and timeline and adjust as necessary. With regulatory remediation, you often don’t have that liberty, as the timeline for remediation is often mandated by regulators.

The clock starts ticking the moment your organization receives negative findings. You need to respond quickly while engaging various departments within your organization to evaluate the findings, performing a gap analysis between your operations and the findings and then drive remediating action.

Establish a command center to provide an additional level of agility and coordination to make quick decisions around prioritization of resource allocation, enabling rapid triage of risks and issues and prioritizing long-term action plans, ensuring compliance along the way.

Transparency

As the central point of coordination, the RMO can be the clearinghouse for internal and external communications about remediation efforts, tracking and reporting on program status. The RMO can also ensure you’re addressing compliance requirement findings through your action plans. That clear traceability shows that you have line of sight from the findings to the action.

One organization slapped with an extensive list of noncompliance issues to remediate was not asked for remediation status updates by their regulator. However, they decided to be proactive in giving quarterly updates on progress made in the action plan, including next steps and key accomplishments. These updates were well-received by the regulators and signaled that the organization was focused on correcting issues and taking the remediation efforts seriously.

Minimal Impact to the Business

Many of the issues requiring remediation impact day-to-day operations. You need business owners to be accountable for any changes while being mindful about how you use their time to gain information. An RMO can create additional capacity, dedicated focus and minimal day-to-day disruption to provide balance in keeping business moving during remediation.

Executing an RMO

Remediation programs impact the whole organization, and tight timelines often dial up the pressure. Successfully structuring your RMO depends on four key factors:

  1. Mobilization: Based on effort and skills required, determine the structure and size of your remediation program and mobilize.
  2. Accelerators: Leverage accelerators like playbooks, frameworks, tools and templates to move quickly. Prepare your action plan before the audit report arrives.
  3. Decision-making: Clear governance prevents barriers. Establish a clear decision-making strategy and owners up front.
  4. Focus: Dedicate resources to this effort to avoid the trade-off between remediation and “business as usual.”

If the program management status quo of your organization is not equipped to deal with the speed and magnitude associated with regulatory compliance issues, then you need to execute an RMO. Through preparation and speed to mobilization; appropriate triaging and roadmapping of issues and solutions based on priority and impact; and effective governance through execution and validation of remediating actions, an RMO helps you right-size your remediation effort and achieve sustainable compliance.

 

Sydney Rickelman is a management consultant with Point B, an integrated management consulting, venture investment and real estate development firm.

Rickelman leads transformational projects, including large-scale technology implementations, program enhancements and redesign and implementing risk and compliance solutions.


Previous Post

Optiv Security Solution Helps Organizations Rationalize and Optimize Cybersecurity

Next Post

Smarsh and Actiance Complete Merger, Combine Under the Smarsh Brand

Steve Hall

Steve Hall

Steve Hall is a management consultant with Point B, an integrated management consulting, venture investment and real estate development firm. Hall leads the firm’s regulatory compliance effort, with expertise as an operational and business leader in state and federally regulated compliance programs in the financial services and health care industries. He has built compliance programs that have partnered with the business to improve business processes and mitigate regulatory risk while increasing operational effectiveness.

Related Posts

encompass update

Encompass Launches pKYC Maturity Model

by Corporate Compliance Insights
March 22, 2023

KYC automation platform Encompass has unveiled a new perpetual Know Your Customer (pKYC) maturity model designed to help banks improve...

consilio onna partnership

Consilio, Onna Seek to Streamline eDiscovery for Cloud Apps

by Corporate Compliance Insights
March 22, 2023

Legal technology provider Consilio has launched a new platform, Sightline Collect, powered by data management supplier Onna. The platform is...

corlytics solidatus partnership

Corlytics, Solidatus Join Forces

by Corporate Compliance Insights
March 22, 2023

Data management provider Solidatus and regulatory risk intelligence supplier Corlytics recently announced a partnership that is expected to give both...

castle pixel art

Building a Defense-in-Depth Culture to Combat Phishing

by Perry Carpenter
March 22, 2023

Phishing attempts are only growing more sophisticated by the day, and effective cybersecurity means defending all the vectors of attack,...

Next Post
person reading email on tablet

Smarsh and Actiance Complete Merger, Combine Under the Smarsh Brand

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT