In a Nutshell: Noncompliance with government and internal regulation is a costly and risky proposition for any business, but manual compliance management is costly in terms of time and employee effort. That’s why Mitratech offers versatile, targeted compliance solutions that feature automation, ease of use, and integration into existing systems. Mitratech’s PolicyHub platform transmits only the policy and procedure updates and documents relevant to individual employees, and it tracks each employee’s receipt and comprehension of these materials. Through targeted intervention and automated policy management, Mitratech helps businesses keep up with the volatile world of regulation and internal policy compliance without sacrificing operational efficiency.
In 2011, the Ponemon Institute published a report titled The True Cost of Compliance. Forty-six organizations participated as benchmarks for the study, which found the average cost of noncompliance was as much as three times higher than the cost of maintaining compliance.
In other words, reducing the gap between compliance and noncompliance means a substantial reduction in both spending and time loss. The report notes that compliance also improves a business’s security efficiency and posture.
Financial businesses in the US, Europe, and the rest of the world look to Mitratech and its PolicyHub solution to streamline and automate policy distribution and compliance management from end to end. The software solves operational and compliance-related issues, while improving corporate responsibility and implementing defensible compliance programs.
“We probably have clients in any regulated industry you can think of — healthcare, mining, oil and gas explorations, pharmaceuticals, transportation,” said Mark Delgado, General Manager at Mitratech EMEA and APAC. “We work with a lot of businesses in the financial services sector, specifically. We have a high level of expertise and understanding of what their pain points are and why they’re engaged with our software.”
Often, that engagement stems from the need to adjust to constantly shifting regulations, but Mitratech goes beyond external compliance.
“It’s not just regulatory compliance that our clients have to deal with,” said Delgado. “It’s also their own internal compliance programs. Any industry where there’s a high initiative or high level of activity – that is where we can potentially offer a solution.”
Those solutions hold two major value propositions for Mitratech clients: “They help in both the proactive approach to compliance,” said Delgado, “and on the operational side, actually implementing systems that physically ensure compliance.”
The Pitfalls of Manual Compliance Management
The manual distribution of policy updates, and the verification of their receipt and comprehension by employees, is a time-consuming task. The job is made even more difficult with the tremendous number of regulatory updates that take place every day.
“However hard you try, these updates always have impacts operationally,” Delgado said. “So the onus on that additional governance — which you’re having to put in place because everything is manual — falls directly either on the operational teams or on the operational team leads.”
So, in addition to their regular duties, these employees are also tasked with attending to day-to-day policy enforcement and monitoring. “That just distracts and deflects their attention from what they should be doing,” said Delgado, “which is serving the business they work for and the clients of that business.”
The problems with manual compliance management can extend to lower organizational levels as well, consuming time for even more of a company’s workforce.
“What people traditionally do with policies and procedures is either chuck them on an intranet or a Shareboard somewhere, or worse, just blanket email the company with this stuff,” Delgado said. “You get inundated with information and don’t really know what version you’re looking at or what applies to you and what doesn’t apply to you.”
Mitratech developed PolicyHub to alleviate many of these issues. According to the product brochure, PolicyHub is able to reduce noncompliance incidents by up to 20% with time savings of up to 25%.
“Generally speaking, the more you can automate, the more you can then centralize in terms of governance,” Delgado said, “and therefore free up the operational part of business to get on with their jobs.”
Mitratech’s PolicyHub Offers Ease of Use and Adaptability
Mitratech is able to accommodate a wide range of clients thanks to the versatility of its offerings. Still, financial service firms make up a majority of the company’s clientele thanks to Mitratech’s understanding of the intricacies the sector requires.
“Our protocols are very generic,” Delgado said. “Although we have functionality that is very much geared toward financial services, we’re not built around a specific piece of regulation or a specific compliance initiative. We’re generic enough to be used and adapted to whatever the regulatory impulse or influence is in a particular area, on a particular business.”
According to Delgado, one of PolicyHub’s selling points is its user-friendliness.
“It’s designed to be used by absolutely everybody in the business, because everybody in the business — literally every employee — will be asked to look at some kind of policies and procedures,” he said. “As a result, the interface is designed to be simple and direct. It requires no end user training as far as policy recipients are concerned.”
Another selling point is the software’s smooth integration into existing systems.
“We make it look like it’s an internal system,” Delgado said. PolicyHub can be white-labeled and rebranded to suit any company’s aesthetic. “If it’s working in ABC Bank, it will look like it’s part of ABC,” said Delgado. “It will have ABC branding on it. Usually, it will have their colors and logos and everything else. Employees see it as part of the internal infrastructure. They don’t even know they’re using third-party software.”
This integration and branding helps to reinforce the internal importance of policy and procedures documents to the employees who must understand and abide by them.
A Versatile Approach to Compliance to Suit a Range of Business Needs
PolicyHub provides employees with browser-based access to the latest policy documentation. It also integrates with a company’s human resources directory, allowing employees to access a personalized library of policies and procedures specific to their department and role.
“The real cornerstone of what PolicyHub does is targeted delivery of these policies and procedures,” Delgado said. “You know that whatever you’re being asked to look at is directly relevant.”
Having access to policy information is — from a corporate standpoint — only half of the battle; employees must read and understand these documents. And, as you might expect, PolicyHub addresses that issue as well.
“Employees affirm through the software that they’ve looked at the policy, they’ve understood it, and they will adhere to it,” Delgado said. “And, then, when you’ve really got a crucial policy, maybe that relates to something regulatory, we have a testing element that allows employees to prove their understanding of the policy’s key points.”
This functionality provides evidence of internal compliance measures, which is good news in the case of an audit, a breach, or if a regulator is proactively examining the business.
“You’ve done everything that you can, as a business, to ensure that every employee knows what they should be doing in terms of this piece of compliance,” Delgado said. “You can prove that you’ve made best endeavors to make sure everybody has that information and has read and understood it.”
Although the solution is broadly applicable, Mitratech recognizes that all businesses are unique and face individual, complex problems. “It doesn’t matter how similar two organizations look; there’s always some subtleties that are monumentally important for understanding what they really want to get from the platform and how they can best utilize it,” said Delgado.
Mitratech’s engagement with a company begins an in-depth business analysis. This can be a formal, deep-dive analysis or workshop with department heads, compliance heads, or with teams themselves. Through these strategies, Mitratech helps organizations identify their compliance priorities and ensures that concrete goals and obstacles are well understood by everyone involved.
“We will then pick a phase approach to implementing something like a policy management system,” Delgado said. The first phase always focuses on the policy or policies that are most pressing. “Recently, that’s been the General Data Protection Regulation (GDPR) for a lot of our clients.”
Once the core policies are identified and pushed out to the organization, the larger pool of policies and procedures are addressed in subsequent phases.
“We don’t normally get involved with that,” said Delgado, “because once we’ve delivered our initial workshops and given our ideas about best practices and how to use our platform, clients are pretty self-sufficient, and they’ll do the rollouts themselves.”
Meeting Needs in an Uncertain Regulatory Environment
Client needs guide Mitratech’s practice as well as its plans for future offerings.
“We constantly work with our customers on trying to keep up with where they want us to go because we’re led very much by them and where they want to see additions to our platform,” Delgado said. “But really the hot topic at the moment for us and our customers is business intelligence and reporting.”
As a result, Mitratech has concentrated its efforts on extending its platform’s capabilities. “What people want to do more and more is to get the most out of any metrics that we’re collecting within our systems,” said Delgado, “and then integrating it with other metrics they’re collecting from operational systems or compliance systems inside their organization.”
As policies continue to develop and evolve, effective compliance remains a time- and money-saving priority. And from analysis to implementation, Mitratech continues to help clients achieve compliance in an ever-changing regulatory landscape.