Shankar Bhaskaran, Managing Director- India, MetricStream
Shankar Bhaskaran, Managing Director- India, MetricStream

Stay on Top of Regulatory Changes with GRC Technology
By; Shankar Bhaskaran, Managing Director- India, MetricStream

India has the fastest-growing economy in the world. The resilience in private consumption and investment and robust growth in India’s services sector are opening huge business opportunities. Foreign Institutional Investors (FIIs) are playing a pivotal role in driving growth with investments in infrastructure, clean energy, retail and services sectors. However, the country’s complex and evolving regulatory landscape can be challenging for companies aspiring to make the best of India’s lucrative business environment.

There are 69,233 compliances and 1,536 Acts in India’s regulatory environment. As per a media report government and quasi-government bodies in India penalized 250 companies for non-compliance in 2022. According to a recent study titled “Jailed for Doing Business,” 37% of the compliance requirements include provisions for prison sentences of up to 10 years for violations. Many of them have breaches of procedural rules or tactical errors. The cost of non-compliance is becoming more expensive than investments in technology. The recent Data Protection Bill states that the penalty for non-compliance is over 60 million dollars. The pace of change and the intense pressure associated with potential fines challenge highly regulated industries like healthcare, banking, energy, and financial services. 

India’s regulatory landscape is also evolving rapidly. State and central governments and other regulatory bodies publish notices, circulars, and gazettes almost daily. For example, SEBI, the market regulator, decided on 29th March 2023 to establish regulations governing ESG disclosures by publicly traded companies, ESG ratings in the securities market, and ESG investing by mutual funds. New regulations lead to changes in compliance demands because of various requirements, such as new data, processes, and reporting structures. Firms and organizations must keep current with the legal requirements for doing business and the laws and regulations that their state and federal governments have established. Keeping pace, however, is easier said than done. 

Most Indian firms still follow traditional manual procedures for risk reporting. Ad-hoc, manual, paper-based and people-dependent processes are prone to errors and failure.  Staying on top of all the compliance obligations will require much more than what the traditional methods offer.

Technology can play a crucial role in transforming compliance by building dependable programs that deliver organizational compliance resilience. Advanced governance, risk, and compliance (GRC) solutions can help organizations weather rapid regulatory changes and respond to them without compromising the business’s compliance function or integrity. In addition, with technology, organization can rationalize and harmonize controls by implementing a common risk and control taxonomy thereby simplifying compliance while reducing the cost of compliance.

Here’s how organizations can use the technology to stay on top of regulatory changes: 

Scan the regulatory horizon

Advanced GRC software solutions come with tools to automatically scan the regulatory environment, such as government and regulatory bodies, enforcement agencies and supervisory authorities, for updates and capture and relay them to relevant personnel in a streamlined and automated manner. The technology makes consolidating compliance data from different business units and geographies easier while helping compare trends across different assessment periods. This allows the compliance team to save time and effort, which they can now utilize to analyze the regulatory alert and assess its impact. Organizations depending on manual processes usually end up with a growing backlog of regulatory alerts requiring further analysis, increasing the probability of human error and compliance violations. 

Set a centralized repository where everything stays connected

Experts say the compliance scenario in India has advanced to a point where everything is interconnected. A failure somewhere will reflect in many records. Here GRC technology will help connect risks across the governance, risk, and compliance landscape. A connected GRC software can establish a centralized repository that maps regulatory requirements to organizational risks, controls, processes, and policies. The software identifies functions and/or policies that are impacted due to a regulatory update, thus allowing for a more adaptable, agile, and resilient compliance approach. A centralized issue management enables organizations to have a bird eye view of top issues stemming out of risk and control assessments and take appropriate measures to remediate them.

Meet regulatory obligations

Given regulatory requirements’ sheer volume and complexity, manual processes won’t work. Organizations need effective obligation management support for identifying, extracting, and meeting compliance obligations from regulations, contracts, and policies. By leveraging automation, organizations can quickly and easily identify and extract relevant regulatory obligations at scale, including tagging, classifying, and surfacing them for a faster, easier, and more accurate review.

Integrate, prioritize, and embrace risk confidently

Organizations must continuously assess and mitigate compliance risks on time to improve compliance posture. Continuous assessment requires identifying relevant central, state, and local regulations and determining if internal controls and policies comply with the specified regulatory requirements. Continuous Control Monitoring (CCM) capabilities in a GRC solution allow automating control testing across cloud environments, initiating remedial actions, and mapping cloud security controls with internal protocols and compliance standards.

GRC software solutions can also help streamline the process with well-defined workflows around creating surveys, reviewing, approving, distributing them, and collaborating with various business units and teams to gather and update responses. Organizations can use the software to manage compliance risk proactively and to effectively prioritize risk mitigation efforts, ensuring optimum allocation of resources. Since the software maps risk and compliance to controls, processes, business units, and strategic objectives, business leaders and decision-makers can use these tools to gain an integrated and real-time view of risk and compliance postures. This will help them make informed decisions improving business resilience in the long run. With the GRC software it is easy to create, review and communicate policies and ensure faster and better adoption and implement a positive compliance culture across the company.

Today, India’s risk and compliance landscape may be getting more complex than ever. With watchdogs introducing new policies and modifying existing ones, regulatory guardrails will only strengthen. Experts agree that the non-compliance fines will keep rising while the problem becomes more profound and complicated. All businesses must adopt new technology and raise their game regarding compliance. Automation will be critical in this regard. To ensure business continuity in such a scenario, business organizations should align with the global best practices in compliance, leveraging technology to stay ahead of regulatory changes.