Sponsored by ?

This article was paid for by a contributing third party.More Information.

The regulatory automation ecosystem: Reinventing monitoring and testing programmes

Sponsored Q&A: KPMG


KPMG’s Todd Semanco discusses how the leveraging of regulatory technology, digital labour and data analytics is transforming compliance programmes, and why cognitive automation is seen as the future of regulatory infrastructure.

In today’s environment, risk and compliance leaders are increasingly challenged to take on more responsibility though funding levels often do not keep pace. This is prompting many to pursue sustainable means of becoming more efficient while improving quality and broadening capabilities. Two areas rife with opportunity for redesign are monitoring and testing, and leaders are considering how digital labour and automation can transform the function in a variety of ways: broader, deeper and more frequent coverage; enhanced synergy across multiple assurance functions; a more dynamic and robust risk assessment process; and more meaningful and streamlined reporting, including data visualisation.

What should organisations consider when transforming a monitoring and testing programme?

Todd Semanco: In order to maximise the value in such a transformation, it is essential at the outset to confirm an enterprise view of all the various testing activities across the organisation. Not only will this be critical in identifying gaps and redundancies in coverage, but is also required to evaluate and determine an optimal target-state model – whether it be a centralised monitoring and testing function or a decentralised function operating under a common mandate and set of standards. Test scripts and procedures should be analysed to confirm appropriate alignment to regulatory obligations and policies, and such analysis should include the availability and integrity of testing data, as well as documentation of the products, activities and systems covered by the respective testing and monitoring plans. Considering these elements, leaders can develop tangible, prioritised automation road maps focused on addressing gaps and/or shifting execution from human capital to digital labour. 

The foundation of monitoring and testing programmes is a robust compliance risk assessment. What are the recent trends in this area?

Todd Semanco: Risk assessment continues to represent an area of heightened attention for many. Among the top focus areas are the breadth and frequency of risk assessments, key variables and drivers considered during the risk assessment process, the qualitative and quantitative mechanics, and, of course, the alignment of risk assessment results to testing and monitoring efforts. Risk assessment is a dynamic exercise in which numerous inputs such as testing results, complaints, hotline calls, investigations, etc, are considered ‘real time’, and testing and monitoring plans are either confirmed or adjusted accordingly. The reality is, given the volume and pace of change of this data, many organisations struggle to surface and apply insights at an appropriate rate. For many, it is becoming clear that enhanced automation, leveraging integrated regulatory technology and digital labour, is a ‘must-have’ to sustainably assess risk in a timely manner. 

What role is technology playing in monitoring and testing programmes?


Todd Semanco, partner, advisory, at KPMG

Todd Semanco: Regtech – broader than fintech and not limited to a specific technology – and digital labour are being leveraged to transform programmes end-to-end. From the way organisations monitor and manage global changes, to regulatory obligations and how testing is performed, analysed and reported, all components of managing the function are under review. The demands, from internal and external stakeholders alike, to demonstrate adequate coverage and provide precise impact and root-cause analysis are very high. To meet these demands, leaders are increasingly turning to technology to collect, consolidate and map key data elements together – for example, obligations, policies, risks, controls, process detail – at a granular level. This capability supports not only dynamic regulatory change management activities, but also the oversight of business process and technology changes. Further, by consolidating and integrating monitoring and testing scripts within this technology, forming rules engines, outcomes and impacts may be more immediately assessed and remediated while data is accumulated to support predictive analytics. 

With the speed of technology advancement, how are organisations leveraging digital labour?

Todd Semanco: We’re seeing all levels of organisations – from the business to risk, compliance and internal audit partners – intensifying their efforts to further cognitive automation, integrate digital labour and establish an enterprise-wide automation infrastructure. Efforts are typically phased along a continuum – from basic process automation of repeated high-volume transactions to enhanced robotic process automation reliant upon both structured and unstructured data sources, through to cognitive automation. In the monitoring and testing space, digital labour is driving a shift from sample-based testing to the testing of full populations, and resultant outcomes are increasingly available for use in analytics, predictive forecasting and enhanced monitoring and surveillance. Leading organisations are viewing this as an investment opportunity to revamp monitoring and testing capabilities in a sustainable way while operationalising compliance – often while yielding a compelling return on investment and competitive advantage.

Some or all of the services described herein may not be permissible for KPMG audit clients and their affiliates.The information contained herein is of a general nature and is not intended to address the circumstances of any particular entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. © 2017 KPMG LLP, a Delaware limited liability partnership and the US member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. The KPMG name and logo are registered trademarks of KPMG International.

Read/download the article in PDF format

You need to sign in to use this feature. If you don’t have a Risk.net account, please register for a trial.

Sign in
You are currently on corporate access.

To use this feature you will need an individual account. If you have one already please sign in.

Sign in.

Alternatively you can request an individual account here