As the old saying goes, you can only guarantee two things in life: death and taxes. But there may be another addition to the list. Because regulatory compliance is also a fact of company life that will never disappear.
And guess what?
Internal controls teams are increasingly playing a quarterback role in helping the organizations they work for meet regulatory obligations. In this VOQUZ Labs report, we delve into the future of internal controls - automation - and tangibly demonstrate how automated internal control systems directly assist in complying with specific laws and regulations.
We will cover the following:
But before we do that, let's briefly remind ourselves about internal controls automation.
Internal controls automation embraces the latest technology (increasingly AI) to automate processes that ensure compliance, save money, and prevent fraud. In this VOQUZ Labs video, you can learn more about the benefits and a summary of how it works.
But to put simply, with automated internal controls, real-time audit checks of critical transactions produce red flags that employees can action immediately - rather than months (if not years) later when more serious damage has occurred.
What's necessary to understand for this article focusing on compliance is the following:
When used by internal controls and auditing teams, the technology significantly assists a company in meeting its regulatory obligations.
But enough of the theory. Let's move on to the tangible examples of automated internal controls aiding regulatory compliance.
Organizations are increasingly exposed to compliance requirements. Adopting innovative ways to assess and manage risk and enhance performance is critical. That’s where data analytics and continuous monitoring are helping to simplify and improve the internal control system, increase operational efficiencies, reduce costs, and detect fraud and errors earlier. Internal controls become a way for organizations to create value.
The US government passed SOX in response to corporate accounting scandals (such as Enron's) that undermined investor confidence in financial markets. SOX mandates that companies affirm the strength of their internal controls, ensuring they are sufficiently robust to guarantee the reliability of financial statements.
In the interest of brevity, this article can't discuss similar laws (there are many) in the EU and other jurisdictions - each company is subject to a unique blend of regulatory obligations depending on where they operate.
But the fundamental point is this: Automated internal controls systems, such as remQ operating as a SAP add-on, offer the following benefits to companies managing compliance with SOX laws and similar regulations in countries worldwide:
In 2023, multinational firms, including global behemoths such as Microsoft, British American Tobacco (BAT), and Deutsche Bank, have been slapped with multi-million dollar penalties for sanctions violations.
And remember this: If your business trades in US dollars and other popular international currencies (that will be almost all of your reading), then you must ensure you comply with the following global sanctions lists:
But how can automated internal controls processes contribute to complying with global sanctions regulations?
Here is how: Technology has advanced so much that it's now possible to integrate real-time sanctions screening into automated internal controls processes with a company's ERP system (such as SAP).
And why is this so important when meeting sanctions compliance obligations? The following is an illustrative example:
In 2023, Wise, a UK-based foreign exchange financial technology company, received a penalty from UK regulators because it allowed a customer appearing on a UK sanctions list to withdraw £250 ($316) in cash. This withdrawal occurred the day after the Designated Person (Wise's customer) was placed on the list.
The bottom line is this: In the world of sanctions compliance, one day too late can mean tremendous financial penalties and reputational damage. Internal controls teams that embrace real-time sanctions screening of business partners within their ERP system can play a pivotal role in mitigating the risks.
Recommended reading from the blog - Integrating Sanctions Screening in SAP: Here Are Immediate Benefits You Should Know
Our White Paper explains how using robust controls and automation, organizations can better manage fraud risks, comply with regulations, improve operational efficiency, and save substantial costs.
The next way that automated internal control systems can assist with regulatory obligations regards the identification of politically exposed persons (PEPs).
The closest official definition of a PEP comes from the Financial Action Task Force (FATF), the global watchdog against money laundering and terrorist financing. According to the FATF, a PEP is "an individual who is or has been entrusted with a prominent public function."
But let's unscramble what that really means: PEPs have access to taxpayers' funds, and the risk of them stealing money for personal gain is a widespread issue globally.
For this reason, laws and regulations exist worldwide requiring financial institutions to perform PEP identification checks as part of the Know Your Customer (KYC) process.
But how do automated internal control systems help?
As with sanctions screening (and the same benefits), the PEP screening of individuals in critical transactions can also occur in real-time within automated internal controls systems.
Note: Although non-financial businesses are generally not required to perform PEP checks, many do so because PEPs are high-risk money launderers. Thus, PEP screening also supports anti-money laundering (AML) compliance.
A recent blog post on the VOQUZ Labs' blog revealed that internal controls automation is a game changer for ESG compliance management - we encourage you to check it out.
And according to a 2023 report from Deloitte, the time is now for large companies to scale their internal controls environment for environmental, social, and governance (ESG) compliance.
The blog post mentioned above post dives into the specifics, but in a nutshell, automated internal controls systems, such as remQ by VOQUZ Labs, greatly assist ESG regulatory compliance. Its role will skyrocket in the coming years, with a growing number of ESG regulations set to be passed as law in jurisdictions worldwide.
Here are the benefits of embracing the technology for businesses complying with ESG legal obligations, such as the EU's Corporate Sustainability Reporting Directive (CSRD) and the Sustainable Finance Disclosure Regulation (SFDR):
Does your business use SAP ERP or S/4HANA? Embrace internal controls automation to give your organization all the tools it needs to meet regulatory compliance obligations regarding SOX (and similar), sanctions, PEP, ESG, and more.
VOQUZ Labs remQ Business Inspector software operates as a SAP add-on with a library of 100+ pre-built shipped controls ready to run. We would be delighted to answer any questions you have - contact us.
Watch our remQ introductory video here.
Paul is a RegTech content writer & strategist with extensive experience in digital marketing and journalism. His work has appeared in the Guardian newspaper. He also holds a degree in International Relations, where he studied global sanctions compliance and cross-border finance.
Do you have any questions or something to add? Just leave us a message, please! Your message will be delivered by e-mail to us and will not be published.