Need to find a compliance software solution for your organization? You’ve identified the need for a tool to help you achieve more with the resources you have, but now need to find the right tool. There are many roads you can take; from peer recommendation to attending conferences, or doing a basic Google search. Most software searches involve all of these aspects, but the results can be overwhelming if you’re not familiar with the market. Putting out a request for proposal (RFP) can be a very effective way of filtering out the noise.
Over the past decade, the rapidly evolving regulatory landscape has precipitated the maturity of compliance technology and vendors are quickly adapting to ride the wave of compliance software evolution. All great news for compliance professionals, to whom technology has offered solutions to the challenges that they face.
Why Submit an RFP?
Putting out requests for proposals is one way of cutting through the growing compliance technology market and getting the information you need before engaging with vendors. It could take multiple demos, proofs of concept, presentations, and discussions before you can narrow down your list of choices. Requests for proposals are a means to allow the vendors to come to you, giving you room to compare and make your initial selections before taking part in active conversations.
A word of advice: proceed with caution and attention to detail. You’ll need to tailor your request for proposal to attract the right vendors. Remember processing proposals means that you’re judging a vendor based on how well they’ve interpreted your RFP. This does not give vendors the opportunity to inquire more into your unique needs as a business so it’s essential that you provide plenty of details upfront and astutely capture the requirements to the tool you’re looking for.
With that said, creating a request for proposal can be challenging in itself. Let’s address some of the considerations that you should make when creating a request for proposal for compliance technology.
Start by Defining Your Needs and Goals
When it comes to compliance platforms, as is the case with compliance programs, there is no one-size-fits-all product. However, finding the perfect solution requires taking a deeper look at the problems you are looking to solve in the first place. An effective way to start that journey is by identifying what you’re trying to solve: what do you need your compliance tool to do? This will help you clearly formulate your request for proposal and, once proposals start trickling in, identify the vendors that can best serve your purpose.
Security Should Always Come First
When it comes to compliance management systems, data and platform security should be a top concern. Your compliance platform will host massive amounts of data on your company’s employees and third parties. Even more crucial is your case management and whistleblowing system which will house very sensitive data. If you are not sure what you should be looking for in terms of platform security, loop in your IT department to clearly and astutely formulate security requirements. Your IT department will likely be approving your compliance technology vendor further down the line anyway, so might as well loop them in early in the process to ensure f security requirements are thought of well in advance.
If you are handling data in the European Union (EU), which most global companies do, your provider must also be General Data Protection Regulation (GDPR) compliant. Most EU-located vendors, and US companies with data centers in the EU, will most likely need to be GDPR compliant, giving you the much-needed assurance of controlled data privacy risks. Make sure to also make sure that your provider, even when compliant with data regulations, is not using personal data for its own purposes, such as testing or analytics.
Consider Tools That Lower Regulatory Burden
As pointed out by the Thomson Reuters Regulatory Intelligence 2020 Cost of Compliance survey report, the top concern of compliance professionals is keeping up with regulatory change and the increasing regulatory burden. In fact, the same source indicated that 56,624 regulatory alerts from more than 1,000 regulatory bodies were captured in 2019. That’s an average of 217 regulatory updates a day impacting compliance professionals. Regulatory changes are not likely to slow down and compliance teams are tasked with the never-ending project of staying up to speed on how these changes impact their operations.
With that in mind, you can add-in requirements for flexible platform functionalities that will allow you to adjust your compliance processes. Flexibility on an on-going basis will allow you to make changes without having to go back to the drawing board or completely reconfigure your platform. A flourishing market of low-code and no-code platforms enables users to easily make changes to their workflows as they go, empowering them with a seamless way of quickly adjusting to inevitable regulatory change.
Be Mindful of Data Analytics
No compliance department can claim to manage an effective program if it’s unable to measure its impact. That was also stressed by the latest Department of Justice (DOJ) iteration of their guide to effective compliance programs. That is the future of compliance. Compliance teams need to have more access to data and be endowed with adequate tools to measure that data, evaluate the performance of the established compliance controls, discern patterns, and identify early risk indicators.
Zooming in on vendors’ analytics capabilities will allow you to know how well you will be able to measure the effectiveness of your policies and procedures. You can evaluate how well controls protect your business from violations, how quickly you can deal with misconduct when it strikes, and how much risk you will be able to mitigate. If you lack effective monitoring and analytics, you will miss the critical part that will transform your program from process-oriented to impact-oriented.
Remember, Efficiency is the Ultimate Goal
While there are many aspects of vendor selection to get caught up in, remember that improving efficiency is the main goal. Ensure that your request for proposal makes that point clearly so that vendors can demonstrate how their product can support that goal. Reverting to the point of rapid regulatory change made earlier on, it is essential that, no matter which compliance platform you choose to go with, flexibility is built-in by design. Rigid and static compliance platforms will not cut it in a fluid regulatory environment where changes and continuous tweaks to your process are bound to occur.
From a functional perspective, what you would want is a configurable and scalable platform that will allow you to benefit from the functionalities you need today and add the features you’ll require in the future. The other advantage flexible solutions offer is the ability to accommodate workflows to your internal process, without having to shoehorn your process into the system.
Standard vs Bespoke Solutions
Specifying the type of solutions you’re looking for will very much depend on identifying your needs. Would you like to cover baseline regulatory requirements as quickly as possible because you have identified a gap in your compliance program? Do you have a centralized compliance department and a locally operated business? Or do your operations span globally with a complex web of managers, compliance teams, and hierarchical approval processes?
These questions shed the light on how complex and bespoke your solution will need to be in order to drive impact. Many vendors offer standard, out-of-the-box solutions, which, in many cases provide you with a best practice framework and offer a good starting point to your journey but might not allow for all the customizations you need. Knowing which option will be the best for your company will heavily rely on the goals you’re trying to achieve and the problems you’d like to solve. Focus on finding the answers to these and you’ll quickly understand which option you can rule out.
Don’t Forget About Documentation Capabilities
Documentation is one of the building blocks of a compliance program, yet may at times become more of an afterthought in favor of other functionalities. Nonetheless, documenting compliance activity is crucial to justify your approach and is, at the very least, a requirement by most compliance regulations. If you want to make sure that documenting compliance activities doesn’t fall through the cracks, select a platform that will do it for you automatically. Several providers offer the ability to log activities, dates, and action owners, leaving you with a clear and accessible audit log for later reference.
Professional Services Can be Game-Changing
Be mindful of professional services that will prove valuable after signing with your vendor. Identifying your needs and goals will help you compare vendors, but considering the level and type of professional services involved will guarantee that you meet the identified goals within a determined timeline. Hitting deadlines is important. Inquire into vendors’ professional services package to understand the support that will be offered to you and your team during implementation and after launching your new program. The last thing you need is a dragged out implementation process that might cost you a regulatory deadline and leave you more confused about how well your new program lives up to the standard. Make sure your RFP inquires into the vendor’s professional services package and its implementation methodology.
Tech providers should also arm you with the option to scale your solution in the future and save the implementation of the more complex functionalities to a later stage. Choosing a vendor also means partnering and collaborating with a new team on your journey toward perfecting your compliance program. The same can be said about the vendor’s product management. The product you’re buying today will be different from the product you’ll be using in a year. Inquire into the product roadmap to learn what the vision and strategy are—that might even tip the scale between the vendors you are considering.
Your RFP Considerations
The points above capture some of the areas your request for proposal should capture, but there might be other specificities you believe crucial to include. The more the better, remember, RFPs are a means for you to bring information on vendors to you and not spend time looking for it yourself, so the more specific and detailed you get the more you’ll be able to filter out the noise and zoom in on the platform providers closest to the solution most suitable to your organization.