Recommendations to Compliance leaders and professionals practicing Product Regulatory Compliance

Embrace a SaaS solution and reap the benefits of digitization & cloud

By Cyril Mecwan and Anoop Tewari

December 09, 2021 | Series 1 / No. 14

The Product Regulatory Compliance is an underserved market when it comes to productivity improvement and automation solutions. 

Globalization and advancing technologies have enabled the expansion of businesses, resulting in the launch of plethora of new products. In turn, the testing, inspection, and certification required for the new products launch have resulted in the emergence of the Product Regulatory Compliance as a critically important business process.

This function at large has skipped the first wave of technology revolution. While we are already in the middle of the second wave (termed as the digital age), it is important for the leaders and managers to capitalize on this opportunity to modernize this critical function and turn it into a competitive advantage for the businesses.

Business imperative:

In the above table, Gartner estimates that the overall, global IT spend in 2022 will be $4.4 trillion. Notice that the “Enterprise Software” category leads the projection of IT spend (13.2% and 11.7% respectively for 2021 and 2022)! In 2022, enterprises are poised to spend a whopping $669 billion in further automating the business processes! Having missed the first wave of the technology revolution, for a Compliance leader, it is relatively easy to justify a spend for an Enterprise Software to streamline the  compliance processes, manage the compliance projects and records, and to subscribe to compliance intelligence!

According to Gartner, “Boards and CEOs are much more willing to invest in technology that has a clear tie to business outcomes, and less so for everything else”.1

CEOs and the executive teams (C-Suite) are looking for continued differentiation of their businesses in order to gain and maintain the competitive advantage. The C-Suite is already aligned with the opportunity to capitalize on the wave of digitization and cloud based software as means to achieve paperless transactions, enhance productivity, improve time-to-market and further reduce costs.

With an appropriate investment in the Enterprise Software, the leaders, managers, and professionals practicing Product Regulatory Compliance can bring huge productivity gains through the attainment of the benefits of digitization, organization, automation, intelligence and collaboration. While social responsibility and environment are the most pressing cocern for the world, governments and businesses, the Compliance leaders can turn the Product Regulatory Compliance from ‘necessary evil’ into ‘competitive advantage’ by using Enterprise Software.

Following is the executive summary of strategic business outcomes attained through the use of the software, and a basis for budget allocation:

  1. Upfront incorporating the regulatory requirements and compliance intelligence into the R&D and engineering of new product development and giving a clear message that the Compliance teams are helping build socially responsible, eco-friendly, safe and high quality products, while obtaining regulatory apporvals in shorter time, thus improving time-to-market and time-to-revenue.
  2. Bringing the compliance processes to mainstream by integrating with important business processes, improving collaboration and transactions from anywhere in the world, thus enabling uninterrupted continuity and improving time-to-market and time-to-revenue.
  3. Weaving the compliance processes and documents as part of the operations such that the compliance status, reports and records are instantly (& securely) available to the key stakeholders, allowing them to sell and ship the products in timely manner and without interruption!
  4. Identifying and managing the compliance related risks for companies’ products, thus averting or reducing legal risks because the Compliance function is always audit-ready and is managing the known risks.

Based on the above explanation, it is relatively easy for the Compliance leaders to demonstrate a clean business case and justification for the budget allocation.

Today’s business climate:

Facilitated by the globalization and advancing technologies, today, even a startup company aspires to sell its products into multiple markets. This brings up a need to understand and fulfill the disparate compliance requirements for different markets and technologies, bringing at the forefront the need for the compliance knowledge base.

The pandemic has forced and popularized the hybrid and remote work, bringing a sharp focus on teams’ ability to tactically collaborate beyond holding the online meetings. While working globally from different geographies, businesses are looking for uninterrupted continuity and quick processing of the business processes and documents throughout its value chain. The use of a cloud based software brings the benefits of digitization and collaboration.

Technology imperative:

The cloud based, Software-as-a-Service (SaaS) model offers superior technology based on simple design and industry-wide best practices. The SaaS provider supports and interacts with many customers, and therefore offers capabilities based on the implementation of the best practices. Correspondingly, the use of a SaaS product offers higher value while brining further standardization.

The upfront configuration and administrative capabilities allow the software product to be tailored and implemented to a company’s business processes, while bringing the standardization across the value chain. The administrative rights remain with the business (Compliance team), therefore, the business does not have to rely on the internal IT for any administrative tasks such as, but not limited to, managing the users and privileges.

The privilege management allows the Compliance teams to provide role based access to different users. Some users can upload and edit a document, whereas some users can merely view a document; some users can create a Smart DoC, but must obtain approvals and signatures from the respective responsible persons; a Compliance team member may initiate a compliance project and assign the deliverables to different owners, where the Compliance team and other key members can see all the deliverables and tasks identified in a project, however the owners of the deliverables may be restricted to see only their areas of ownership, and so forth. Further, the user access can be restricted by different parameters, such as, but not limited to, by products, record types, markets, disciplines, etc. Additionally, teams or user groups could be formed specific to a project or product or discipline (e.g. EMC vs. Product Safety, etc.), facilitating a close collaboration and sharing.

The new technology offers collaborative capabilities allowing different stakeholders to participate in a compliance project – from initiating, assigning tasks to different persons (insider or outside the company), providing support documents, reviewing the draft deliverables uploaded by the test labs and approving the final documents, viewing the status of the ongoing activities, and completion of the actual project, etc.

Event based management offers alerts, updates and notifications so that the users are prompted to review and take actions on the key events relevant to their specific roles.

Knowledge base:

Providing compliance knowledge and intelligence is one of the important and core competencies of the SaaS provider in the regulatory space.

The world of regulatory requirements is dynamic in nature due to the following, but not limited to, reasons:

  1. Harmonization of standards globally through the consolidation and/or replacement of regional and local standards
  2. New requirements and standards to keep pace with the advancing technologies
  3. Newer countries mandating the country-specific requirements
  4. Geo-political changes thrusting new and additional requirements (such as Brexit event)

The use of a vertical Enterprise Software product (catering to the space of Product Regulatory Compliance) can bring the regulatory intelligence to the Compliance teams for different markets and disciplines so that they do not have to put in an exorbitant efforts to keep pace with the changing requirements. This allows the Compliance teams to focus on testing and obtaining the approval for the new products and recertifications of the existing products.

Security:

Cybersecurity is a big concern in today’s interconnected world. Securing the SaaS application is ultimately the application provider’s (publisher) responsibility. The SaaS provider leverages the public cloud providers and their security toolset to secure the core infrastructure.

However, designing security within the application is still publisher’s responsibility. A well-designed system will resist and thwart external perpetrator and also provide data security and access control for internal organizational security.

This still leaves the burden of securing the login access with the user. However, the use of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) capabilities take the anxiety away from securing the authentication process, while allowing the user to reap the benefits of cloud application.

The SaaS provider continuously works on enhancing the security of a product.

Affordability and budget:

Cloud based, Software-as-a-Service model has dramatically lowered the total cost of ownership (TCO) of software systems through the implementation of annual subscriptions.

Generally, a SaaS provider offers multiple plans for a customer to choose from, allowing usage-based pricing to the customers. Therefore, a budget-conscious manager does not have to wait to organize the core compliance space as s/he can start with a smaller plan and fewer users, and gradually ask for more value by paying more.

Within a subscribed plan, the SaaS provider also releases enhancements and fixes. In addition, the SaaS provider continues to identify more opportunities for automation in the core and adjacent areas, gradually offering incrementally more value to the customers.

Importantly, the Compliance managers will NOT have to pay for company’s internal IT resources as the SaaS product is managed totally by the SaaS solution provider. There is no additional administrative cost in managing the SaaS product. Typically, the overall upkeep of the product, back up and other administrative tasks are the responsibility of the SaaS provider.

While determinig the budget for your SaaS product, consider the following at the least:

  1. List the existing inefficiencies, determine which of these will be eliminated, and estimate a price tag on these inefficiencies. These inefficiencies may include, but not limited to, the undesired events such as ‘ship hold’, ‘late ship’, ‘stop ship’; not being able to close sales in timely manner due to lack of compliance approval in a market, taking longer time to search and find a document; not having a quick information about the global compliance status of a product; not being able to instantly generate compliance-specific reports; longer time required to create various self-declarations and then dealing with the manual signatures of the DoCs, etc.
  2. Assess your total payroll for the Compliance team, and consider that this team will become more productive and efficient due to the use of a SaaS product. For instance, the Compliance team will not spend time anymore searching for a document, or will not manually service the requests from sales, marketing and shipping departments to share an approval document. Correspondingly, the Compliance team will be able to spend time on more value-added activities such as, eliminating or managing the compliance-specific risks, focusing on the new product testing activities, or re-certifying the existing products in time, etc.
  3. Review your total cost incurred today on testing services, outside consultants, and the time spent by the Compliance team members on the testing projects. Now estimate the time that you will be able to save and the efficiency you will be able to achieve due to the collaboration implemented through the use of the SaaS product. Also consider that you will be able to shrink the time it takes to test a product by X number of days (let us say a week for a product), and then multiply it for the total number of new products that are tested every year. 
  4. Evaluate the cost of the existing in-house tools or third-party generic tools (if any), and the cost of the support received from the internal IT team, etc. Consider that this cost will be eliminated.

Lastly, the Enterprise Software for a vertical (in this case, the Product Regulatory Compliance) is developed specifically for the compliance professionals and their ecosystem partners, and addresses the compliance related complexities, changes, nuances, jargons, business processes, and business use cases. Therefore, its cost could not be equated to the low cost of the generic office suites from players such as Microsoft, Google, Box, etc. as the latter applications are developed for and supported by a huge customer base.

Return on Investment (ROI):

An investment into software is a wise investment which more than pays for itself.

Consider the following tactical benefits and ask yourself a question “what is the annual value (or price) pegged to these benefits”?:

  1. Eliminiate one week off of the compliance testing schedule leveraging the compliance intelligence, and obtain an approval a week early.  Now consider this scenario for mulitple products that are launched by a company in a year!
  2. Attain a single source of truth for compliance records, which means you will now find only one copy of a unique document in your system.
  3. Find your documents in less than 30 seconds, by digitizing your projects, records and transactions!
  4. Avert the events of ‘late shipment’ to a customer. Consider you are selling into multiple countries and through many different distributors and resellers…
  5. Quickly obtain the compliance approvals by having clear and upfront compliance requirements, and by managing the testing project through multi-party collaboration.
  6. Prevent additional and after-the-fact testing because the scope of the compliance requirements was not fully understood first time around.  
  7. Avoid the ‘ship holds’ because the Compliance teams now have an upfront information for the upcoming expirations, and therefore all recertifications are up-to-date.
  8. Automate the service requests (for sharing the compliance records) stemming from different stakeholders, and make the Compliance teams more productive by allowing them to focus on more value-added activities.  
  9. Bring the Compliance function to mainstream by integrating it with the macro business processes through standard APIs, allowing interoperability and acceleration of the transactions with the business-critical functions such as, but not limited to, Produt Management, Sales & Marketing, Order Management, and Shipping, etc.

An investment into an annual subscription, if paid off in eight to nine months, would be considered an excellent ROI forming a natural business case.

Buy vs. Make:

Because developing and marketing the software product is its core business, the SaaS provider continuously enhances its product offering, solving the industry constraints one by one, and streamlining the processes, thus bringing the benefits of digitization, organization, automation, intelligence and collaboration to the overall space. The Compliance managers and other users will see the automation, enhancements and features at a much quicker rate than they would have received from a tool built in-house.

  • Mid-size companies: Ohio State University’s National Center for the Middle Market defines a mid-size business as the one having an average annual revenue between $10 million and $1 billion. In the US alone, approximtaely 200,000 businesses are estimated to fall in this category.

    The Organisation for Economic Co-operation and Development (OECD) defines the mid-size companies as having the number of employees between 50 to 249.2

    Gartner defines a midsize enterprises are those organizations with 100 to 999 employees and that make more than $50 million, but less than $1 billion in annual revenue.3

    Due to their immense focus on growth, scale, productivity, and agility, mid-size companies often experience the growing pains and require tools and automation to achieve and manage the next level of growth. The Compliance teams will be able to do things faster than before, create a better experiece for their customers, and create more efficient operations by using the SaaS solution for Compliance. Therefore, the mid-size enterprises benefit the most from the use of a SaaS solution.

    Sometimes, these companies also grow through acquisitions, where the use of a SaaS product can come handy in obtaining compliance records of the acquired company and quickly organizing them in a standard and consistent manner, bringing the full understanding of the overall compliance landscape of the newly acquired business.

    It is our strong recommendation to mid-size companies to stay away from ad-hoc and shadow IT projects, and embrace a SaaS solution!

  • Small companies and startups: According to the Organization for Economic Cooperation and Development (OECD), most countries define a small business as one with 50 or fewer employees.4

    Gartner defines a small business as an organization with fewer than 100 employees and with less than $50 million in annual revenue.5

    With a small footprint in the form of a few products that are sold in a small number of markets, startup companies perhaps can comfortably manage the compliance activities using the Excel spreadsheets. However, most of these startups do not hire a dedicated Compliance professional; typically, an Operations professional plays multiple roles including that of a Compliance professional. By starting with a small plan offered by the SaaS provider, the owner of the Compliance function - typically an operations person - will be able to do things faster than before, while reaping benefits of organization and automation early in the game.

  • Large enterprises: The USA defines a large company as the one having an annual revenue of more than $1 billion.

    In 80’s and 90’s, the large enterprises invested in automating their important business processes. Initially the IT department developed the tools in-house. Today, these in-house applications and tools have gradually been replaced by the best-of-breed SaaS offerings in the market.

    Similarly, many large companies have spent millions of dollars in developing their internal tools to manage the product regulatory compliance. In spite of the internal compliance-specific knowledge base these companies have, the sheer work load does not allow them to keep pace with the changing compliance requirements and bring the required enhancements and updates in the home-grown tools. Even if a Compliance team succeeds in building and managing in-house tools, it will struggle to build deeper capabilities, let alone address the functional adjacencies. Besides, in today’s world, using the hours of software engineers to develop or update the in-house tools costs a lot, bringing in question the prudence to develop in-house tools as it does not pass the ‘core vs. context’ criteria.

    Today’s CIOs are well aware of this phenomenon and themselves scrutinize building any in-house tools – they are fully committed to support the SaaS products.

    Sometimes, the large enterprises are constrained to use the legacy, in-house tools that they have been using for a long time, because these tools are deeply integrated with different business applications. Therefore, the Compliance departments hesitate to replace the legacy system. In such instances, the large corporations can partner with the SaaS companies to leverage and fill the gap of the important capabilities that their internal tools lack.

    Following are a few examples of areas where large companies can parter with a SaaS company and reap the related benefits:

    1. Receive Standards Update Notices (SUN) automatically. Learn about the effectivity dates of changing standards; whether only the new products or also the sustaining product are impacted; identify your impacted products (SKUs) and records (file names).
    2. Create, review, approve, sign, search, and share the digital self-declarations for the EU (in multiple languages), UK, Australia & New Zealand, US (FCC), etc. and remove the uncertainties around market-specific requirements.
    3. Share the view-only documents with the key stakeholders including your key integrators or distributors or channel partners, as well as with your end customers, sales, and shipping teams.
    4. Receive expiration alerts on the compliance documents so that you can proactively plan the budget and allocate resources in advance of 12 to 24 months!

    The above could be a minimal but powerful engagement bringing instant benefits. Although the SaaS companies generally offer fixed plans opposed to a-la-carte capabilities, considering the size and scale of the operations of large enterprises, a separate arrangement could be discussed.

    When a large company acquires a mid-size or small company for the strategic reasons, and if the businesses or technologies of the two companies are different, the compliance processes and requirements of an acquired company may not fit with the company that made the acquisition. In this case, the acquired company may not receive the required attention from the parent company for its compliance-specific needs. Such acquired businesses may also benefit from the use of a SaaS solution.

    At an appropriate time, the leaders must think about replacing the legacy systems with the SaaS solutions - either in a forklift (in one go) approach or in a phased approach.

Recommendations: Key Takeaway:
  1. The Product Regulatory Compliance function at large has missed the first wave of the technology revolution.
  2. The Product Regulatory Compliance function must catch the second wave of the technology revolution termed as the ‘digital age’ and embrace the SaaS solutions to bring the benefits of digitization, organization, automation, intelligence, and collaboration.
  3. The C-Suite is already aligned with the opportunity to capitalize on the wave of digitization and cloud based software as means to achieve paperless transactions, enhance productivity, improve time-to-market and further reduce costs.
  4. The Product Regulatory Compliance managers now need to evangelize the importance of the function, and present a simple business case for budget allocation with the following in mind:
    1. Explain the importance of the product regulatory compliance function, its ubiquitous needs to different stakeholders, and the legal risk of not managing the space properly.
    2. Explain the current state of the existing systems and the issues faced.
    3. Promote the strategic business outcomes that will be achieved through the use of a SaaS solution - see the ‘Business imperative’ section.
    4. Present the examples of tactical benefits outlined in the “Return on Investment (ROI)” section.
    5. Calculate the budget you are requesting to allocate – review the section and consider the points made in the section ‘Affordability and budget’.
    6. Calculate and present the ROI in terms of number of months and amount.
  5. Mid-size companies: To maintain their continued focus on growth, scale, productivity, and agility, the mid-size companies must embrace a SaaS solution to establish a superior compliance management function, and stay away from the ad-hoc and shadow IT initiatives.
  6. Small companies: By using the SaaS solution for Compliance, the owner of the Compliance function - typically an operations person or a Compliance manager without any additonal headcount support - will be able to do things faster than before, while reaping benefits of digitization, organization and automation early in the game.
  7. Large companies: The large companies may be able to quantify in a short time and prove the benefits of using a SaaS solution by having a limited but quick engagement with a SaaS company as outlined in the sub-section titled “Large enterprises” under the section titled “Buy vs Make”. In parallel, the Compliance leaders should consider replacing the legacy systems with the SaaS.
Reference: