Regulatory and Industry Compliance Gap Assessment
Government and industry regulators bring a unique type of risk to most organizations. Devastatingly disruptive events can be handed down by these bodies. Sanctions and penalties can include shutting down operations in a specific geography, losing a state-issued professional license, suspension in the ability to process certain types of transactions, or paying fines up to 4 four percent of your gross revenues loom over most organizations. Recently the licensing body of London’s transportation services suspended Uber’s certificate of operations based on passenger safety concerns. Even with the decision being appealed, the impact on an already tattered brand, driver morale, and a single-digit percentage stock value loss as a result of the announcement is not an isolated incident. Risk Neutral has successfully assisted clients in preserving brand equity and avoiding paying annual financial penalties of multiple millions of dollars for failure to comply with privacy mandates and industry regulations.
Working with regulators can be tricky. Having conducted many operational, information technology (IT), cyber and physical risk assessments over the last three decades provides us a unique perspective. Holding over 70 industry and professional credentials frequently means our professionals have been through the same training as the regulator or assessor sitting across the table from our clients.
Risk Neutral has conducted many gap assessment engagements in advance of a regulator or external assessor evaluation visit. We reviewed the regulatory requirements and provided opinions on adherence to the demonstration and documentation criteria required to achieve compliance. Remediation plans, policy changes, and preparing written responses to address potential areas of concern are common outcomes of these engagements. Many clients also found value in having Risk Neutral personnel play the role of the assessor or regulator in simulated interviews to prepare staff and executives with limited experience in these settings. Being exposed to anticipated questions, understanding how to accurately and concisely respond to queries and discussing what procedures needed to be followed when producing any requested follow-up artifacts dramatically decreased the anxiety of staff and senior management.
Just because a regulator, partner, or client asks for something doesn’t always mean an organization has to comply immediately. In most cases, all interested parties are trying to achieve a common goal or achieve an acceptable level of risk to satisfy their stakeholders. Risk Neutral has experience supporting clients as they negotiate for concessions, exceptions or extensions for specific requirements. Understanding the standards and requirements as well as the practical steps to achieve the industry’s best practices to demonstrate compliance strengthens our position to achieve a favorable outcome.