Compliance demands more than old habits

In most cases, compliance is not a choice but a prerequisite for moving forward. No compliance means no licence, certification or contract. Setting up compliance processes rarely feels smooth. Regulators and auditors do not know your organisation from the inside, so their requirements often seem cumbersome or impractical. Many companies therefore opt for the shortcut: ticking all the boxes and closing the file as quickly as possible. The result is a paper exercise detached from reality, with no real anchoring in day-to-day operations. For compliance to truly come alive, it cannot rest solely on the shoulders of the framework owner. It must be embraced by everyone in the organisation.

In this article, we share our answers to five topics that often challenge companies.

From Excel sheets to practical compliance

At GRC, we have always believed in the power of automation to make compliance truly workable. Ten years ago, we ourselves were still working with an Excel spreadsheet containing all the information needed to meet our reporting obligations to the regulator. In practice, however, we soon realised that these spreadsheets were rarely kept up to date. It seemed to work, but mainly because regulators carried out few or no checks. This raises the question: in such a situation, are you actually compliant?

Why the current compliance process does not work

Our view is that the way compliance is often handled today is inherently flawed. We see that people rarely feel energised by performing reassessments, internal controls and internal audits. When you are required to do something you do not enjoy, frustration is inevitable because you repeatedly have to perform extra checks or last-minute reassessments to be ready for regulator inspections, you constantly have to explain to regulators how processes work and you need to revisit events from six months ago that were never properly documented.

Can it be done in Excel?

The world is changing and so are compliance requirements. Increasingly, the focus is shifting towards continuous monitoring, where compliance is not assessed once a year but tracked on an ongoing basis. Yet in many organisations, compliance remains a low priority. Investment is often avoided as long as the current Excel-based approach more or less works. Excel works until it does not.

Compliance is everyone’s responsibility

In many organisations, compliance is still seen as an obligation primarily imposed from outside. Responsibility is often assigned to one person to ensure someone is accountable and the boxes get ticked. But this approach leaves compliance as an isolated task with no real impact. In reality, compliance is a broad concept that touches almost every part of an organisation, from operations and IT to HR and sales. That is precisely why it only works effectively when everyone, from their own role and perspective, actively contributes to compliance and improvement. This brings significant benefits: risks are identified earlier, processes run more efficiently, the quality of information improves and the organisation can respond faster to changing laws and regulations.

Why small improvements are not enough

Many organisations try to improve their processes over time through small adjustments. For example, when more people are involved in compliance, they might agree to improve documentation, use a single central location for all information or start the process earlier. This can help in the short term, but it does not address the core problem.

What is often missing is a clear structure or allocation of roles. As a result, everyone works in their own way with different priorities and methods, and there is little cohesion in execution. This leads to duplicated work, misunderstandings and repeated alignment on the same issues. Instead of creating a smooth process, this actually adds complexity, reducing efficiency and preventing results.

The key: Standardisation and scalable technology

Compliance is a process in which many different people need to contribute part of their time. If everyone can decide for themselves how, when and through which process they provide information, chaos quickly follows. There is simply no room to accommodate everyone’s personal preferences.

If we can break the compliance process into small, manageable components and then reuse those components across different organisations, costs go down for everyone. After all, we are all using the same cloud providers and productivity tools. With scalable technology, we can elevate the entire compliance experience to a higher level.