Complyse: time to end compliance theatre
Last week I was inundated with questions about whether I’d left Avyse Partners. So, this week I’m crashing Matt’s blog series to give some of my perspectives on risk assessment, and what we’re doing with Complyse.
So first things first, I’m not leaving Avyse. I love this business and am far too personally, financially and emotionally invested in it to leave. We’re doing hugely exciting work on both the advisory and assurance side of things and to be honest, I’m having far too much fun.
I’m having so much fun in fact, that the only sensible course of action is to double down and do more. And that’s where Complyse comes in. As a SaaS solution, the operational, financial and practical activities are materially different to what we do at Avyse, and that’s why we’ve set up a sister company.
What are we doing at Complyse?
For those who haven’t been following along as closely, we’re really excited to be spearheading a seismic shift in the financial crime prevention landscape. For too long, risk assessments have been about demonstrating regulatory compliance, rather than informing risk insight and management activities – “compliance theatre” if you will.
With a few small, but fundamental changes, we’re helping to end compliance theatre. Imagine that your financial crime risk assessments:
Actually assessed risk(s)
Provided intelligent guidance into where to focus efforts on improving or monitoring controls
Met all of your regulatory obligations
Enabled you to understand and quantify the impact of strategic decisions (e.g. acquisitions, new products, voluntary restrictions)
Sat in a streamlined system with smooth workflow, audit trails and access control
The short answer: we’re trying to fix something that’s been quietly broken for far too long.
What’s the Complyse difference?
We’ve anchored the model around real risk events (not tied to abstract regulatory risk factors) and built control libraries organised by purpose, not regulatory obligations. We’re not dismissing regulatory risk factors – we know you need to comply with the regulations – but we’re recognising the problems they cause and solving that elegantly.
We’ve been discussing this with MLROs, CROs and CEOs for some time now. The overwhelming response has been “we agree that it’s broken – it provides no insight and takes a huge amount of effort – but we don’t have the bandwidth or resources to determine a credible alternative”. We acknowledge that industry practitioners don’t have the time or space required to truly consider how to improve their risk assessments. We have invested 1000s of hours of practitioner time in defining and refining our lists of real risk events, and control libraries. This means our customers can focus their precious time on assessment and improvement rather than building risk models, risk events and juggling spreadsheets.
Because we’re practitioners building IT (rather than techies trying to build compliance tools), we’re laser focused on practical outputs, usefulness and regulatory alignment.
We know and recognise that everyone’s in a different state when it comes to availability of data and information. So we’ve made it easy to start with qualitative statements and mature into data driven empirical evidence over time. This makes transition simple.
What have I learned?
Work is all about learning nowadays. New experiences and challenges are what make it fun. But a few things stand out in this venture.
The regulations are well-intended but really unhelpful. Much of where the industry has gone wrong over the years has stems from mandatory risk factors (country, customer, product, channel, transaction). When you start out on a wrong path, it’s no surprise that the outputs don’t work.
Firms are really hungry for a better way of doing things. The number of clients who’ve signed up before the technology behind our approach is even ready is proof of that.
Building technology is hard. When we started Avyse it was all about the people and we were ready to get going immediately. This time, it’s different: the product is at the centre, and that takes time. Developing the vision and imagining the potential is so much easier than building the reality. And yet – it’s still all about the people; they just play different roles now. Patience is a virtue.
So what…
It’s time to shift from regulatory risk assessments to real risk assessments. To understand where harms actually occur and inform real decision making.
We can’t wait to bring this solution to more firms; to genuinely transform the way the industry approaches this problem, and to continue refining and enhancing what we’ve built.
Product launch is rapidly approaching, and we’re really excited that Complyse will be the strategic partner at the ICA’s Future of FinCrime & Compliance Summit in May. If you’re there, please do come and see us.
And if you want to discuss risk assessments – how to improve the effectiveness and efficiency of what you’re doing – I’d love to talk about it.
It’s time to end compliance theatre.
NB: Don’t forget to follow Complyse on LinkedIn for all our latest insights.
