If an automated compliance framework is the problem, business rules may be the solution

Interesting post by Mitch Irsfeld in the CMP compliance blog. He discusses the need for sustainable compliance:

Sustainable compliance can mean the ability of a tool to easily integrate changing requirements and add new policies and controls processes, and add new stakeholders to the workflow. It can also mean the tools are built using open standards and deployed in a services oriented architecture (SOA). An SOA can also ensure reuse of the software for several different regulatory compliance and risk management initiatives.

Still others consider sustainability to include the ability to tie compliance tasks with decision support and executive information systems...

He discusses some other aspects of sustainable compliance and summarizes by saying

Sustainability can and often does comprise all of the above. Ultimately, sustainability is an end user goal, not a feature of a product or service. Sustainability is driven by the need reduce the ongoing cost of compliance activities. Most often, but not always, involves automating repetitive tasks.

Nevertheless, sustainability will be the buzzword for the compliance landscape in 2006. It's a good word. Define it for yourself.

Thanks, I will.

To me a sustainable automated compliance framework is going to include a decision engine that handles key compliance decisions in an automated, repeatable way such that those who understand the regulations can manage the way these automated decisions are taken on a day to day basis. Clearly this is not sufficient - there must be process automation, organizational change etc etc - but I believe it is necessary. Only a business rules management solution can allow the automation of complex, industry-specific regulations and still allow those who understand them to sustain them. For more on compliance and business rules, click here.