With new regulations from the Financial Conduct Authority governing funeral plan providers coming into effect in July 2022, Dignity, one of the U.K.’s largest funeral services companies, knew it had to act fast to be able to obtain and maintain compliance. It had no formal risk and compliance management program, and no framework for spinning one up.
So, they hired Senior Risk Manager Deb Mallen to build a modern risk program from the ground up to ensure the organisation wouldn’t miss a beat when navigating this unfamiliar regulatory territory.
Deb Mallen started in October 2020 to source and build the enterprise risk management framework in preparation for the incoming regulation from the FCA. She knew the first and most important step in building the program would be to obtain the right technology to centralize, track, manage, and automate risk operations across Dignity.
She needed the right modern GRC platform to act as her single source of truth and command-and-control center — and she wanted it in place before she started putting other parts of the program together.
“We needed a system in place that could record everything. Because I wasn’t about to start on spreadsheets,” she said. “From previous experience, that just doesn’t work for a business.”
Getting the right tool for the job
After perusing the market for GRC platforms, Deb eventually identified LogicGate’s Risk Cloud platform as the right fit. Two main aspects of Risk Cloud drew her to the platform:
- Its flexibility, which allowed her to quickly make changes on the fly as her program’s needs evolved.
- The support she would receive from LogicGate’s Technical Account Management (TAM) team.
The TAM team is dedicated to helping LogicGate customers achieve their goals and realize the fullest ROI from their Risk Cloud experience by serving as dedicated Risk Cloud experts.
“We wanted more control [over configuring and changing the platform], but we also wanted to have someone in the background that could help when it all got too much for us,” Mallen said, noting that other risk management software that she’d used in the past required extensive developer support and took far too long to modify to meet the needs of a modern risk management program.
Risk Cloud didn’t have those problems, so Deb brought it onboard and decided to implement the Enterprise Risk Management, Controls Compliance, Incident Management, and Policy and Procedure Management Solutions.
Building an adaptive risk and compliance program
Since bringing the platform in, Deb and her team have used it to build out a principal risk register to catalog the company’s most pressing, top-level risks and departmental risk registers for each of the company’s 14 departments. With the help of LogicGate’s Technical Account Management team, the Dignity team also recently finished a major rebuild of the company’s incident management process in Risk Cloud, which Deb said has resulted in numerous efficiencies.
Risk Cloud’s flexibility has already come in handy on multiple occasions: The company transitioned from being a publicly-traded company to a privately-held organisation after being taken over earlier this year, and with that came changes in the executive team. That has resulted in some changes for the risk and compliance program, but Deb was able to quickly modify Risk Cloud to accommodate the shifts each time they happened.
When linkages between the departmental risk registers and the principal risk register needed to change based on feedback from end users, for instance, it was a matter of dragging and dropping at a few different points in the platform — no coding or extensive dev cycles required.
“We were able to change terminology, add fields, take off fields, et cetera,” Deb said. “We were able to just… go in and do it. And minutes later, it was changed for everyone.”
Bolstering Dignity’s culture of risk awareness
Risk Cloud has also been integral to Deb building a culture of risk awareness as Dignity navigates the new regulatory landscape.
The platform’s user-friendly interface makes it easy for frontline staff outside the risk department to participate in risk management, since Risk Cloud allows risk and compliance management processes to be worked into their existing workflows. The team uses access-based home screens to show end users only the information and tasks that are pertinent to their role.
“It’s not a labor-intensive or really difficult platform to use, so we get great feedback from our users, and anything they don’t like we can easily change,” Deb said.
Being able to perform that sort of individual-level customization has also helped Dignity comply with the new FCA regulations. One of the requirements is that senior managers need to know what’s happening in their department, even when they’re delegating work out to their teams. That includes all incident actions, compliance monitoring actions, and audit actions. Progress on completion of these actions can be seen by the managers with a single click. Every step of the way, Deb noted, Risk Cloud is being used to engage the organisation in risk and compliance management.
“Risk Cloud puts everything at the right level of the organisation, and it all feeds up to the appropriate or responsible owner. We have utilised the sign off fields, so they’re aware that everything has been reviewed and/or actioned by the appropriate person,” Deb said.
Risk Manager David Burton added: “They’re going into it and they’re using it, and that’s helped tremendously with improving our risk culture.”
Risk Cloud has also improved the auditability of the organisation’s risk and compliance efforts. When changes are made across the organisation, it’s all captured in Risk Cloud and Deb is able to view the logs for who changed what and when at all times. “We can see what went wrong, and when and why we did something,” she said.
When leadership changed, Deb was able to give the new board members a complete picture of the company’s risk position by simply showing them Risk Cloud. The team maintains an executive dashboard that provides a snapshot of risk and compliance across the org on demand.
And, the system’s auditability has been particularly helpful in preparing for audits, since the team is able to show the progression and each assessment of risks.
Deb and team have taken the appropriate parts of the Funeral Plan regulatory handbook, along with other legal and regulatory requirements, and built processes to ensure compliance with them into Risk Cloud.
“When the FCA comes in, and they sit next to a member of staff, all they will have to do is show them Risk Cloud,” Deb said. “No digging through files or folders. It’s all within Risk Cloud, and we can set up reports for anything they want to see.”
Absent Risk Cloud, those processes would have had to be done in spreadsheets and would have taken a significantly higher amount of time and resources. Dignity’s annual policy review process is now completely automated using the platform’s Policy Management Solution, for example. Risk Cloud has enabled Deb’s team of three to manage risk effectively for all 15 of Dignity’s departments and its 4,000+ employees.
“That has been really helpful for us, to be able to flex along with the company, because there’s been lots of different changes and different ideas coming in,” Deb noted.
Next steps with Risk Cloud
Now, Dignity is operating under the FCA’s authorisation Deb and team are now working on further improving the risk and compliance program.
They’re beginning to use Risk Cloud to improve their ability to stay ahead of risk by conducting risk stress testing and working with the Technical Account Management team to develop and implement key risk indicators for each of their principal risks. Those metrics will be used to improve reporting to the board, visibility of risk trends that could lead to problems, operational resiliency planning, and risk owner response processes.
Deb noted the Technical Account Management team has been crucial to Dignity’s success with Risk Cloud. Dignity’s dedicated LogicGate technical account manager has been able to act as an extension of Deb’s team, helping them avoid pitfalls and implement best practices at every step.
“TAM has been able to step in when we have added in too much complexity and bring us back to the basics, and the team has really moved us on to finessing the next stage of our system,” Deb said.
Burton added: “[Technical Account Manager] Patti [Struble] has never told us anything is impossible. We give it to her, and she says ‘Right, give me a day.’ And then she comes back with a solution. She gets it to work.”