The Online Compliance Consortium (OCC) is a business model designed for a regulated world.
The OCC collaboratively develops compliance and risk management training, tools and technology for the world's leading law firms. Representing 9 of the 10 magic circle firms, 60 of the top 100 UK firms and 24 of the top 25 US firms, the OCC applies a methodology that is designed to satisfy regulatory requirements whilst meeting the specific needs and quality standards of the world's leading law firms.
Compliance and risk management is best achieved when enough businesses in a profession or industry work together pragmatically to create the necessary tools that set best practice standards.
The OCC Core Group model allows like firms to share financial, intellectual and human resources to create solutions that directly satisfy their combined requirements. Since its inception in 2003 the OCC has spawned 10 Core Groups:
The OCC Risk Management System (RMS) is designed to allow a Compliance Team to efficiently manage risk and demonstrate to management and its regulator how it is doing so. The RMS evidences and tracks the control procedures and related activities the firm has put in place offering presentation-quality reporting and a complete audit trail.
VinciWorks' Risk Consulting Team can assist Compliance Officers in building and maintaining their Compliance Plan, Compliance Gap Analysis, Risk Register and Control Procedures, to ensure firms are using the RMS to the best of its capabilities and are prepared for regulators.
The RMS is cloud-based and secure with an intuitive web interface and advanced user-management capabilities which centralises access-control, communications, follow-up, alerts, reporting and audit capabilities as a complete and dynamic solution to replace the static Excel-based Risk Registers in place at many firms.
Based on the detailed specifications, features and functional requirements of 26 of the UK's leading law firms, VinciWorks designed and built the highly flexible OCC Learning Management System (LLMS) so that it could satisfy the unique needs of any professional firm.
The LLMS allows a firm to upload any format of learning content, automatically deploy, track, follow up and report on progress, scores, CPD, CLE and course completion whilst maintaining a detailed audit trail.
The LLMS includes VinciWorks unique "Nagware" that dynamically generates escalating reminders, and alerts that literally nag users to achieve compliance based on any event or non-event and or date.
Including Anti-Money Laundering, Anti-Bribery, Data Protection, Risk Management, Solicitors Accounts Rules, the OCC online compliance suite of training courses are tailored to the needs of professional firms and designed to satisfy regulatory requirements whilst meeting the quality standards of the world's leading law firms.
All OCC courses are customisable allowing firms to integrate their own policies, procedures and firm specific messages.
The OCC compliance courses can be licensed individually or on a per firm basis.
Facilitated by VinciWorks the OCC has established itself as the benchmark for professional compliance solutions.
OCC Core Groups have to date produced the Online Compliance Suite consisting of innovative , highly engaging, e-learning training courses, a state of the art OCC Learning Management System and a Risk Register and Risk Management System. Current developments include a multi-jurisdictional CPD Tracking Engine, an Annual Declaration Management tool and a Client & Matter Inception solution.
VinciWorks facilitates the activities of the OCC whilst developing and project managing innovative e-learning, training administration, compliance, risk and knowledge management software for most of the top 100 global law firms and the world's leading banks including HSBC, Citibank, Standard Chartered and China Bank.
VinciWorks prides itself on its ability to identify and develop solutions that address client-specific requirements within budget and on time.
The activities of the OCC are facilitated and managed by VinciWorks which has customer support offices in the United Kingdom, Hong Kong, and Australia and technical development and support in Jerusalem and Hyderabad. See our worldwide contact details below.
The right technology solutions don't happen by accident. The OCC collaborative approach allows VinciWorks (the OCC's development partner) to develop tools that help its clients ensure they get the solutions and services they need and want, on time and to budget.
OCC Truths About Compliance
The ultimate aim of compliance is to deliver a safer, more honest and fairer world - something we all want but there are practical limitations that limit what we can do to achieve total compliance.
Compliance costs money: In the 10 years since the tragic events of 9/11and the collapse of Enron the business world has become increasingly more regulated. From anti-money laundering to anti-bribery, from data protection to diversity, from sexual harassment to risk management - the costs of achieving compliance and the impact of breaching compliance are forever increasing. Thomson Reuters Cost of Compliance Survey 2011 reports that 71% of the global compliance professionals who responded to the survey said they foresaw that an increase in time and resources would be required to work with regulato...to ensure they were adequately prepared to meet regulatory requirements; 79% of respondents expect that the cost of senior compliance staff will increase in the next year; and 86% of respondents believe that the focus on managing regulatory risk will at least increase in 2011 with 42% expecting the focus to increase significantly.
The Ponemon Institute and Tripwire Inc. conducted the True Cost of Compliance study to determine the full economic impact of compliance activities for a representative sample of 46 multinational organizations (www.tripwire.com/ponemon-cost-of-compliance/pressKit/True_Cost_of_Compliance_Report.pdf). The extrapolated average cost of compliance for 46 organizations in the study is more than US$3.5 million, with a range of $446,000 to over $16 million. Adjusting total cost by organizational headcount (size) yields a per capita compliance cost of $222 per employee. Whereas the extrapolated average cost of non-compliance for 46 organizations is nearly $9.4 million, with a range of $1.4 million to nearly $28 million. Adjusting total cost by organizational headcount (size) yields a per capita non-compliance cost of $820 per employee.
Regulatory breach reduces stakeholder value: The Thomson Reuters survey also reports that 73% of respondents expect the total compliance team budget to increase in 2011. This is in clear contrast to the situation two years ago at the height of the financial crisis when only 43% of respondents expected an increase. This presumably is in recognition of the intensified regulatory activity and rising operational, reputational and financial costs of failing to comply not to exclude the loss of business and potential criminal liability.
The Ponemon study reveals that business disruption and productivity losses are the most expensive consequences of non-compliance. The least expensive consequences are fines, penalties and other settlement costs. On average, non-compliance cost is 2.65 times the cost of compliance for the 46 organizations. With the exception of two cases, non-compliance cost exceeded compliance cost.
We never have enough resources: At the October 2011 MLROs Summit Daren Allen, Partner, Corporate & Commercial Disputes at Berwin Leighton Paisner advised that the FSA expects Compliance Officers and MLROs to have sufficient resources and if they don't , then they should ask for more! If only it was that easy. The Ponemon study suggested that the gap between the costs of compliance and non-compliance provides evidence that organizations do not spend enough resources on core compliance activities. In other words, if companies spent more on compliance in areas such as audits, enabling technologies, training, expert staffing and more, they would recoup those expenditures and possibly more through a reduction in non-compliance cost.
We all want to know that what you are doing is 'good enough': Many regulations intentionally provide vague or limited definitions. As with the new Outcome Focused Regulation regulators wanting to provide flexibility deliver confusion and uncertainty. Individual Risk Managers and Compliance Officers are left alone to try and determine what are the best processes, procedures, controls and tools to adopt and implement. Out of necessity, Risk Directors, Risk and Compliance Partners and Officers are creating new models like the Online Compliance Consortium to share knowledge and establish industry standards and best practice. In 2004, driven by the possibility of criminal liability, 14 of the world's leading law firms (facilitated by VinciWorks) collaborated in an unprecedented manner to jointly develop a better, standard setting AML training solution, at a lower cost to each firm. Today over 150 of the world's leading firms work together to design and build compliance tools that deliver the optimal return at the lowest cost per firm.
There is no competitive advantage in being the best at compliance: As Fraser Ashman, former Partnership Secretary at CMS Cameron McKenna, put it, "People are sometimes amazed by the idea of a group of senior lawyers and others from major firms coming together to co-operate...However, we realised that there is no competitive advantage in being the most compliant. For example, the Ponemon Study reported that almost all of the 46 organizations experienced some size of data breach. The number of lost or stolen records varied widely, ranging from a low of zero to a high of 167,000, and having an average of nearly 40,000. However, none of these firms, even if competitive, would in advance of these failures have recognised data security as an area of competitive advantage. There may be a short term advantage in being the worst at compliance but it would most likely be a short term advantage! As Peter Burrell at Herbert Smith put it, "If there is no competitive advantage in compliance then we may as well share!".