I learned about HyperProof through a recent job posting I applied for.
I’ve had this idea for a while now but I think it isn’t valuable on it’s own and I don’t have the capacity build out more features around it. You already have the features & functionality the market is looking for.
In advance I waive any ownership or claim of this idea. I’m posting this publicly and don’t care who reads it or who implements it or not. I’m happy to sign something to that same effect.
That being said, I may build a web app for this at some point because I do think there’s a value proposition here.
First the background, I’ve handled audit & compliance (GRC) for a number of insurance companies. These companies have reinsurance contracts that are unique and ever changing making them hard to automate. I did end up building a review and compliance checklist framework around that and I think some of that could be helpful.
Insurance companies are also governed by market providers, provincial/state, federal, stock exchanges, and other regulatory bodies. With so many regulations we all have a constantly changing regulatory environment.
I found with the Lloyd’s of London regulations; all past regulations were posted and new ones were just added and emended. You had to be very detail oriented to track the current state of every regulation. There was so much to do I never had time to follow through on every email about a regulatory change so sometimes we might slip out of compliance for a few months. Even worse if I was sick or made a mistake.
That’s the problem, keeping up-to-date on every change and addition for every regulation your organization must follow.
My idea is a simple web scraper. Users enter the public facing URL where the regulation or compliance is outlined. The web app goes through once a day, scrapes the content of the page and compares it to the previous day. If there’s a change in the content (even if it just says “this law is out of date, refer to this new link” then the web app will identify the change from the previous day. You can then notify users of these changes almost immediately (within 1 day) and they can be tailored to specific pages that relate to the users business.
I think parsing and automatically identifying regulatory changes has more value to add:
- Parse it and display the exact change to the user so they don’t have to click through and read the entire compliance document. Just like the Git diff command shows 2 columns with the original on the left and changed on the right. The automated compliance monitor could show old versus new in the notification email. That would allow compliance managers to immediately assess “this is a styling change or a minor change with no impact” versus “this is a major change and I need to devote staff to it immediately”.
- The web app might also strip out all HTML/CSS etc so only the actual content is compared day-to-day.
- Allow users to create new audit or compliance checks associated with any given change. Then it becomes really easy to see “how long has this regulatory requirement been in place”.
- This means that every [major] regulatory change would have 1 or more audit items associated to confirm/document compliance.
- The orgs compliance Stace is ever evolving rather than a occasional massive updates.
- For example if a new law says “restaurants must not leave cash on premises overnight” then the user can create a checklist item for “check no cash is left” and this item is automatically added to the nightly closing checklist every employee completes. That same no cash check might also flow through to a management checklist so once a month they perform an audit to confirm/document compliance.
- Provide a dashboard with a history of changes, just like if a person had created an email folder for change notices and took the time to file every email in the right place. The changed content could even be marked low/medium/high priority either by the user or machine learning.
- The dashboard becomes, like the rest of HyperProof, the central repository for everything GRC. When staff turnover happens there’s less risk of lost knowledge since all changes have been recorded in a central location (old staff email is often wiped when they leave wiping away valuable documentation too).
- Allow users to search regulations and changes (and document change history of any single regulation). This gives the organization a record of exactly when they were aware of a regulatory change. Users could search for “regulations applying to forklifts” or “hazardous materials” finding all applicable regulations that match the criteria.
- It’d be like Google Docs edit history but for the organizations external regulations.
Overall this would hopefully allow a user to outline every online regulation document, associate 1 or more audit items with each regulation, and keep near-real-time audit checklists/reports. By staying instantly (once-a-day) on top of changing compliance requirements the organization is proactive to regulators rather than reactive.
When a regulatory audit does occur Head of Compliance can pull up any given regulation, note all audit items related to the regulation, and see the results of every audit performed since the regulation changed.
I sincerely hope that helps.