Ventiv Resource Library
Issue link: https://ventiv.uberflip.com/i/683679
5 | | RISK MANAGEMENT Technology Read more online at www.strategic-risk-global.com/asia RISK MANAGEMENT TECHNOLOGY Managing compliance through technology How EnergyAustralia is using technology to keep on top of more than 6,000 regulatory obligations CASE STUDY: ENERGYAUSTRALIA Australian power companies know all too well what it means to be on the wrong side of the regulator. In the past two years, the Australian Competition and Consumer Commission (ACCC) has slapped hefty fines on five of the country's major players over the conduct of some of its sales practices. EnergyAustralia was one of the companies involved, with the result being a $1.2m fine in April 2014. The company's enterprise risk and insurance manager Brad Tymmons says the fine drove a "huge change" in the company's risk appetite for regulatory breaches and resulted in the implementation of a new system from SAI Global for regulatory compliance assurance. "We're much more cautious; we improved our systems, and we put in a lot more resources. Our risk appetite for regulatory breach is now very low," he says. Indeed, EnergyAustralia is bound by more than 6,000 pieces of regulation and uses a combination of technology and manpower to ensure its compliance. "We have a central regulatory a!airs team who manage and monitor legislation and changes to regulation impacting our industry. And we also have people out embedded into our business units whose role it is to manage regulatory a!airs," Tymmons says. Those teams then feed any changes in legislation into the system. "Managing our regulatory obligations and potential breaches is always a risk; it's just that the likelihood of that risk has be mitigated through the implementation of the system," Tymmons says. "We can monitor across the business where our regulatory hotspots are and it helps us analyse if there's a systemic issue with managing regulations at a certain part of the business. "That gives us the early warning signals that we didn't have before." Tymmons has also risk- ranked EnergyAustralia's legal obligations. "We've risk-ranked regulations as low, medium and Managing our regulatory obligations and potential breaches is always a risk; it's just that the likelihood of that risk has be mitigated through the implementation of the system" Brad Tymmons EnergyAustralia high. Those that are high, we certify our compliance quarterly, [and] those at the medium and lower ends of the risk rankings we certify less frequently," he says. The company's performance is then measured against that, with bi-monthly reports to the audit and risk committee that incorporate any regulatory breaches, near-misses and changes to regulation. EnergyAustralia does not currently have a specific technology platform for risk management. However, Tymmons says they are investigating options.