GRC Tuesdays: When Governance, Risk, and Compliance Supports the Subscription Based Digital Economy
In these GRC Tuesdays blog, I usually try to illustrate how GRC solutions help organizations automate the roll-out of a new regulatory requirement, or keep an eye on their risk exposure level.
But more and more, I am asked how GRC can really enable businesses to run better. And therefore go further than protecting the value, by helping create it!
Subscription Based Digital Economy
As per Gartner, “by 2023, 75% of organizations selling direct to consumer will offer subscription services” with “70% of organizations [who] have deployed or are considering the deployment of subscription services”.
If you still have doubts on the validity of this assumption, just think of the way you consume music or video today. But also your software… and even your (online) education! Every industry is being changed, including asset intensive ones such as transportation that is being rocked with car fleet rentals and use-based insurance for instance.
To support this move in business model, and be able to monetize their products and services, many companies are improving their order-to-cash process by replacing spreadsheets and custom billing applications with dedicated modular solutions that support all types of subscriptions for B2B, B2C, and B2B2X businesses from nascent opportunities to scaling to volume business.
Enters SAP Billing and Revenue Innovation Management
SAP Billing and Revenue Innovation Management or SAP BRIM, enables the commercialization of digital subscription and usage based services. With SAP BRIM, customers are able to quickly design and model new usage and subscription services, and implement real time pricing, billing, invoicing, payment processing and collections activities at the scale and volume demanded by customers in the digital economy.
Another major difference between the “traditional” economy and the “digital” economy lies on the multisided revenue models. In addition to being subscription based, most offerings include bundling with additional partner services. As a result, successful revenue management solutions such as SAP BRIM include revenue sharing capabilities.
And Now Enter Solutions for Governance, Risk, and Compliance
The first thing that you need to keep in mind when you roll-out a subscription solution like SAP Billing and Revenue Innovation Management is that you must still remain compliant.
And this is actually pretty complex in a high-volume revenue-sharing model such as the one from app shops or online stores. Contrarily to the “traditional” economy where vendors are usually well know or are in sufficiently low number to be fact checked when needed, how do you go on about ensuring that you are not transacting with an exposed party – or even worse a sanctioned party?
As I am sure you know, SAP Business Integrity Screening was designed for high-volume screening scenarios and with the option to analyze related business transactions for potential fraud.
There are 2 scenarios where I think it complements SAP Billing and Revenue Innovation Management quite well to make the process compliant with regards to external regulatory requirements, but also make the process more efficient and secure with internal policies and procedures by identifying anomalies rapidly and deterring malicious behaviours.
The first scenario relates to screening against watchlists from government agencies, international organizations, and private content providers to help companies avoid doing business with high-risk or sanctioned parties. As soon as a hit against any of the parties on these lists is identified on a transaction or a document, the alert is raised and the company’s business with them put on hold until an investigation decides of the outcome: sustain this hit or decide that it is a false positive and can be processed. Outgoing payment could then be blocked proactively so that no uncompliant business is conducted.
The second scenario relates to looking into business transactions data points to identity anomalous patterns. In essence, activities that look suspicious and could be fraudulent. As mentioned above, SAP Billing and Revenue Innovation Management can manage revenue sharing topics between partners, and this is an area where issues can happen. Let’s take for example an unethical or malicious business partner that creates many fictious parties so that they can get multiple payments or benefits. The partner screening capability can check similarities in business partners: same bank accounts, corresponding physical addresses, same names but using aliases, and so on and so forth and correlate them to find the multiple accounts that are actually the same person or organization.
The second area where GRC solutions can truly complement SAP Billing and Revenue Innovation Management relates to proactive detection. Not necessarily for non-compliance, but rather concerning missing or outdated information that could prevent the order-to-cash process from running smoothly.
This is where a solution such as SAP Process Control, in my opinion, can provide additional value. This solution is designed to help organizations document, assess, test, and remediate process risks and controls by streamlining compliance efforts and using best practice internal control processes. It can further enable continuous control monitoring. But what if, instead of simply focusing on reducing compliance risk, organizations would apply continuous control monitoring to its order-to-cash process and ensure that any deficiency is identified earlier, even if it does not relate to compliance requirements?
Here, it’s more of an optimisation of revenue type scenario, and quite typical of companies with a subscription business model. For these organizations, when customers sign up they usually agree that there is a payment method on file. For our purpose, let’s say a credit card. And, as customers receive the service, their card is charged accordingly. As part of invoicing, the system checks if there is a credit card to charge and then associates the payment item to it. This is very straight forward.
But what if the credit card is going to expire or worse has expired?
Being able to flag this ahead of time and to have a company representative reaching out to the customer to have their payment information updated would be good both the customer who continues to benefit from the service without interruption and for the company who can continue to deliver – and to charge.
What’s more, and in order to make this process all the more satisfactory for both the customer and the company, why not separate the issues (i.e.: deficiencies) into categories:
- Those that are about to come where the credit card is not yet expired so the company representative can proactively reach out by email to the customer to update the payment information;
- Those where the payment is about to be declined because the card has expired and they need a more urgent update and warrant a direct phone call from the accounting team.
Both parties would benefit from this approach: the customer since they would continue to enjoy their subscription without discontinuation and the company, who doesn’t lose any revenue and also involves the relevant people at the right time.
What about you, does your company leverage its GRC solutions to do more than compliance? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard