Blog - Approval & Compliance Business Workflows

Approval & Compliance Business Workflows in Real Estate Industry

-Making them work

Sanctions checks, avoiding business process compromise, and ensuring that capital expenditures procurement is seamlessly able to handle, where required, those all-important connected processes like insurance, ESG metrics, related building modifications (if any), or even specialist cybersecurity requirements, are three high level examples of business workflows that if not done well could adversely affect your bottom line.

Quantitative and Qualitative Processes

Although real estate management softwares have become stronger in handling quantitative processes, as well as being able to drive lease workflows that move electronic documents from a starting point to their next point of action(s), the fact remains that systems good at quantitative business processes have been historically weak in driving qualitative ones and vice versa, simply reflecting that each type of workflow has fundamentally different underlying technical requirements.

Operational Constraints

However, regardless of whether quantitative or qualitative processes are in focus, both have generally been weak when it comes to two areas. The first is being able to granularise business flows at a detailed enough level, so that they are able to handle the required end to end processes with full or partial automation without the use of spreadsheets on an auditable repeatable basis, especially when it comes to performing complex data transformations involving data from multiple sources. The second is that systems are generally weak in combining both inter and intra departmental workflows within a “single” process.

Capabilities of Modern Technology

Modern day functionality enables very flexible end to end process designs with full compliance, transformation and data enrichment capabilities, that can drive processes forwards on a repeatable and auditable basis.

This process at a granular level goes from data collection (including RPA, if required for document onboarding that can be with or without AI), through all required data transformations / enrichments to contextual actionable reporting / visualisations +/or workflows @anywhere @anytime within a ERP process + API’s @anywhere to other applications or ecosystems (including the leverage of Open Banking API’s w/payments @anywhere) + simulations. The above is a bit of a mouthful for sure, but you get the overall gist regarding its flexibility, which results in powerful digitally enabled processes (DEP).

Also note that the above steps are not fixed in number, whether parallel or concurrent, nor fixed in any position within any end to end business flow. Roles, responsibilities, validations etc are all driven by the process owner for the process user(s), the latter who benefit from overall operational simplicity. At a more detailed technical level other options do exist if needed, including “defined” specific processor tasking and cloud bursts.

Digitally Enabled Processes

Investments in your previous ERP systems need to be preserved, as far as practical and possible, but at the same time your operational challenges need to be solved. More holistically, your business flows would involve the following components, Your Mobile Apps + Your Unique Digitally Enabled Processes (DEP) (with the flow structure as outlined above within Capabilities of Modern Technology) + API’s + Your Applications (new and old), all coming together both with high levels of data quality and with full and comprehensive levels of compliance.

This combination of technologies is very flexible & powerful and is suitable to drive end to end business workflows for both quantitative and qualitative data sets on an auditable and repeatable basis. Examples might include: lease approval workflow; tenant portal; employee self-service; e-forms; on-boarding & off-boarding for tenants and property owners etc.

Note here that the same concepts can be applied to i) any complex process involving many people like FP&A, or ii) any complex task involving domain specialists e.g. lease management module in the property management system.

How these might work for you are explored and illustrated further below in greater depth, using the following three topical examples that were introduced in the opening paragraph: Sanctions Checks; Business Process Compromise, and Capital Expenditures Procurement.

Removing Process Complexity on Property Analysis Report

The fundamental issue for any form of reporting is making it work in a timely manner, whilst meeting your specific domain needs. Typically, reporting systems allow for great business visualisations and work well for simple property analysis processes, but they tend to fall down in more complex situations requiring more extensive data preparation i.e. transformations / enrichments / granular step by step calculations.

The reason for this is that comprehensive reporting for management activities, compliance controls and decision support for property operations and finance, typically requires various subsets of information to come together, then be transformed into meaningful information (without the use of spreadsheets), and must also work for your developing needs, ie iterations, on a repeatable, auditable basis.

As always, every domain area has its own set of quirks and peculiarities, so domain vendor selection is important as they have often optimised their systems to handle typical challenges, which would otherwise take you additional time and investment to sort out. It is also important to note that data collection, the starting point of any process, often involves accessing data from multiple heterogeneous application sources that are using different databases on different versions, noting that skills to achieve detailed integrations are unlikely to reside in just one person.

Sanctions Management

Explicit or implicit sanctions, the latter for broader and less specifically defined sector or narrative statements, can be applied to organisations, individuals, entities, countries and vessels, and are most typically put into place by OFAC (Office of Foreign Assets Control; the financial intelligence and enforcement agency of the U.S. Treasury Department), the European Union, or the United Nations.

According to Refinitiv as at April 2022 there were 47,000+ active individual and entity sanctions, noting that although there were 15,000 updates in March 2022 and a further 9,000 in April 2022 that after de-deduplication the overall increase was in fact more modest. This reflects the administrative task at hand and the underlying effort required to obtain full sanctions compliance.

As touched on above, digital enablement is about connectivity x-applications and x-ecosystems using API’s to reduce friction (see the above paragraphs “Capabilities of Modern Technology” and also “Digitally Enabled Processes”), so this here is a good example of where and how other established connected industry leading ecosystems, such as those offered by Refinitiv, can add immediate value particularly as mistakes of this kind can be costly to your business.

Business Process Compromise

Business Process Compromise, the world’s most profitable hack (according to Wired 5th June 2022), is a form of social engineering to proactively divert your monetary funds, with your staff’s inadvertent help, to a bank account controlled by threat actors.

Whether targeted dollars are related to procurement, tenant deposits / receipts, executive bonuses, treasury transfers, cash to be used for acquisition etc, the underlying threat of having your funds hijacked, whether driven by staff externally or internally, is very real.

These threats can be surprisingly simple to execute. For example, the threat may come into play through someone simply requesting a member of your accounts payable staff to pay specific funds from your company into a different supplier bank account.

This type of activity may also leverage, rather opportunistically, the on/off #WFH environments where any quick ad hoc checking by members of your staff with others is not so convenient when compared with an office environment.

These threats can be managed by putting into place specific automated supporting processes that occur prior to the execution of any monetary transfers, and which are commensurate with the request type and the amounts involved etc.

Proactive supporting processes here can provide a very specific history of past transfers made, including account numbers used, frequency of past payments, currencies used, amounts of past transfers, and persons involved in past bank account change requests. Only after proactive due diligence would payments be undertaken using what should be best practice e.g. segmentation of duties.

Other more indirect but effective ones can also be put into place to train your staff on the underlying intent of threat actors once they manage to get into any one of your ERP systems i.e. they gain entry and then move horizontally to your more valuable corporate data assets. This training process should be undertaken regularly for all staff, i.e. quarterly including the C suite, and should be supported with relevant actionable contextual metrics and tests to validate planned goals.

As a final comment ISO20022 is being adopted by financial institutions which means that, once supported, your bank transfers will contain more metadata that in turn can be leveraged by solution sets like SWIFT Payment Controls to provide deeper proactive real time payment controls during the actual live bank transfer process.

Conversely, threat actors can now replicate true to form video and voice calls (very expensive at the moment but prices dropping) to realistically impersonate your boss(es) i.e. tell you to make a transfer, so as always threat vectors ebb and flow.

Capital Expenditures Procurement

Enhanced Capital Expenditures budget processes can drive connected events for completeness. For example, is a new asset to be insured; will the value of an existing asset be increased, and if so will there be any subsequent impact relating to an insurers “average clause” (typically in the small print) that would impact pay-outs; recording specific ESG categorisations, eg power consumption, for ongoing cross-year KPI metric tracking to support any moves towards a net zero carbon footprint; will the installation of a new asset lead to structural changes and how much etc.

Controlling a robotic workforce could be thought of as an extension to HR, so that their deployments / activities can be subject to management oversight during their life. This ensures that their metrics are  kept fully in view, such as assessing actual cf planned  efficiency metrics, their usefulness in achieving designated tasks etc, and ensuring also that cybersecurity considerations are constantly reviewed on an ongoing basis.

Compliance incl. Cross Border Data Transfers

Privacy and cybersecurity details need to be considered end to end for each ERP process over their full lifecycle. Particular attention should also be taken regarding in-country data management compliance, as well as considering the detailed implications of both existing and emerging cross border data transfer legislation, whether data sources be inbound or outbound.

Legislation is coming thick and fast in this area. For example, in Hong Kong “Guidance on Recommended Model Contractual Clauses for Cross-border Transfer of Personal Data” was published in May 2022, whilst in China the “Personal Information Protection Law (PIPL)” continues to be fine-tuned in multiple areas, including cross border data transfers.

Summary

Streamlining your internal approval workflows & procedures through ERP systems for management activities, controls, and decision support, both saves time and increases efficiency, but as can be seen from the above examples of Sanctions Management, Business Process Compromise and Capital Expenditures Procurement, it also helps drive in-depth compliance. Going forwards, an opportunity now presents itself to further streamline your operational and financial processes to drive even deeper value creation, as well as competitive advantage, whilst also establishing strong levels of compliance.

GaiaPM, a member of the FlexSystem Group, provides international lease and property management software designed to help you drive performance up and costs down. As a global solutions provider in over 38 countries GaiaPM, together with its proven solutions for multi-currency financials, human resources, and operations, is a business software vendor to 1 in 10 Forbes Global 2000 (May 2020), and 1 in 5 Global Fortune 500 (August 2020), operating at the intersection of new digital process and payment technologies, whether on-premise, hybrid or cloud, to provide you with iterative opportunities for value creation.