Skip to content

10 Steps To A Seamless Compliance Software Implementation

Firms globally are moving ahead with big projects like compliance software implementations, pandemic or no. Here’s a step-by-step guide on how to ensure it all goes down smoothly

Regulation never rests. Pandemic or no. So neither can compliance. And for some firms that may mean moving ahead with a compliance software implementation now—with much if not all of their employees working remotely. These firms would not find themselves alone in such an effort. A recent study by Star found that more than 60% of 2020 compliance projects and initiatives are going ahead as planned.

Two weeks ago in this space, in fact, we reported on a leading global financial services group that just completed a sizable STAR software implementation and rollout. To complement that narrative account—highlighting the capability Star has to deliver its automated software even in the middle of a global lockdown—we offer this step-by-step guide for ensuring your implementation proceeds smoothly.


It all begins with a product demo: a thorough demonstration of what a vendor’s compliance software can do. Provided you like what you see and want to proceed farther down that road, next you’ll discuss a general direction for your desired system outcome. Once agreed upon, the implementation process will officially be set in motion at a kickoff meeting. At this time, a detailed timeline will be provided which describes everything both sides will need to provide throughout the course of the build.

Next up is the deep dive: a gathering of the implementation team and client stakeholders for more in-depth information gathering. “The system has to get down to the nitty-gritty,” says Kelsey Amar, Associate Director and Head of US Professional Services for Star, “whether that comes from the written policy or from the compliance officers explaining things to us. It’s about client needs and their understanding of what they want.”

That means a deep dive into your code of ethics. Knowing your rules. Understanding the business requirement portions and the follow-up workflows. It’s critical for the client to have all of this well-mapped prior to the client-vendor meeting, as well as ensuring everything’s up to date. “You’d be surprised at the number of implementations,” says Amar, “where we go in and say, ‘your code of ethics says such and such, and here’s how that translates into the system.’ And they stop us and say, ‘wait, we don’t know how that should work. We have to think about that.'” (See Turning Your Code Of Ethics Into Code and When Was The Last Time You Reviewed Your Rules? for detailed looks at both of these topics.)

The vendor then prepares a document based on everything that’s been gathered and discussed up to this point, so there’s no uncertainty regarding what client and vendor have gone over and agreed upon. In terms of implementation, every compliance platform vendor is going to operate a little differently, but there’s a thoroughness and logic to any well-executed installation. This document lays it all out.

The client is then sent another document to further flesh out requirements. This will translate the client’s rules, processes, and code of conduct into what will ultimately be their new compliance platform. Every aspect of the coming build is mapped. “It’s going from analog to digital in the truest sense,” says Amar. “What we’re doing is turning a company’s written code of ethics into software code. There are refining questions we have to ask, which will tell us how the client’s written rules should translate into the rules engine.”

The implementation team has by now definitely gotten down to the nitty-gritty: that level of understanding of client rules necessary to begin making the translation. The client signs off on what’s been agreed to and the vendor begins the build. “From a Star perspective,” says Amar, “we have very robust and flexible software in terms of tailoring the system to the nuances of any code of ethics. Our core product is highly configurable, though for stability and ease of update all our clients are on the same code base. The rules engine is the real differentiator.”

Now begins the testing phase of the build process. To be clear, this is the testing phase on the vendor side. This initial instance of the client’s new compliance platform will, of course, not be live; it will be built in a test environment, where the vendor has an unlimited opportunity to tweak and refine the initial configuration.

Once the vendor is confident the test site has met all initial client rules and processes requirements, the vendor provides a copy of the site to the client. At this point, the client instance is still purely a test environment. Nothing is live. Whatever legacy system the client is on, that’s what the client is still using for day-to-day, ongoing compliance purposes.

The client now develops a testing plan, part of which is conjuring up scenarios that will realistically simulate what the client will face when the platform is live. Client and vendor then meet to review and provide feedback. This meeting of the minds informs the ongoing build. “One of the things we keep in mind during testing and development is sustainability,” says Amar. “If we’re looking at a client’s rules, and we have two possible routes to get them to the same system outcome, we’re going to choose the route that will make long term maintenance as easy as possible. Because in six months you might need to make a change in how the rules engine operates, and one of the two build routes is going to make that future job easier.”

This is the user-testing and user-acceptance phase, and takes place purely in the test environment. This is where any needed corrections are made and the new platform is fine tuned. This is also where consistent vendor access to the client’s compliance department continues to make a difference. “We have to involve their team throughout the buildout,” says Amar. “And this testing phase is no less critical than any of the others.”

There comes a time when the test environment needs to become the live environment, but this need not be a moment of stress, or a moment when either side needs to keep its fingers crossed. “We only flip the switch when both the vendor and client feel totally at ease with where the new compliance platform is,” says Amar. “Then and only then will it go live.”

It’s worth mentioning that a company that can properly execute a compliance software implementation can do so whether the client’s workforce is remote or onsite. Whether key players on both sides can meet in-person or have to do the majority of the work virtually. Whether the world is in the midst of a pandemic or operating in a more normal manner. It’s also worth mentioning that the client benefits from being organized on its end. “With the current install, I would say both my company and Star were well organized,” offers the project lead for the large financial services group that just completed a sizable STAR software implementation (as mentioned in the opening paragraph: read all about it here). “We had a plan in place for building out the various modules. There was a clear timeline with milestones. Being held accountable is important.” For both sides.