Tweet

Proactive risk management & compliance

Guest post by: Paul Every

Article Overview: Compliance and risk professionals spend a lot of their time demonstrating their businesses meet regulatory requirements through reviews, completing checklists and compiling reports. In today's world there is a need for professionals to spend more time focusing on preparing their businesses against unknown risks - or black swan events. To achieve this the regulatory compliance aspect of their roles needs to be simpler and more automated. This article describes one such way of achieving this.

Proactive risk management & compliance

"[T]here are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns - there are things we do not know we don't know." Source: Donald Rumsfeld The above statement articulates one of the key challenges facing those responsible for managing risk - that the risk landscape is changing. As well as ‘known risks' and ‘emerging risks' organisations need to be able to prepare themselves for ‘unknown unknowns' or ‘black swan' events as they have become to be known[1].

What is clear is that the risk landscape is changing. Today's fast changing world creates more uncertainty for organisations - and makes it harder for them to understand where new risks are going to come from[2]. Stephen Platt stated at a recent conference[3] "we value achievement not prevention, and laziness means we don't measure the value of disasters averted; instead we merely measure the cost of controls and business lost".

Changing this mind-set is not easy, particularly when most Risk & Compliance Officers are swamped with demonstrating compliance through form-filling, producing checklists and carrying out reviews.

To give the Compliance Officer capacity to address these issues and re-focus on proactive risk management they need tools that will help with the regulatory compliance. Senior managers also need reliable information to make informed decisions on risk issues.

The problem in most companies today is they look at risk from a one sided perspective to meet their regulatory compliance needs. Risk management is viewed as a fixed cost to help the company avoid financial penalties, litigation and/or bankruptcy. This recognition of the cost of managing risk provides a good base to build and leverage a framework for proactive risk and compliance.

Governance, Risk Management & Compliance (GRC)

Governance, risk and compliance activities are increasingly being integrated and aligned to some extent in order to avoid conflicts, wasteful overlaps and gaps. GRC typically encompasses activities such as corporate governance, enterprise risk management (ERM) and corporate compliance with applicable laws and regulations.

Interest in GRC was initially sparked by the US Sarbanes-Oxley Act. However, the focus of GRC has since shifted towards adding business value through improving operational decision making and strategic planning. Integrated approaches to GRC will also assist in meeting the requirements of Anti-Money Laundering legislation. This is a mandatory requirement of all regulated businesses in the fight to combat the financing of terrorism.

To remain competitive, companies must have a GRC strategy in place that keeps pace with new legislation and stakeholder expectations. An associated framework will aid strategic decision making by clearly defining risks and opportunities.

What is still needed is a near real-time proactive monitoring process that will minimise unexpected incidents by providing the right information to the right people.

The changing face of Risk Management:

1. Organisations categorise risks into Financial, Operational and Strategic, but often fail to link them
2. Increased globalisation results in risks emerging quickly across traditional categories
3. Current thinking prevents risks that cannot be identified from being managed
4. On-going changes to regulation requires frequent changes in systems to demonstrate compliance
5. Just collecting more data does not necessarily provide more protection
6. To manage these new ‘risks' needs a new holistic and more agile approach
7. Risk needs to become the responsibility of all and not just the Risk & Compliance department

An integrated approach - without spreadsheets

The ‘single view of the client' is promoted by many vendors of integrated technology systems for financial services businesses as a panacea for proactive risk management and compliance. In an ideal world this is great and for many new businesses there are plenty of options to choose from. However, back in the real world, most existing businesses have invested heavily in legacy systems where the cost of change is just too high. To meet their regulatory Compliance requirements many ‘bolt-ons' are developed using ad-hoc systems usually based around the humble Microsoft Excel spreadsheet. Whilst enormously powerful, spreadsheets actually increase risk due to the ease of update, errors in formulae and portability of client data.

To mitigate risk and drive value from existing investments intelligent ‘middleware' can be deployed that draws information from existing systems; replacing spreadsheet based registers, reviews and checklists; eliminating double keying of data and automating much of the administrative burden of the Risk & Compliance Department. Properly configured and deployed, this type of solution can provide real-time warnings of potential breaches of policy that will completely avoid the need to manually review update client files.

One such system is the new Risk Management Suite from BankClarity Limited. With a reputation for providing tools to bridge the gap between in-house systems and the banks to create the ‘completely compliant payment' the next logical step was to use the same data to provide an enhanced toolset for the Risk & Compliance Officer.

A review of your current structure, process framework and systems can be used to identify the opportunities to streamline processes and workflows and generate a case for change. The automation of common tasks, removal of duplication and elimination of spreadsheets can all help to give back time to your Risk & Compliance Department to enable them to focus on proactive Governance, Risk and Compliance to support the Board. A further benefit, over some of the other solutions only offering screening capabilities, is the ability to create and change your own bespoke systems using the proven .NET framework.

[1] The Black Swan: The Impact of the Highly Improbable. Nicolas Taleb: 2007

[2] Black swans turn grey. The transformation of risk. PWC: 2012

[3] Jersey International Business School Annual Leadership Forum 2011

Related Articles
  SME's - a link between funding and a compliance model
  RISKY BUSINESS
  MANAGING RISK
  Risk Management for Law Firms
  Labor Law in California: Proactive Efforts Can Help Reduce HR Risks
  SME's - a solution for Africa
  ICE Launches Workplace Immigration Crackdown
  Training Employees in a Tight Economy
  What is OHSAS Management System
  Compliance smells like money.
  Train the Trainers on the Art of Handling Difficult People By Thinking Proactively
  Four Safety Basics to Reduce Workmans' Compensation Injuries and Costs
  P3 Compliance and Constructing Policies That Hold Up in Court
  Undocumented Worker Legislation - A New Reality for California Employers
  How To Show Appreciation To Your Clients Without Breaking Your Budget
  Governance in the SME Sector (including NFPs) – A Waste of Time?
  Are You Really “In Control”?
  How Public Acknowledgement of Poor Quality Can Increase Sales
  3 Ways to Reduce Employment Costs with Human Resources Outsourcing
  What are the 3 biggest challenges faced by supply chain/purchasing professionals today? (Survey Result 11)

Article Tags: black swan, compliance, GRC, leadership, risk management



Related Forum Posts
Re: Do Women Play the Stock Market? - Hi David, I am strictly a stock market coach. Although I have experience with other types of investing, real estate, for example, the stock market is where I have had the greatest successes over the past 12 years. It has enabled me to grow my retirement account the quickest, mainly because I implement a strategy for risk management. I always say that you will never eliminate the risk in the stock market, you just have to follow a plan that minimizes its impact. And the key word is "follow." Many investors are ruled by their emotions, which always gets them into trouble. Having a systematic approach and following it is key. I have been to Japan, although I don't know too much about the foreign markets. I do believe you when you mentioned that many are risk averse and more conservative in their approach. I have found that to be the case as well.
Re: What Do You Outsource Mostly? - Hello, I outsource some management fields like business management, time management etc.. I like outsourcing these fields..as I have done business management course.. Initially I don't liked it at all..but after sometime I started getting interest in it.. Now I am searching some interesting management courses... Regards, Nelson
Re: Would you buy a house for a dollar? - What I know is that risk is risk be a dollar or hundreds of dollars. What matter is cross checking the genuity of the business.
10 best franchises to get involved - I don't think a franchise (or even most businesses) fits your criteria even if you had enough savings to take the risk. Personally, if I were your age and had your aspirations, knowing what I know now, I'd probably look at real estate. Doesn't take near as much money to get your feet wet, and there's nowhere near the risk of most businesses, certainly most franchises. Starting out I'd look at rehabbing houses that I when finished would sell in most places in this country in the $75 - $150,000 range. Bubble or not, there is a huge demand for nice starter homes. I can't think of another business with less downside risk and more potential. The best business could peter out before you're ready for it to. Real estate is forever.
Re: What are you? - Both sniffing and doing have risks attached! You can merely sniff and leave something and end up missing out (negative risk) and you can do something that looks good to do but crashes (positive risk)... Those with the best chance of survival steer a middle course, so maybe GT is on the right track!


Share this article with your friends. Fund someone's dream.

Leave a comment below or share on the left and you'll help support entrepreneurs in Africa through our partnership with Kiva. Over $50,000 raised and counting - Please keep sharing! Learn more.

Newsletter

Get advice & tips from famous business
owners, new articles by entrepreneur
experts, my latest website updates, &
special sneak peaks at what's to come!

Name:
Email:

Popular Articles

Do You Pretend To Listen To People?

Purchasing Real Estate using the SBA 504 Loan

The Pure FUN of Learning & Using NLP

Suggestions

Email us your ideas on how to make our
website more valuable! Thank you Sharon
from Toronto Salsa Lessons / Classes for
your suggestions to make the newsletter
look like the website and profile younger
entrepreneurs like Jennifer Lopez.