Many areas of modern business have been transformed by digital technology. The way we communicate, collaborate, share information has been fully digitised in many cases, and a whole host of other business processes are digitally advanced. Yet some areas of business remain curiously untouched by digitisation – these include risk management and compliance.
Most major organisations have a compliance officer or director, but many of these still have to rely on analogue tools such as Excel to monitor compliance requirements and manage risk. Given the sheer volume of compliance and regulation requirements in modern business, and the penalties for failing to adhere to such regulations – in the US alone in 2016, 30 companies were fined a total of $2.4bn for non-compliance under the country’s Foreign Corrupt Practices Act – it is surprising that beleaguered compliance and risk management officers aren’t given more technology assistance.
What’s the reasoning behind this, and how can organisations use the on-going risk management that only comes from digitisation to gain critical competitive advantage?
Complex regulatory environment
Few would doubt the challenges of ensuring compliance in the finance services (FS) sector. It’s an industry that has always been heavily regulated, but is set to become even more so in the years to come. New regulations such as MiFID II and MAR increase the regulatory requirements for FS firms and initiatives yet to take effect, such GDPR, will also impact what is required to remain compliant.
There is also Brexit to consider. When the UK leaves the EU, UK, FS firms will no longer be able to passport their services across the EU under the Single Market Directives as they do currently. Without this, a UK bank must have state-level authorisation to perform regulated activities in the EU. This is no small undertaking, particularly if multi-state authorisation is needed.
More risk to manage
Compliance is just one of the risks that a modern FS firm has to manage. They must also factor in the highly uncertain times that we live in and one could argue that there is more risk to manage than at any other time in history.
Even if we ignore Brexit for one moment, politics in 2017 is highly unpredictable. While much of President Trump’s campaign rhetoric is yet to fully materialise, second-guessing what he might do next is difficult and it is easy to see an impact on worldwide currency and the operations of FS firms all over the world.
Then is the on-going and growing risk of cyber attack. The WannaCry worm made its way to around 150 countries, and the sophistication and expertise of cyber criminals make it increasingly tough for businesses to cope with this threat.
Pro-active risk management
For any FS firm, risk management is both increasingly important and increasingly challenging. Staying on top of the myriad risks to an organisation is becoming one of the number business priorities for management teams all over the world.
But traditionally, risk management has been perceived as a defensive discipline in business. Most organisations have approached it thus: have a function that owns and manages risk, another that looks at compliance and risk management monitoring and a third that offers independent risk assurance.
This approach however, is not suited to the type and volume of risks in modern business. Adopting a more pro-active approach to risk management is not only more effective when it comes to warding off risk, but it also allows FS firms to turn that into competitive advantage.
A major part of this is tied up in automation. Many previous risk management and compliance projects had a beginning and an end, but the on-going and varied risks in 2017 mean that risk management must be an on-going process too. And this means digitisation.
Goodbye to analogue risk management
Using Excel to manage risk in such an environment is simply fit for purpose, and leave organisations highly vulnerable to a variety of different risks. A modern approach to risk management in FS combines automation with input from industry experts and thought leaders that can help map the risks faced by an organisation, across territories, sectors and a range of other areas.
Given that most companies face similar challenges and risks to their competitors, knowing more about those risks, when they might occur and the consequences of failing to manage them effectively, will enable that firm to steal a march on those competitors. They can consider each risk on the horizon and assess each one as to their probability of occurrence. The magnitude and impact of each risk is also assessed, before the adoption of a new strategy and/or tactic to deal with it, whether that’s warding off a fresh cyber attack or spotting a compliance change in a new market.
This enables the creation of an advantage over organisations that do not manage risk in this way and the value to any FS business cannot be under-estimated. The right tools can assist any company in risk management by providing control and compliance, monitoring technology, market research and analysis, and furthermore can be used proactively. Instead of using risk management to tell people what they can’t do – a defensive measure – a continuous and digitised approach instead allows an organisation to exploit opportunities and provide it with competitive advantage.
Eric Berdeaux is CEO of OXIAL, the new generation GRC solutions provider