On the one hand the fast evolving field of technology and on the other, risk management and compliance. How these functions are brought together and managed can create strategic advantages.

The evolution of banking

Looking back at banking in the 1980’s, banks were focused mostly on taking deposits and making loans provided through a branch network emphasising face to face contact with customers. These customers were not sophisticated and trusted their bankers to act in their best interest.

With the dramatic advancement in technology though the 1990’s and beyond, customers have become increasingly sophisticated and now demand an ever-increasing variety of products from their bank.

In response to this demand, traditional banking services have evolved to include diverse offerings such as stock trading, mutual funds, credit cards, mortgages, investment advice, financial news, payment services and even the ability to buy your cellphone airtime or Lotto tickets online from some banks.

These changes that have been brought about by new products, more sophisticated customers, changing cost structures, and enhanced competitive pressures that have all joined to transform the structure and risk profile of the banking industry.

The recent financial market crisis resulted in the global economic meltdown of 2008-2009. Following the crisis, banks have been thrust into an ever-intensifying regulatory environment and face a whole host of new compliance requirements pertaining to risk management.

A seemingly endless string of new regulatory guidelines means the compliance baselines a bank must meet are now a moving target and this places the risk management profession under much scrutiny.

Risk management and compliance

The challenge faced by risk management and compliance is to keep pace with the evolutionary change in the nature of banking business.  One way to meet this is to leverage upon the strengths inherent in technology, such as its ability to adapt to changing circumstances.

Changes that are introduced by new regulations can create opportunity if a bank is able to adapt to them quickly enough and implement risk management and compliance controls to strategically manage these changes ahead of its competitors.

Technology if used wisely can help banks to meet compliance requirements with beneficial side effects such as improved efficiencies. However, with so many of the new regulations still lacking clarity and due to cross jurisdictional differences in the implementation of new requirements and standards, many banks have been cautious about investing in group-wide systems intended to ensure compliance.

Not withstanding these challenges, banks must take account of an increasingly important requirement for achieving effective risk management and compliance, which is real-time data monitoring and retention.

Systems and technology acquired or adapted by banks to meet the new challenges in risk management and compliance introduced by a host of revised regulatory requirements, must take account of this. Real-time data monitoring and retention will become key to successfully meeting the new and varied risk management and compliance standards. This is regardless of the extent of their implementation in different jurisdictions.

It has become sound risk management and compliance practise to have access to real-time data in a form that is relevant to the management of the bank and regulatory risks.

Taking cognisance of these changes and requirements for successful risk management and compliance, success can be distilled to a question of whether a bank can prove that they know X?  The factor X could be anything from a banks exposure to counterparty risk, liquidity risk, a capital adequacy ratio or whatever risk factor it might be.  A bank will be required to validate and substantiate the results of its risk management and compliance monitoring.  Metaphorically, the proof of the pudding will be in the tasting.

Therefore, to achieve effective risk management and compliance standards in a bank, exposures must be measured in real-time and the information provided usable and relevant to risk management and compliance.

Technology is suitably positioned to play a critical role in achieving high risk management compliance standards.

What is the difference between Governance, Risk Management, and Compliance?

They have become an accepted terms that describe similar related actions and procedures by an organisation.

The three terms are closely related, and are increasingly integrated and aligned by business wherever it is practically possible so as to avoid conflicts, wastefulness and gaps.

Organisations typically interpret the three terms differently. Differences in interpretation also occur across divergent international jurisdictions.

Generally, the terms typically relate to activities such as corporate governance, enterprise risk management and corporate compliance with applicable laws and regulations.

The application of good governance, effective risk management and compliance with laws and regulations are contributing toward a new way in which businesses are adopting an integrated approach to management.

To illustrate the difference between governance, risk management and compliance the terms have been broken down into their core purposes.

Governance

1. The overall management approach through which senior executives ethically direct and control an organisation.
2. Integrates management information reporting with management control structures.
3. Governance ensures that important information reaches the proper organisational level and it is complete, correct and timely thus allowing for management decision-making.
4. Instills control mechanisms to make sure that strategies, directions and instructions from management are carried out systematically and effectively.

Risk management

1. Processes through which management identifies, analyses and where necessary responds to risks that may derail the organisation’s business goals.
2. Response to risks depends on their perceived gravity and involves controlling, avoiding, accepting or transferring the risk to a third-party.
3. Organisations manage their exposure to a range of risks (e.g. technology risk, financial risk, information security risk etc.).
4. Currently it is arguable that legal and regulatory compliance risks are the most important for organisations.

Compliance

1. Conforming to stated requirements.
2. Compliance is achieved through processes that identify certain requirements in laws, regulations, contracts, strategies and policies.
3. Assessments determine the extent of compliance and take account of the potential costs of non-compliance verses the projected cost incurred to achieve compliance.
4. Prioritize, fund and start any corrective actions deemed necessary.

Governance, risk management and compliance are not recent inventions but in the United States the promulgation of the Sarbanes-Oxley Act was the catalyst for interest. Listed companies became obligated to comply with the provisions of this Act once it was introduced and to design and carry out suitable governance controls to comply.

Governance, risk management and compliance have however since shifted significantly towards adding business value by improving operational decision-making and strategic planning.