Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X

click here to

Subscribe to our newsletter



To Unsubscribe click here

The risk of waiting to implement Regulatory Compliance in the financial services industry



For some reason, many businesses in general but financial services in particular sit on their hands, acting as if it is business as usual, nothing has changed and does not wish to lead the game of implementing new regulatory compliance mandates. What are the risks businesses are taking with their relaxed approach to these known impending regulatory changes?

What is the impact of delayed regulatory compliance apart from the obvious monetary risk comes in the form of fines and penalties for non-compliance and loss of reputation when exhibited on the website of the oversight authorities.

Middle-of-the-road C suite GRC officers
The fact that many financial organizations wait until the final deadline to comply results in the components and implications being conducted in silo's and not across the transactions, they are often undocumented and tested, do not necessarily create any value or mitigate real risks as rushed middle-of-the-road C suite GRC officers who are forced to perform the simple ticking the box exercise, to comply by offering reasonable explanations & disclosures to the oversight authorities.

Recently the Basel Committee on Banking Supervision released its "Principles for Effective Risk Data Aggregation and Risk Reporting". The aim was clear: to help avoids a repeat of the financial crisis of 2008 by ensuring that banks are making decisions based upon timely and accurate risk data. We have been told time and again that the crisis was prolonged due to the fact that many financial institutions and banks had deficiencies in their ability to aggregate risk exposures. Additionally the failure to make and understand the risk based decisions in a timely fashion had dire consequences for both the institutions and the global financial market as a whole.

Last-minute compliance barrel on the forehead
Regulators and politicians have virtually zero tolerance for excuses from the financial sector. To accommodate the oversight authorities banks and financial institutions hire loads of GRC employees no matter the cost of completing the GRC work and adhere to regulations.

We recommend that these complex GRC projects become extremely expensive because they are implemented under frantic, last-minute circumstances with the compliance barrel on the forehead. To mitigate these enormous execution risks, financial institutions and banks will inevitably throw money at the compliance and oversight problem, rather than develop smart implementation GRC plan and execute well ahead of the deadline. The EU Bank Union is another typical example of extreme non-compliance to creating GRC value. http://www.copenhagencompliance.com/2014/annual/FinancialFramework.pdf

More legislation, rules and guidance Often it is not the fault of businesses alone. The regulatory authorities are also confused with the compliance overreach. The GRC overreach is due to the fact that oversight and regulatory authorities all over the world, are implementing more legislation, rules and guidance to confuse and complicate compliance. We need to rethink the GRC strategies that can ensure that financial businesses and organisations are making decisions based upon timely and accurate risk data to avoid a repeat of the financial crisis of 2008. Financial Institutions and Banks are taking huge risks by betting against regulators' ability to implement reforms in a timely manner. There seems to be a persistent mentality in the financial and banking industry to fight regulation by being passive. The right answer is to ensure that each GRC component must be implemented in such a way that the activity creates value, its integrated in the processes its embedded across the organization, and finally GRC processes are structured, documented, created and implemented in such a way, that it can be automated at some time in the future. The sum of the above creates Governance, Risk Management and Compliance value. It can be done! For more guidance: http://www.bis.org/publ/bcbs239.pdf. Principles for effective risk data aggregation and risk reporting Principles for effective risk data aggregation and risk reporting