GRC in Financial Services

Demands for board and executive accountability, maze of country-specific regulations, spiraling compliance costs, rapid globalization, and the need to more effectively manage risk have combined to create an urgent imperative to implement a comprehensive Governance, Risk and Compliance (GRC) programme. An integrated approach to governance, risk and compliance is important to properly address the common challenge of functional, process, and technology silos. An enterprise-level mechanism shall help all stakeholders collaborate effectively, reduce overall business risk, ensure better compliance and establish competitive advantage in the marketplace. Comprehensive GRC can enable better recognition, understanding, and prioritization of risks, which is critical to more effective decision-making and management of performance.

Banks have more to lose from inefficient financial processes and they have faced intensified regulatory compliance demands, both in the case of general regulation such as the Sarbanes-Oxley Act in the United States, the globally mandated industry-specific demands of Basel II, and region- or country-specific directives such as the United Kingdom’s Financial Services and Markets Act or the anti-money laundering provisions of the USA PATRIOT Act. Banks have increased their process automation efforts in response to those pressures, but in doing so they have failed to distinguish themselves from the general trend to focus on the negative aims of cost control and avoidance of regulatory sanctions. The costs of non-conformance to required regulations or laws range from fine and lawsuits to the voiding of contracts, loss of reputation of business opportunities, or shut-down by the authorities. This conservative approach has ironically increased banks’ exposure to risk at the enterprise level even as it contributes to stronger risk management practices within functions and business lines.

Insurers operating in the European Union face challenges stemming from the updated set of regulatory requirements known as Solvency II. The Supervisory Review Process of Solvency II aims to identify institutions with financial, organizational or other features that result in a higher risk profile. Because the authorities will review financial processes as well as governance and capital reserves, it will be necessary to know who participates in each process, what the person does, and the results of the process. In such a scenario, more important is the need to have an enterprise-wide picture of risk and the ability to identify and react to emerging risks. Also numerous regulatory compliance mandates from national and regional supervisory authorities underscore the importance of a GRC programme all the more.

Integrated GRC will attempt to increase the degree of integration of governance, risk and compliance efforts currently being performed by board, senior executives, assurance specialists, business unit executives and managers who execute a company’s mission and objectives. GRC being an integrated programme, all the three components – Governance, Risk & Compliance need to be approached differently due to their varying degrees of cultural influences and harmonization with systems across the world. Moreover, different accounting conventions across the world complicate the comparison of corporate performance across geographies. New principles-based standards like International Financial Reporting Standards (IFRS) show a lot of promise to tackle this problem though and proper amalgamation of these within GRC solution is needed.

Companies with effective GRC mechanism in place have been at advantage in recent past. Industry surveys like one conducted by Economic Intelligence Unit suggest that equity investors recognize the importance of governance, risk and compliance. Organisations with programmes to integrate governance, risk and compliance are less likely to have suffered significant stock price declines during the recent credit crisis. Also, institutions that invest in governance, risk and compliance are more likely to integrate pricing and risk. The more progress institutions had made in integrating governance, risk and compliance, the more likely they were to have increased product prices to offset higher risk during the credit crisis, according to the survey results.

The credit crisis and its aftermath have eroded confidence in banks’ ability to effectively manage risk with existing systems and policies. Financial services industry needs to put in very sincere efforts to restore the confidence of regulators, analysts, shareholders and customers. Also, an integrated & enterprise-wide approach to risk management is need of the hour instead of viewing risk management in solo is no longer feasible and cost-effective. Implementing a GRC program successfully is a very challenging affair and makes more sense to have a single vendor who could provide a complete GRC solution and thus avoid the complications of a multi-product and multi-vendor environment. In this scenario, most important thing to do for business leadership to grab the opportunity offered by GRC program and strategise to counter challenges in way of a successful GRC implementation.

Other Services of Interest

  • Celebrating 1 Year of GDPR - Webinars from Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • Procurement Fraud - Riskpro can help

    If you suspect procurement fraud, do contact Riskpro India and we can help to unearth the suspicious activity. Following are some of the ways in which we can help. 1. Review of onboarding...
  • GDPR - Data Privacy Trainings - Six Webinar on GDPR Anniversary - Riskpro

    GDPR turns ONE on 25 May 2019. On this Anniversary, lets explore what the last 12 months meant for global companies as it relates to Data Protection and Privacy. Riskpro India has organised 6 GDPR...
  • HIPAA Awareness Training (Mandatory) - Riskpro India

    EVENT OVERVIEW: HIPAA stands for the Health Insurance Portability and Accountability Act and is a US regulation that deals with security measures for protecting patient’s medical records. Employees...
  • SEBI's Insider Trading Amendment - Free Webinar by Riskpro India

    Another important compliance topic that kicks off today. SEBI Amendment to Insider Trading Regulations. Join us for an hour to learn the important changes and how to deal with these. Register -...
  • Sox Training

    Our sox training covers the following points. 1. What is SOX? 2. The Act and its Sponsorors. 3. The background for bringing in this act. 4. Major Sections in the Act 5. Section 404 overview 6...
  • GDPR Countdown

    Riskpro is working hard so that clients can GDPR deadline as the clock ticks away.
  • EU-US Privacy Shield for Data Transfers

    Come GDPR (General Data Protection Act) and EU-US PRivacy shield will assume more importance. Privacy Shield Overview The Privacy Shield program, which is administered by the International Trade...
  • Reduce your GDPR implementation Costs - Hire GDPR Experts in India

    Reduce cost for GDPR Compliance - Remote Consulting from India GDPR readiness assessment and implementation can be costly. And time is short. Instead of paying premium fees to local GDPR consultants...
  • Go to top