Demands for board and executive accountability, maze of country-specific regulations, spiraling compliance costs, rapid globalization, and the need to more effectively manage risk have combined to create an urgent imperative to implement a comprehensive Governance, Risk and Compliance (GRC) programme. An integrated approach to governance, risk and compliance is important to properly address the common challenge of functional, process, and technology silos. An enterprise-level mechanism shall help all stakeholders collaborate effectively, reduce overall business risk, ensure better compliance and establish competitive advantage in the marketplace. Comprehensive GRC can enable better recognition, understanding, and prioritization of risks, which is critical to more effective decision-making and management of performance. 

Banks have more to lose from inefficient financial processes and they have faced intensified regulatory compliance demands, both in the case of general regulation such as the Sarbanes-Oxley Act in the United States, the globally mandated industry-specific demands of Basel II, and region- or country-specific directives such as the United Kingdom’s Financial Services and Markets Act or the anti-money laundering provisions of the USA PATRIOT Act. Banks have increased their process automation efforts in response to those pressures, but in doing so they have failed to distinguish themselves from the general trend to focus on the negative aims of cost control and avoidance of regulatory sanctions. The costs of non-conformance to required regulations or laws range from fine and lawsuits to the voiding of contracts, loss of reputation of business opportunities, or shut-down by the authorities. This conservative approach has ironically increased banks’ exposure to risk at the enterprise level even as it contributes to stronger risk management practices within functions and business lines.

Insurers operating in the European Union face challenges stemming from the updated set of regulatory requirements known as Solvency II. The Supervisory Review Process of Solvency II aims to identify institutions with financial, organizational or other features that result in a higher risk profile. Because the authorities will review financial processes as well as governance and capital reserves, it will be necessary to know who participates in each process, what the person does, and the results of the process. In such a scenario, more important is the need to have an enterprise-wide picture of risk and the ability to identify and react to emerging risks. Also numerous regulatory compliance mandates from national and regional supervisory authorities underscore the importance of a GRC programme all the more.

Integrated GRC will attempt to increase the degree of integration of governance, risk and compliance efforts currently being performed by board, senior executives, assurance specialists, business unit executives and managers who execute a company’s mission and objectives. GRC being an integrated programme, all the three components – Governance, Risk & Compliance need to be approached differently due to their varying degrees of cultural influences and harmonization with systems across the world. Moreover, different accounting conventions across the world complicate the comparison of corporate performance across geographies. New principles-based standards like International Financial Reporting Standards (IFRS) show a lot of promise to tackle this problem though and proper amalgamation of these within GRC solution is needed.

Companies with effective GRC mechanism in place have been at advantage in recent past. Industry surveys like one conducted by Economic Intelligence Unit suggest that equity investors recognize the importance of governance, risk and compliance. Organisations with programmes to integrate governance, risk and compliance are less likely to have suffered significant stock price declines during the recent credit crisis. Also, institutions that invest in governance, risk and compliance are more likely to integrate pricing and risk. The more progress institutions had made in integrating governance, risk and compliance, the more likely they were to have increased product prices to offset higher risk during the credit crisis, according to the survey results. 

Conclusion
The credit crisis and its aftermath have eroded confidence in banks’ ability to effectively manage risk with existing systems and policies. Financial services industry needs to put in very sincere efforts to restore the confidence of regulators, analysts, shareholders and customers. Also, an integrated & enterprise-wide approach to risk management is need of the hour instead of viewing risk management in solo is no longer feasible and cost-effective. Implementing a GRC program successfully is a very challenging affair and makes more sense to have a single vendor who could provide a complete GRC solution and thus avoid the complications of a multi-product and multi-vendor environment. In this scenario, most important thing to do for business leadership to grab the opportunity offered by GRC program and strategise to counter challenges in way of a successful GRC implementation.