Vedanvis risk transformation brochure


Published on

Governance, Risk and Compliance (GRC) is a multibillion-dollar industry worldwide and signs are that it’s growing. A 2009 AMR Research Inc. study found that US companies were expected to spend $29.8 billion on GRC across software ($9.2bn), external services ($6.6bn) and internal efforts ($14.0bn). Risk management followed by regulatory compliance was sighted as the key driver for the expenditure.

Despite the significant level of investment, apart from pockets of excellence, few financial services firms seem to have benefited significantly. More than five years after the financial crisis, spurred by a massive failure in risk management, it appears that lessons have not been learnt. In a 2012 study, the Chartered Institute of Internal Auditors (CIIA) found that 60% of fines levies by FSA in 2011 were down to weaknesses in risk management systems.

A significant transformation is needed in the way organisations assess and manager risks. They need to realise for themselves that risk management matters, and not let regulators dictate the risk agenda.

On a positive front however, there is growing evidence that firms see effective risk management as a means to enhanced reputation, greater competitiveness and market share. RIsk management and strong ethical behaviour is key to winning over consumer confidence in the financial services sector. This does however mean that risk management organisations need to reassess and realign strategies, processes and infrastructure to deliver value at reduce costs, thereby enhancing return on investment.

As a start to the debate, and by way of examples, this paper explores five strategies that will help organisations gain more commercial value from their risk management efforts (across all lines of defence), whilst improving process efficiencies and reducing costs.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Vedanvis risk transformation brochure

  1. 1.       Achieving  Risk  Mastery     5  Key  Strategies   to  an  efficient,  cost  effective  and  value  adding  Risk  Function   BUSINESS & RISK CONSULTING
  2. 2. Contents   Risk  Management  in  the  Spotlight   `     3   Risk  &  Compliance  Functions  Under  Increasing  Pressure       4   10  Questions  Boards  should  be  asking  themselves         5   Risk  Mastery  -­‐  Key  Strategies  for  Risk  Transformation             6             7   8   10   11   12     13     1. 2. 3. 4. 5.       2     Realigning  to  the  New  Normal       Reducing  Costs           Enhancing  Operational  Efficiencies         Enhancing  value  added  by  the  Risk  Function     Taming  the  Regulatory  Tsunami  –  Proactive  Compliance   What  are  the  Next  Steps                  
  3. 3. 2 1 Risk  Management  in  the  Spotlight       A  need  for  transformation     Risk  &  Regulatory  Management  in  the   Despite  the  significant  level  of  investment,  apart  from   Spotlight   pockets  of  excellence,  few  financial  services  firms  seem  to   have  benefited  significantly.    In  a  2012  study,  the  Chartered   Governance,  Risk  and  Compliance  (GRC)  is  a  multibillion-­‐ Institute  of  Internal  Auditors  (CIIA)  found  that  60%  of  fines   dollar  industry  worldwide  and  signs  are  that  it’s  growing.       levies  by  FSA  in  2011  were  down  to  weaknesses  in  risk   A  2009  AMR  Research  Inc.  study  found  that  US  companies   management  systems.       were  expected  to  spend  $29.8  billion  on  GRC  across   software  ($9.2bn),  external  services  ($6.6bn)  and  internal   efforts  ($14.0bn).      Risk  management  followed  by   regulatory  compliance  was  sighted  as  the  key  driver  for   the  expenditure.       “It  takes  20  years  to  build  a   reputation  and  5  minutes  to  ruin  it   and  if  you  understand  this  you  will   do  things  differently”   Warren  Buffet   Europe  would  be  expending  around  the  same  level   investment  to  deal  with  risks  and  meet  regulatory   requirements.    Indeed,  just  for  Solvency  II  alone,  the   Financial  Services  Authority  estimated  that  UK  insurers   would  be  spending  £3bn  on  implementation  alone,  over   and  above  ongoing  costs  of  between  £200  million  and   £400million  annually.     3     In  light  of  the  current  economic  environment,  Boards  are   putting  significant  pressure  on  risk  managers  to  show   measurable  return  on  investment.    No  longer  can  risk   functions  justify  their  existence  by  simply  preventing   losses  and  ”keeping  regulators  at  bay”.       On  a  positive  front,  there  is  growing  evidence  that  firms   see  effective  risk  management  as  a  means  to  enhanced   reputation,  greater  competitiveness  and  market  share.     This  does  however  mean  that  risk  management   organisations  need  to  reassess  and  realign  strategies,   processes  and  infrastructure  to  deliver  value  at  reduce   costs,  thereby  enhancing  return  on  investment.      
  4. 4. The  Risk  and  Compliance  Functions  are  under   Risk  &  Compliance   Functions  Under   Increasing  Pressure     4. Coping  with  Regulatory  Tsunami.            In   significant  pressure  from  various  stakeholders,   response  to  the  financial  crisis,  the  volume  of   including  the  Board,  Business  Unit  Customers,   regulation  and  regulatory  guidance    (including   Insurer’s  Customers  and  Regulators:   speeches  and  announcements)  has  increased   1. exponentially.    Firms  are  finding  it  s  great   Transforming  to  the  changing  risk  and   challenge  just  to  keep  on  top  of  regulatory   regulatory  landscape.    Financial  services  firms   developments,  let  alone  ensure  compliance   are  having  to  deal  with  the  “new  normal”;  new   emerging  risks,  new  scenarios  previously   5. Awakening  to  the  implication  of  more   considered  implausible  (including  sovereign   Senior  management  and  regulators  demand   UK,  for  example  the  creation  of  PRA  and  FCA)   greater  level  of  reporting  to  enhance   and  regulation.        The  Risk  &  Compliance   transparency  in  the  hope  that  any  impending   Function  also  has  a  role  to  play  in  winning  over   danger  is  highlighted  early  and  mitigation   customer  confidence  in  financial  services  firms.   2. frequent  and  resource  intensive  reporting.     failure),  and  a  constantly  evolving  regulator  (in   actions  taken  before  risks  materialize.    Solvency   Pressure  to  add  more  value.      Risk  and   Compliance  Functions  are  under  significant   pressure  to  enhance  return  on  investments,   and  adding  demonstrable  value  to  overall   business  performance  –  or  optimizing   Risk/Return  to  enhance  balance  sheet   performance.        No  longer  is  the  Board  and  the   business  content  with  the  Risk  Function     II  for  example  requires  an  annual  Solvency  and   Financial  Condition  Report  (SFCR),  quarterly   Returns  to  Supervisors  (RTS),  and  Own  Risk  and   Solvency  Assessment  Reports  (internally  and  to   the  regulator),  and  specific  reports  on  an  ad-­‐ hoc  basis  following  a  material  event.    The  level   and  frequency  of  reporting  puts  added   pressure  on  the  Risk  &  Compliance  Function.   keeping  the  regulators  at  bay  and  preventing   down  side  risk  only.     3. The  changing  economic  and  regulatory  landscape   coupled  with  the  internal  pressures  being  places  on   Lean  Risk  &  Compliance  Functions.      As  Risk  &   Compliance  Functions  reach  maturity,   performance  improvement  and  cost   containment  become  key  priorities,  whilst   ensuring  value  built  thus  far  is  not  diluted.     These  Functions  are  looking  for  new  ways  to   streamline  and  integrating  process,  leverage   automation,  embed  risk  management  into     business  process  and  explore  new  sourcing   4   options  to  leverage  economies  of  scale.   the  Risk  &  Compliance  Functions,  requires  them  to   transform  and  adapt  to  the  new  normal.       Transformation  will  follow  a  journey  of  continuous   improvement  as  these  Functions  evolve  into  a   critical  business  enhancing  functions  that  financial   services  firms  cannot  do  without.     .          
  5. 5. 2 1 10  Questions  Boards  should  be   Asking  Themselves   1. What  does  risk  management  mean  to  us  as  a  Board?   2. 6. Are  we  as  a  Board  and  collectively  as  a  company  effective  in  identifying,   What  are  my  key  risks?    How  can  I  be  assured  that  there  are  no  unknown  or   ignored  risks  lurking  in  my  organization?   measuring  and  managing  risks?   3. 7. Are  we  taking  the  right  amount  of  risks?     Do  we  know  what  value  we  get  out  of  our  risk  management  organisation?     8. Are  people  in  our  organization  risk  aware?    Do  we  encourage  the  right  risk   What  value  should  we  be  getting  and  how  does  it  compare  with  our  peers?   4. Is  my  Risk  Function  effective  in  helping  us  stay  on  top  of  risks?   5. What  is  my  total  cost  of  risk?    What  is  the  optimal  cost  of  risk  as  a  percentage   of  gross  revenue?  Where  do  we  stack  up  against  our  competitors?             5   taking  behaviours?   9. Is  risk  management  integrated  naturally  into  our  business  or  is  the  framework   divorced  from  how  risks  are  actually  dealt  with  at  the  cold  face   10. Are  we  receiving  the  right  risk  information  in  a  timely  fashion?    
  6. 6. Risk  Mastery     Key  Strategies  for  Risk  Transformation   Achieving  Risk  and  Compliance  mastery  has  to  be  the   To  improve  return  on  investment  in  risk  and  compliance   5  Key  Strategies  are  explored  to  enhance  value,  improve   prime  goal  for  orgnaisations  that  want  demonstrable   initiatives  require:   process  efficiency  and  reduce  costs:   commercial  value  from  their  Risk  and  Compliance   Functions,  at  reduced  cost  and  with  enhanced  process   • • • capital;  and   and  impending  events  that  could  dilute  risk   reputational  value;   • An  aggregate  risk  view  highlighting  specific  areas   where  greater  risk  taking  could  maximize  upside   by  stopping  unnecessary  value  leak;   • Controls  automatically  embedded  into  the  most   detailed  level  processes  greatly  minimizing  errors   leading  to  losses,  customer  redress  issues  or   regulatory  fines;  and   • Regulatory  developments  are  automatically   tracked  and  mapped  processes  enables  quick   planning  and  execution  of  regulatory  change.       6   Adding  more  value  through  greater  risk  taking   and  thereby  enhancing  risk  adjusted  return  on   Anticipation  and  proactive  management  of  new   adjusted  return  on  capital,  profitability  and   1. • Reducing  the  total  cost  of  risk  management  by   reducing  unit  cost  of  the  Risk  and  Compliance   Function,  and  reducing  losses  incurred  from   known  and  unknown  risks.   Costs  and  process  efficiencies  are  easier  to  quantify  and   should  be  the  natural  starting  point,  exploiting  as  many   “low  hanging  fruits”  as  possible.    Value  generated  by  risk   and  compliance  is  sometimes  harder  to  quantify,  although   clear  examples  will  be  presented  in  this  paper.    Enhancing   value  is  often  a  medium  term  goal  achieved  over  time.   Realigning  to  the  new  normal  and  tighten  up  risk   management   same  cost  base;   efficiency.    For  organisations  achieving  risk  mastery,  the   benefits  could  be  significant.    Some  example  include:   Adding  more  value  or  achieving  more  with  the   2. Reducing  costs     3. Enhancing  process  efficiency  through  systems   integration   4. Enhancing  value  added  by  the  Risk  Function   5. Taming  the  Regulatory  Tsunami  –  proactive   compliance  
  7. 7. 2 1 1.  Realigning  to  the  “New   Normal”  and  Tightening  Up   Risk  Management  Effort   Top  10  Risks     1.  Economic  Slowdown  /  Slow  Recovery   2.  Regulatory  /  Legislative  Change   3.  Increasing  Competition     4.  Damage  to  Reputation  /  Brand   5.  Failure  to  attract  and  retain  top  talent   6.  Failure  to  innovate  /  meet  customer  need   7.  Business  Interruptions   8.  Commodity  Price  Risk   9.  Cash  flow  /  Liquidity  Risk   10.  Political  Risks  /  Uncertainties     AON  Global  Risk  Management  Survey  2013   The   world   is   constantly   evolving   and   so   are   risks   and   opportunities   confronting   financial   services   orgnaisations.     Leading   ones   are   nimble,   can   foresee   and   understand   impact   of   new   emerging  risks   and   re-­‐aligning   to   ensure   that   priority   is   given   to   the   right   risks   and   blind   spots   /   unknown   risks   are   avoided.     If   successfully   achieved,   this   can   add   significant  value.    Enron,  Lehman,  BP,  Blackberry  and  Arthur   Andersons  are  only  a  few  example  of  how  undiscovered  or   un-­‐managed  risks  can  either  wipe  out  an  entire  organisation   (no  matter  its  size)  or  significantly  erode  market  value  (e.g.   Blackberry).       The  risk  landscape  is  changing.  Already  as  early  as  2007,  in  a   study   carried   out   by   the   Economist   Intelligence   Unit,   (involving  a  survey  of  200  major  orgnaisations)  participants   indicated  that  risks  related  to  human  capital,  reputation  and   regulatory   compliance   were   most   threatening,   while   traditional   quantifiable   risks,   such   as   financial   risk,   credit   risk  and  foreign  exchange  risk  as  least  threatening   3  Key  Strategies  to  Aligning  Risk  Management     1. 2. In   AON’s   annual   Global   Risk   Management   Survey   2013,   (involving  more  than  1,400  respondents)  top  risks  included   economic  slowdown/slow  recovery,  regulatory  &  legislative   Change,   and   Damage   to   Reputation   and   Brand.     Counterparty   credit   risk   was   ranked   20th   and   Interest   rate   fluctuations   ranked   31st.     AON   felt   that   computer   crimes/viruses/malicious  hacking  (ranked  18th),  social  media   (ranked   40th)   and   pension   risk   funding   (ranked   47th)   were   potentially   underestimated   as   they   all   had   a   potential   for   significant  concern.   “When  you  change  the  way   you  look  at  things,  the  things   you  look  at  change”   Wayne  Dyer   Martin  Wheatley,  Head  of  Financial  Conduct  Authority  in  the   UK,   in   a   recent   speech   stated   that   they   would   be   focusing   on   Behavioural   Economics,   taking   consideration   of   the   human  element  of  risk  management  both  on  the  part  of  the   financial  services  firm  and  their  customers.       Without   the   realignment,   the   organisation   is   increasingly   exposed   to   new   and   unmanaged   threats,   while   the   opportunity  to  optimize  cost  of  well-­‐managed  risks  is  lost.       7     3. Get  a  comprehensive  understanding  of  risks   Review   the   risk   universe   regularly   to   unearth   unmanaged  and  unknown    risks.      Using  this  same   exercise,  also  identify  risks  that  are  well  managed.     This   exercise   will   help   to   realign   resources,   present   areas   where   cost   savings   can   be   made,   and   highlight   areas   where   new   capabilities   need   to   be   developed.    In  practice,  successfully  executing  such   strategies   require   a   comprehensive   and   well   coordinated   approach   across   all   areas   and   levels   of   the   organisation,   supportive   information   technology,   an   embedded   risk   culture   and   cohesion   between   functions   (breaking   down   existing  silos).     New  Risks  require  New  Alliances   The   benefits   of   Risk   and   Finance   integration   are   well   known   and   much   activity   directed   at   driving   efficiencies   and   synergies   between   these   two   areas.     New   emerging   risks   around   people   and   reputation   require   new   collaborative   activity   between   the   Risk   and   Compliance   Function   and   Human   Resources   as   well   as   Corporate   Communications,   for   example.     Closer   link   with   the   Strategy   Department   is   also   paramount   given   the   strategic   nature   of   emerging   risks,   which   if   materialized,  could  shake  the  very  existence  of  the   organisation  regardless  of  size  /.     Regulatory  Engagement   UK   firms   need   to   develop   a   new   engagement   model   to   respond   to   the   “Twin   Peaks”   model   involving   the   Financial   Conduct   Authority   (FCA)   and   Prudential   Regulatory   Authority   (PRA).     A   proactive   and   active   engagement   model   will   help   build   the   regulator’s   trust   resulting   in   a   hopefully   less   intrusive   approach.     This   could   lower   regulatory   risk   management   costs   and   minimize   disruptions  caused  by  regulatory  interventions.  
  8. 8. 2.  Reducing  Costs   What  does  risk  and  management  of  these  risks  cost  my   organization?  Often,  a  question  that  most  organisations   would  find  difficult  to  answer.    Measuring  this  cost  would   3  Key  Cost  Reduction  Strategies   1. Reducing  losses.         This  is  a  key  responsibility  of  the  Risk  Function   help  to  assess  return  on  investment  and  support  efforts  to   anyway  and  TCOR  is  a  great  measure  of  its   introduce  cost  efficiencies.    How  is  cost  measured?   effectiveness.      Firms  will  need  to  get  a  good  handle   Expanding  on  AON’s  concept  of  Total  Cost  of  Risk  (TCOR),   on  pinpointing  areas  where  losses  have  occurred  and   costs  can  be  quantified  by  adding:   are  likely  to  occur.       regulatory  fines  for  compliance  breeches  can  be   minimized  by  embedding,  where  possible,  automated   are  insured  or  hedged  -­‐  reputational  risk  and   controls  deeply  within  processes.    This  could  for   opportunity  costs,  although  difficult,  would  be   example  be  achieved  through  a  behaviour  and  rules   worthwhile  quantifying  somehow  (even  if   based  technology  engine  through  which  process   estimated);   Business  Process   Outsourcing   Process,  systems  and  human  related  losses,  as  well  as   redress  for  example)  and  retained  risks  if  they   Knowledge   Centre  of   Excellence   Cost  of  loss,  including  regulatory  fines,  loss   caused  by  errors  (investment  loss  or  customer   • High  Value   Support   would  need  to  pass.    If  rules  are  not  complied  with,   the  process  is  not  executed,  or  flags  up  an  approval   • Risk  mitigation  costs  (hedging  costs  and   requirement.    Such  technology  is  in  existence  and   insurance  premiums)   • worth  exploring.     Internal  costs  including  Risk  &  Compliance  staff   and  related  infrastructure  and  other  operational   2. Reducing  Internal  Costs   costs  (this  would  include  costs  across  all  3  lines   The  obvious  choice  for  most  firms  is  to  reduce   of  defense)   headcount.      This  may  well  be  the  most  appropriate   In  practice,  data  limitations  and  lack  of  knowhow  and  skills   are  common  reasons  why  firms  fail  to  measure  cost  of  risk.       Significant   benefits   are   available   to   those   firms   who   are   able  to  surmount  this  challenge.       strategy,  however  if  executed  without  careful   planning,  it  could  potentially  dilute  some  of  the  value   that  a  Risk  and  Compliance  Function  would  have  built   up  within  their  organisation.      Innovative  sourcing   models,  if  implemented  effectively,  can  help  to   Although  it  may  sound  paradoxical,  reducing  cost  can   ensure  value  retention  (and  indeed  enhancement)  at   indeed  be  achieved  whilst  improving  process  efficiency   a  reduced  cost  base.       and  driving  higher  value.    Cost  reduction  is  often  a  catalyst   An  example  of  a  sourcing  model  could  involve   for  performance  improvement  and  efficiency  gains.   transfer  of  certain  Risk  and  Compliance  Function       8   personnel  into  a  third  party  service  provider.    The   deal  could  initially  guarantee  an  initial  level  of  cost     reduction  with  the  flexibility  to  flex  up  or  down.  
  9. 9. To  ensure  value  is  maximized  and  operational  cost   managing  risks,  assessing  risks  of  entering  new   optimized,  we  believe  a  three-­‐tier  sourcing  model  is   markets  or  change  in  strategic  direction,  etc.    In  such   worth  exploring.       cases,  executives  want  to  ensure  that  they  get   support  from  people  who  have  relevant  practical   Business  Process  Outsourcing  as  the  base     experience,  having  actually  executed  such  projects   Routine  tasks  such  as  information  gathering,  collating   and  strategies,  rather  than  theory  based  consultants.   reporting  figures,  producing  reports  based  on  defined   templates,  are  good  examples  of  the  type  of  non-­‐core   3. work  that  can  be  outsourced.   Reducing  cost  of  Insurance   Case  Study:    Individual  business  units  within  a  large   composite  insurer  were  allowed  to  determine  their   Knowledge  Centers   own  level  of  reinsurance  required  to  mitigate  risks.     For  more  complex  work,  knowledge  centers  staffed   The  results  on  a  group  wide  basis  was  that  these   with  skilled  personnel  can  be  utilized  effectively  and   businesses  reinsured  more  than  what  was  optimal   could  be  a  source  of  significant  cost  reduction.     from  a  risk/reward  perspective.      Their  negotiation   Examples  of  work  that  such  centers  could  deliver   reinsurance  transaction,  resulting  in  higher  prices  or   model  development,  model  validation,  data   reinsurance.   aggregation,  pricing,  product  development  support,   captive  reinsurer  and  all  Life  and  General  Insurance   High  Value  Support   reinsurance  had  to  be  placed  via  this  captive.       Governance,  risk  management  and  compliance  can  be   Results  –  On  an  aggregate  basis,  the  Group  could   a  complex  business.    Chief  Risk  Officers  now  need  to   exploit  diversification  benefits  and  retain  certain   be  skilled  in  a  multiplicity  of  very  complex  areas  in   previously  reinsured  risks,  enhancing  return  on   addition  to  having  excellent  stakeholder  management   economic  and  regulatory  capital.      The  Group  also  had   skills  ensuring  full  engagement  of  the  Board  and   the  power  to  negotiate  lower  price  of  reinsurance,   other  key  stakeholders.    Many  often  would  find  it   given  the  level  of  volumes  of  business.     beneficial  to  get  advice  and  guidance  from  a     peer/coach.      We  believe  executives  would  find  it   strategic  problems.    Example  of  areas  of  support   include:  dealing  with  regulatory  enforcement,     9   reviewing  effectiveness  of  Boards  in  overseeing  and       Business  Process   Outsourcing   Solution  –  The  Group  established  a  centralized   etc.   and  experienced  peers  to  help  resolve  complex  and   Knowledge   Centre  of   Excellence   power  was  also  limited  given  the  small  scale  of  each   include  actuarial  and  quantitative  processes  such  as   helpful  to  be  able  to  tap  into  a  pool  of  highly  skilled   High  Value   Support       Sourcing  or  Shared  Service  model    
  10. 10. 3.  Enhancing  Operational   Efficiencies  through   Systems  Integration   Integrate   Systems   to   Drive   Lower   Costs   &   Yield   Commercial  Insights   Case  Study  -­‐  Reporting   In   the   case   of   financial   reporting,   XBRL   (eXtensible   Business   Reporting   Language)   is   an   emerging   standard   means  a  new  concept.    Many  firms  have  however  found  it   that   promises   to   preserve   data   integrity   across   variety   of   challenging  to  implement  this  in  practice.    A  multiplicity  of   systems.    XBRL  is  a  language  for  electronic  communication   systems   build   on   different   standards   often   makes   it   of   business   and   finance   data.     It   provides   benefit   in   the   challenging  for  data  to  be  transferrable  across  systems.    If   preparation,   analysis,   and   communication   of   business   data   is   indeed   transferrable,   then   data   integrity   is   often   information.     It   has   robustly   demonstrated   cost   savings,   questionable.   greater  efficiency  and  improved  accuracy  and  reliability.   Systems  integration  offers  several  business  benefits:   Reporting  Case  Study   Systems   integration   as   a   means   to   reduce   costs   is   by   no   Regulators   are   widely   adopting   and   mandating   this   • If  data  can  be  treated  equally  across  different  systems,   this   open   up   potential   to   gain   new   insights   cross   functions   (e.g.   Risk,   Compliance,   Finance,   HR,   Products,  etc.)  or  cross  businesses.   standard   regulatory   reporting.     HMRC   in   UK   has   already   adopted   this   standard,   so   all   tax   filings   are   now   done   through  XBRL.    1  January  2013  was  set  as  the  deadline  for   banks  to  use  XBRL  to  send  data  to  their  regulator  who  in   turn   send   consolidated   information   to   the   European   If  regulators  adopt  such  a  standard,  multijurisdictional   Banking  Authority  (EBA).    EBA  has  developed  XBRL  based   regulatory   reporting   can   easily   be   centrally   processed   taxonomy   in   the   form   of   COREP   and   FINREP   reporting   with   significant   operational   efficiency   and   reduced   standards.     Similarly   the   European   Insurance   &   costs.   • Occupational  Pensions  Authority  (EIOPA)  is  mandating  an   XBRL   reporting   framework   for   insurers   to   start   reporting   • Accuracy   of   internal   and   external   report   would   improve,   hence   avoiding   wrong   decision   based   on   to   their   regulator   from   1   January   2014.           XBRL   adoption   will  continue  to  accelerate  given  the  benefits  it  offers.   incorrect   data   or   worse,   regulatory   censure   for   incorrect  reporting.   Market   estimates   indicate   that   if   implemented   skillfully,   and   synergies   exploited,   this   new   reporting   framework   Ability   to   easily   change   systems   or   service   provides,   could   significantly   reduce   processing   times   (up   to   70%   in   in   thereby  driving  competition  and  reducing  cost.   • some   cases)   and   if   reporting   was   done   centrally,   reduced   costs  of  reporting  for  global  firms.         10      
  11. 11. 4.  Enhancing  Value  added  by   the  Risk  Function     Baring  some  exceptions,  gone  are  the  days  when  financial   3. Early   Warning   System   –   a   Forward   Looking   services   firms   will   incur   risk   and   compliance   cost   only   to   Approach     satisfy  regulatory  requirements  or  merely  deal  with  down   Risk   is   ideally   placed   to   co-­‐ordinate   comprehensive   side   risks.     The   Board   and   front   line   business   demands   scenario   analysis   and   reverse   stress   testing   more  value  from  their  investment  in  the  Risk  Function.     exercises   to   help   the   organisation   become   proactive   in   anticipating   and   mitigating   risks   So   how   can   the   Risk   Function   add   more   value   to   the   before   they   have   the   chance   to   materialize.     For   business?    We  set  out  3  ways  to  greater  value  creation   2nd  Line  of  Defence  Analogy   Advisors   needs  tools,  capability,  an  intelligent  team  and  the   As   overseers,   the   Risk   Function   has   little   chance   to   bandwidth   to   anticipate   remote   and   unknown   add  real  value.    Risk  Functions  that  take  a  very  literal   risks.    Intelligent  sourcing  could  yield  this  outcome   interpretation   of   the   “2nd   line   of   defence”,   will   often   1. Picture  the  Titanic  sailing  on  a  collision  course   with  an  iceberg.    The  Chief  Risk  Officer  is  in  the   lookout  tower  and  sees  what  is  about  to   happen.   at  lower  costs.   From   Risk   Overseers   to   Risk   be  inclined  to  restrict  themselves  “wanting  to  remain   Taking  a  pure  2nd  line  of  defence  approach,   the  CRO  thinks  to  himself  saying     By   becoming   true   advisors,   the   Risk   Function   could,   The  Titanic  sinks  and  the  CRO  (who  happened   to  survive),  reports  to  tribunal,  pointing  out   the  breach  of  policy  and  controls  –  job  done.   senior   management   and   other   stakeholders.       They   Conversely,  taking  a  risk  advisory  approach,   the  CRO  would  have  shouted  out  to  the   Captain  saying     “Ahoy  there  Captain  –  not  my  call,  but  I  think   you  should  steer  the  ship  five  degrees  to  the  left   as  an  iceberg  collision  is  imminent  if  you  stay  on   course.”       The  Captain  responds  and  steers  the  ship  away   from  the  iceberg.    All  are  saved  and  the   Captain  is  pleased  with  the  warning  given  by   the  CRO.   forgiven   for   viewing   the   Risk   Function   as   a   hindrance.     while   maintaining   independence,   help   and   guide   the   businesses   in   identifying   and   managing   risks   on   a   day-­‐ to-­‐day   basis,   and   providing   real   time   assurance   to   could   also   suggest   opportunities   for   the   business   to   take  more  risks  through  their  aggregate  risk  analysis.   2. Benchmarking   –   Giving   Something   Back.       As   aggregators   of   information,   the   Risk   Function   is   ideally   placed   to   provide   useful   analytics   back   to   the   business.     This   data   will   allow   business   units   to   benchmark   themselves   and   strive   towards   improved   performance.    This  ought  to  help  get  greater  business   buy-­‐in   as   business   is   used   to   getting   requests   for   information   from   the   business   and   never   expecting   anything  back.   11     independent”.       Business   units   equally   would   be   “Mmmm,  I  wonder  whether  the  captain  will   steer  the  ship  to  avoid  the  iceberg.    I  will  watch   and  see  whether  he  complies  with  the  policies   and  guidelines.    I  can’t  interfere  as  I  need  to   maintain  my  independence.”     this  to  become  a  reality  though,  the  Risk  Function      
  12. 12. 5.  Taming  the  Regulatory   Tsunami  –  Proactive   compliance   In  the  wake  of  the  financial  crisis,  regulators  are  stepping   up   supervisory   initiatives   and   introducing   a   raft   of   new   regulation   and   guidance.     According   to   Reuters,   in   2011,   there  were  14,215  regulatory  announcements    -­‐   60  per  day   on   average.     The   announcements   can   include   anything   “The trouble with government regulation of the market is that it prohibits capitalistic acts between consenting adults. ” from  speeches  to  final  binding  rules.       Ironically,   the   very   regulations   aimed   at   preventing   How  are  leading  firms  dealing  with  Regulatory  Tsunami?       Leading   firms   are   taking   a   proactive   stance   by   leveraging   the   power   of   information   technology.     Although   early   days,   compliance   solutions   emerging   demonstrate  the  following  attractive  features:   • updated  regulation  and  guidance.    The  library   another  financial  crisis  are  now  featured  in  second  position   incorporates   in  the  top  10  global  risks  in  AON’s  Global  Risk  Management   • Powerful   analytic   systems   to   analyse   and   system   uses   existing   data,   its   rules   and   that   could   result   in   regulatory   censure   behaviours  and  information  from  experts.   (including   fines)   and   possible   reputational   damage.     The   ever-­‐changing   rules   makes   it   allowing   measure  compliance  on  a  real  time  basis.    The   increases   the   chances   of   regulatory   breeches   ~ Robert Nozick ontology   regulations.   struggling  to  comply:   The   volume   of   regulatory   change   significantly   robust   searchability   and   inter-­‐linkages   between   Survey   2013.     Although   willing,   firms   are   naturally   • A   comprehensive   library   of   continually   •  Detailed   end-­‐to-­‐end   processed   mapped   to   extremely   challenging   for   front   line   customer   facing   personnel   to   consistently   comply   –   workflow   development   that   helps   to   capture   mistakes  are  inevitable.     • specific   regulatory   line   item,   allowing   for   evidence   based   documentation   and   key   risk   and  performance  metrics.   The   cost   of   compliance   significantly   increases   under  the  current  regulatory  landscape  as  firms   Key  benefits  of  a  systems  based  approach  include:   are   having   to   skill   up   by   recruiting   more   compliance   professionals   and   solicit   help   from   • Real   time   compliance   monitoring,   that   prevents   breeches   of   regulatory   rules   or   external  third  parties.       internal   policies   and   acts   as   early   warning   The   “Twin   Peaks”   approach   to   regulation   in   the   UK   adds   system  of  impending  breeches   further   complexity   and   potential   cost   as   now   financial   services   firms   face   two   regulators,   the   Prudential   • anticipate  potential  regulatory  breeches.   Regulatory   Authority   (PRA)   and   Financial   Conduct   Authority  (FCA)  with  different  regulatory  approaches.   An   early   warning   system   allowing   firms   to   •  Documentary   evidence   tagged   to   regulation,   allowing  for  enhanced  compliance  monitoring     12   and  regulatory  interactions.  
  13. 13. What  are  the  Next  Steps   This  paper  merely  explores  some  ideas  of  ways  in  which   The  transformation  journey  could  start  out  with  a   The  gaps  resulting  from  the  diagnostic  phase  would  help   the  Risk  and  Compliance  Function  could  transform  to  yield   comprehensive  diagnostic  exercise  informing  on  the   to  inform  a  detailed  implementation  plan.    Stakeholder   higher  value  at  reduced  costs  and  with  improved  process   current  state,  including  the  assessment  of  perceived  value   engagement  is  key  to  designing  and  executing  the  plan.   efficiency.   added,  quantification  of  total  costs  and  understanding   Clearly  they  may  well  not  be  appropriate  or  relevant  for   components  of  TCOR,  and  mapping  current  process.   your  particular  needs,  hopefully  though,  these  ideas  would   The  information  gathered  from  the  diagnostic  phase  could   have  stimulated  thinking  of  the  possibilities  open  to   be  benchmarked  against  the  more  sophisticated   organisation  and  their  associated  benefits.   competitors  (i.e.  best  practice)  and  regulatory   Continuous  improvement  should  be  an  ongoing  journey   expectations.   for  any  organisation  and  Risk  and  Compliance  is  by  no   If  sufficient  gaps  are  identified,  the  transformation  journey   means  an  exception.    Regular  self  assessment  and   should  begin  with  a  clear  picture  of  the  end  state,   resulting  programme  of  improvement  will  help  ensure  that   quantifying  at  a  detailed  level,  the  desired  outcomes,  for   Risk  and  Compliance  Function  remain  relevant  and  are   example     structured  to  add  value  rather  than  be  a  cost  burden  to   • internal  costs  reduced  by  25%     • Losses  reduced  by  10%       • Reduction  in  error  rates  by  60%     • Reducing  reporting  times  by  two  weeks,     • etc   firms.     13   Relevant  third  party  partners  or  service  providers  could   support  execution.      
  14. 14.     For  more  information  contact:   Jay  Tikam   Tel:   +44  (0)  203  102  6750   Mob:   +44  (0)  778  551  8471   Email:     Vedanvi  Ltd   45  King  William  Street   London,  EC4R  9AN       BUSINESS & RISK CONSULTING