Managing Information Risk in Financial Services Andrew Smart
Managing Information Risk in Financial Services Webinar Feb 26th 2014
presented by Colin Lobley
http://manigent.com/uk.linkedin.com/pub/colin-lobley/2/7/563
Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management.
Accenture's 2019 study of compliance leaders finds the time for small actions has passed. See how the compliance function can keep pace amid rapid change.
Read more: https://www.accenture.com/pl-en/insights/financial-services/2019-compliance-risk-study-financial-services
Integrc’s 2013 annual GRC performance survey examined the effectiveness of GRC in large organisations to understand whether GRC investments are realising their intended benefits.
Managing Information Risk in Financial Services Andrew Smart
Managing Information Risk in Financial Services Webinar Feb 26th 2014
presented by Colin Lobley
http://manigent.com/uk.linkedin.com/pub/colin-lobley/2/7/563
Many of the fines issued by the FCA over the past few years can be attributed to poor information management. The threats from external cyber-attack and malicious insiders are escalating, with your corporate and client information being the primary target of the cyber criminals. The legal requirement on UK businesses will evolve with the proposed EU data protection regulation likely to come into force next year. It is therefore critical to implement robust information risk management.
Accenture's 2019 study of compliance leaders finds the time for small actions has passed. See how the compliance function can keep pace amid rapid change.
Read more: https://www.accenture.com/pl-en/insights/financial-services/2019-compliance-risk-study-financial-services
Integrc’s 2013 annual GRC performance survey examined the effectiveness of GRC in large organisations to understand whether GRC investments are realising their intended benefits.
Portfolio Agility– From Elusive Imperative to Practical Reality: Seven Dimens...UMT
More efficient and effective setting and implementing of strategy can be potentially achieved by leveraging a new style of PMO that is more comprehensive than in the past.
Agility is the elusive executive imperative of the day; long term success or failure depends on an organization’s skill at identifying and capturing opportunities faster than rivals do in this volatile and global business environment.
Bridging the gap between strategy and execution and facilitating better decisions and their deployment requires a non-ad-hoc, comprehensive roadmap to laying an enterprise-wide web of information sharing and structural change that is adopted at all levels of the company.
Private Equity: Powering Alpha Via AI, Analytics & AutomationCognizant
Embedding a data-driven approach that relies on the latest digital technologies, tools and techniques can help to increase the value of portfolio companies and enable them to transform – which can be critical while formulating exit strategies.
Mitigate Risk with Better Plan Execution and Organizational AlignmentPaige Pulaski
Strategic plans aren’t the only kinds of plans organizations must develop and execute. For many companies, focus on governance, risk management and compliance (GRC) dictate the direction of the business as much as any other initiatives. Too often, GRC management is siloed in one part of the organization and not directly linked to strategy and objectives. Forward-thinking teams are looking for an answer to the question, “How do you get GRC and strategy to operate in the same space?”
The current solution (and the problem) is that organizations often take a hyper-detailed, bottom-up approach. The official definition of GRC, as defined by OCEG in the GRC Capability Model, is that GRC is an “integrated capability to reliably achieve objectives while addressing uncertainty and acting with integrity.” Therefore, a proper approach to GRC – and risk management in particular – is a top-down, strategic alignment approach that manages enterprise risk and compliance in the context of overarching organizational objectives.
In this webinar, Michael Rasmussen of GRC 20/20 discusses how to successfully implement a top-down GRC strategy that manages risk and compliance execution in the proper context of the organization, department and process strategy.
You will learn how to:
> Align a top-down approach to GRC, starting with governance of objectives
> Mitigate risk in context of objectives and the rhythms of the business
> Monitor compliance and controls to ensure that objectives are met
> Ensure GRC activities are understood and followed through on
“CFOs will shift from their traditional role as administration and finance
experts, with technical skills based on administration, management
control, cash-flow management, and financial planning
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
Most CEOs and CXOs are not happy with the BI&A initiatives. There is an apparent gap between what insights/information the top management needs from IT, and what is delivered. In this presentation, you will get critical insights into what a BI&A architecture should contain in order to close this gap.
This presentation will help you understand the specific core building blocks needed to reach business outcomes, and how the BI&A architecture can serve this purpose – all viewed from a CEO/CXO’s perspective.
Contract Management Benchmarking and the Role of Technology Executive Briefsealsoftwaredept
The IACCM Annual Contract management survey found that many organizations’ contract management function has been relatively immune to decreased spending across business units within the enterprise.
Sarah deLiefde, Practice Leader in Gartner's Supply Chain Research Group, held a webinar on how corporate changes will impact the Quality Role by 2020. Specifically, there are 8 trends shaping corporate functions:
Security has risen to the top of the agenda amongst most C-suite executives and boards of directors today. Rapidly evolving security threats pose an ongoing, central challenge, as companies and governments face an increasingly sophisticated threat environment.
Accenture collaborated with the Ponemon Institute, LLC to explore the success factors of companies that demonstrated measurable improvement in security effectiveness over a period of two years. Find out how leapfrog organizations are improving their security posture and more quickly detecting security threats.
(Asia Tech Podcast) 25 Inspiring Quotes for Startup FoundersGraham Brown
Asia Tech Podcast http://www.ATP.show
Asia Tech Research http://www.AsiaTechResearch.com
From Mark Zuckerberg to Peter Drucker. Who inspires you? Don't forget to check out my free webinar series (link in the file)
(Asia Tech Podcast) 60 Inspiring Quotes for Entrepreneurs Graham Brown
Asia Tech Podcast http://www.ATP.show
Asia Tech Research http://www.AsiaTechResearch.com
From Seth Godin to Richard Branson, words of wisdom from entrepreneurs, rabble rousers and change makers.
http://www.Up.School
Portfolio Agility– From Elusive Imperative to Practical Reality: Seven Dimens...UMT
More efficient and effective setting and implementing of strategy can be potentially achieved by leveraging a new style of PMO that is more comprehensive than in the past.
Agility is the elusive executive imperative of the day; long term success or failure depends on an organization’s skill at identifying and capturing opportunities faster than rivals do in this volatile and global business environment.
Bridging the gap between strategy and execution and facilitating better decisions and their deployment requires a non-ad-hoc, comprehensive roadmap to laying an enterprise-wide web of information sharing and structural change that is adopted at all levels of the company.
Private Equity: Powering Alpha Via AI, Analytics & AutomationCognizant
Embedding a data-driven approach that relies on the latest digital technologies, tools and techniques can help to increase the value of portfolio companies and enable them to transform – which can be critical while formulating exit strategies.
Mitigate Risk with Better Plan Execution and Organizational AlignmentPaige Pulaski
Strategic plans aren’t the only kinds of plans organizations must develop and execute. For many companies, focus on governance, risk management and compliance (GRC) dictate the direction of the business as much as any other initiatives. Too often, GRC management is siloed in one part of the organization and not directly linked to strategy and objectives. Forward-thinking teams are looking for an answer to the question, “How do you get GRC and strategy to operate in the same space?”
The current solution (and the problem) is that organizations often take a hyper-detailed, bottom-up approach. The official definition of GRC, as defined by OCEG in the GRC Capability Model, is that GRC is an “integrated capability to reliably achieve objectives while addressing uncertainty and acting with integrity.” Therefore, a proper approach to GRC – and risk management in particular – is a top-down, strategic alignment approach that manages enterprise risk and compliance in the context of overarching organizational objectives.
In this webinar, Michael Rasmussen of GRC 20/20 discusses how to successfully implement a top-down GRC strategy that manages risk and compliance execution in the proper context of the organization, department and process strategy.
You will learn how to:
> Align a top-down approach to GRC, starting with governance of objectives
> Mitigate risk in context of objectives and the rhythms of the business
> Monitor compliance and controls to ensure that objectives are met
> Ensure GRC activities are understood and followed through on
“CFOs will shift from their traditional role as administration and finance
experts, with technical skills based on administration, management
control, cash-flow management, and financial planning
CEO / CXO Architecture - The missing piece in your BI&A architectureCorporater
Most CEOs and CXOs are not happy with the BI&A initiatives. There is an apparent gap between what insights/information the top management needs from IT, and what is delivered. In this presentation, you will get critical insights into what a BI&A architecture should contain in order to close this gap.
This presentation will help you understand the specific core building blocks needed to reach business outcomes, and how the BI&A architecture can serve this purpose – all viewed from a CEO/CXO’s perspective.
Contract Management Benchmarking and the Role of Technology Executive Briefsealsoftwaredept
The IACCM Annual Contract management survey found that many organizations’ contract management function has been relatively immune to decreased spending across business units within the enterprise.
Sarah deLiefde, Practice Leader in Gartner's Supply Chain Research Group, held a webinar on how corporate changes will impact the Quality Role by 2020. Specifically, there are 8 trends shaping corporate functions:
Security has risen to the top of the agenda amongst most C-suite executives and boards of directors today. Rapidly evolving security threats pose an ongoing, central challenge, as companies and governments face an increasingly sophisticated threat environment.
Accenture collaborated with the Ponemon Institute, LLC to explore the success factors of companies that demonstrated measurable improvement in security effectiveness over a period of two years. Find out how leapfrog organizations are improving their security posture and more quickly detecting security threats.
(Asia Tech Podcast) 25 Inspiring Quotes for Startup FoundersGraham Brown
Asia Tech Podcast http://www.ATP.show
Asia Tech Research http://www.AsiaTechResearch.com
From Mark Zuckerberg to Peter Drucker. Who inspires you? Don't forget to check out my free webinar series (link in the file)
(Asia Tech Podcast) 60 Inspiring Quotes for Entrepreneurs Graham Brown
Asia Tech Podcast http://www.ATP.show
Asia Tech Research http://www.AsiaTechResearch.com
From Seth Godin to Richard Branson, words of wisdom from entrepreneurs, rabble rousers and change makers.
http://www.Up.School
Catch the highlights from MWC16 in this quick recap. Learn about everything that happened at Mobile World Congress, including new virtual reality devices, the latest developments in IoT, and much, much more.
Artificial intelligence (AI) is everywhere, promising self-driving cars, medical breakthroughs, and new ways of working. But how do you separate hype from reality? How can your company apply AI to solve real business problems?
Here’s what AI learnings your business should keep in mind for 2017.
Study: The Future of VR, AR and Self-Driving CarsLinkedIn
We asked LinkedIn members worldwide about their levels of interest in the latest wave of technology: whether they’re using wearables, and whether they intend to buy self-driving cars and VR headsets as they become available. We asked them too about their attitudes to technology and to the growing role of Artificial Intelligence (AI) in the devices that they use. The answers were fascinating – and in many cases, surprising.
This SlideShare explores the full results of this study, including detailed market-by-market breakdowns of intention levels for each technology – and how attitudes change with age, location and seniority level. If you’re marketing a tech brand – or planning to use VR and wearables to reach a professional audience – then these are insights you won’t want to miss.
=>Concept of Governance
=>Risk and Control (GRC) as applicable to IT operational risk
=>Importance of documentation
=>DATA FLOW DIAGRAM for every application
=>Review of changes in the Data flow, reporting, etc.
=>Parameters for review
=>Importance of review on SLA compliance
=>Reporting to IT Strategy committee, Board etc.
GRC Strategies in a Business_ Trends and Challenges.pdfbasilmph
GRC services are primarily about governance, risk, and compliance. However, GRC strategies go beyond that. GRC revolves around every capability required to
support principled performance at different levels of an organization.
13 Top GRC Tools for an Integrated Governance, Risk and Compliance StrategyQuekelsBaro
Integrate business governance, risk, and compliance control using these top 13 GRC tools. Lower business costs, collaborate and meet compliance mandates.
Quant Labs, the research division of Quant Foundry has developed an operational risk model that supports the COO to pin point areas of process weaknesses. The model continuously learns the business operating model and enables the COO to target investment under different strategic scenarios.
Taking into consideration the importance of technology in audit, most of the organizations have started to find out how technology can change the space and how it can be applied. In order to acknowledge the significant contribution in the Audit Management industry, Insights Success has shortlisted “The 10 Recommended Audit Management Solution Providers 2019”
Risk & Advisory Services: Quarterly Risk Advisor Feb. 2016CBIZ, Inc.
In this issue: 1) Invest in Specialty Skills and Other Tips for Internal Audit Planning
2) Cyber Risk - Now It IS the Daily News 3) How to Build an Actionable Incident Response Strategy.
A flexible and agile platform TO BETTER MANAGE RISK AND CORPORATE ETHICS. The objectives of risk management can be described as the culture, processes, and structures that are directed
towards realizing potential opportunities whilst managing an adverse effect. PracticeLeague Risk Management System helps in managing risks and gives insights and actionable to keep those risks to an acceptable minimum.
Designing Enhanced Supervision for the Evolving Wealth Management Ecosystemaccenture
Converging and rapidly evolving industry trends are creating a new wealth management environment demanding Wealth Managers redefine supervisory governance to best support the firm’s growth strategies while balancing strong risk management. In this new Accenture Finance & Risk presentation we explore the evolving wealth management trends and challenges and outline four key business supervision design questions to support sustainable, long-term growth.
Transformational Power of Compliance Management Services in NCcapivisgroup
As the business landscape evolves, the demand for compliance management services NC (North Carolina) has surged, driven by the need for businesses to stay ahead of the curve. From data analytics to AI and automation, the role of management consulting firms like Capivis Group in this progressive industry is undeniable.
What is GRC – Governance, Risk and Compliance BOC Group
A simple guide to learn what Governance, Risk and Compliance (GRC) is all about, why it’s important and how you can use it to help drive enterprise objectives.
For more information visit: https://www.boc-group.com/governance-risk-and-compliance/
how to sell pi coins effectively (from 50 - 100k pi)DOT TECH
Anywhere in the world, including Africa, America, and Europe, you can sell Pi Network Coins online and receive cash through online payment options.
Pi has not yet been launched on any exchange because we are currently using the confined Mainnet. The planned launch date for Pi is June 28, 2026.
Reselling to investors who want to hold until the mainnet launch in 2026 is currently the sole way to sell.
Consequently, right now. All you need to do is select the right pi network provider.
Who is a pi merchant?
An individual who buys coins from miners on the pi network and resells them to investors hoping to hang onto them until the mainnet is launched is known as a pi merchant.
debuts.
I'll provide you the Telegram username
@Pi_vendor_247
Turin Startup Ecosystem 2024 - Ricerca sulle Startup e il Sistema dell'Innov...Quotidiano Piemontese
Turin Startup Ecosystem 2024
Una ricerca de il Club degli Investitori, in collaborazione con ToTeM Torino Tech Map e con il supporto della ESCP Business School e di Growth Capital
how to sell pi coins at high rate quickly.DOT TECH
Where can I sell my pi coins at a high rate.
Pi is not launched yet on any exchange. But one can easily sell his or her pi coins to investors who want to hold pi till mainnet launch.
This means crypto whales want to hold pi. And you can get a good rate for selling pi to them. I will leave the telegram contact of my personal pi vendor below.
A vendor is someone who buys from a miner and resell it to a holder or crypto whale.
Here is the telegram contact of my vendor:
@Pi_vendor_247
how can i use my minded pi coins I need some funds.DOT TECH
If you are interested in selling your pi coins, i have a verified pi merchant, who buys pi coins and resell them to exchanges looking forward to hold till mainnet launch.
Because the core team has announced that pi network will not be doing any pre-sale. The only way exchanges like huobi, bitmart and hotbit can get pi is by buying from miners.
Now a merchant stands in between these exchanges and the miners. As a link to make transactions smooth. Because right now in the enclosed mainnet you can't sell pi coins your self. You need the help of a merchant,
i will leave the telegram contact of my personal pi merchant below. 👇 I and my friends has traded more than 3000pi coins with him successfully.
@Pi_vendor_247
USDA Loans in California: A Comprehensive Overview.pptxmarketing367770
USDA Loans in California: A Comprehensive Overview
If you're dreaming of owning a home in California's rural or suburban areas, a USDA loan might be the perfect solution. The U.S. Department of Agriculture (USDA) offers these loans to help low-to-moderate-income individuals and families achieve homeownership.
Key Features of USDA Loans:
Zero Down Payment: USDA loans require no down payment, making homeownership more accessible.
Competitive Interest Rates: These loans often come with lower interest rates compared to conventional loans.
Flexible Credit Requirements: USDA loans have more lenient credit score requirements, helping those with less-than-perfect credit.
Guaranteed Loan Program: The USDA guarantees a portion of the loan, reducing risk for lenders and expanding borrowing options.
Eligibility Criteria:
Location: The property must be located in a USDA-designated rural or suburban area. Many areas in California qualify.
Income Limits: Applicants must meet income guidelines, which vary by region and household size.
Primary Residence: The home must be used as the borrower's primary residence.
Application Process:
Find a USDA-Approved Lender: Not all lenders offer USDA loans, so it's essential to choose one approved by the USDA.
Pre-Qualification: Determine your eligibility and the amount you can borrow.
Property Search: Look for properties in eligible rural or suburban areas.
Loan Application: Submit your application, including financial and personal information.
Processing and Approval: The lender and USDA will review your application. If approved, you can proceed to closing.
USDA loans are an excellent option for those looking to buy a home in California's rural and suburban areas. With no down payment and flexible requirements, these loans make homeownership more attainable for many families. Explore your eligibility today and take the first step toward owning your dream home.
How to get verified on Coinbase Account?_.docxBuy bitget
t's important to note that buying verified Coinbase accounts is not recommended and may violate Coinbase's terms of service. Instead of searching to "buy verified Coinbase accounts," follow the proper steps to verify your own account to ensure compliance and security.
US Economic Outlook - Being Decided - M Capital Group August 2021.pdfpchutichetpong
The U.S. economy is continuing its impressive recovery from the COVID-19 pandemic and not slowing down despite re-occurring bumps. The U.S. savings rate reached its highest ever recorded level at 34% in April 2020 and Americans seem ready to spend. The sectors that had been hurt the most by the pandemic specifically reduced consumer spending, like retail, leisure, hospitality, and travel, are now experiencing massive growth in revenue and job openings.
Could this growth lead to a “Roaring Twenties”? As quickly as the U.S. economy contracted, experiencing a 9.1% drop in economic output relative to the business cycle in Q2 2020, the largest in recorded history, it has rebounded beyond expectations. This surprising growth seems to be fueled by the U.S. government’s aggressive fiscal and monetary policies, and an increase in consumer spending as mobility restrictions are lifted. Unemployment rates between June 2020 and June 2021 decreased by 5.2%, while the demand for labor is increasing, coupled with increasing wages to incentivize Americans to rejoin the labor force. Schools and businesses are expected to fully reopen soon. In parallel, vaccination rates across the country and the world continue to rise, with full vaccination rates of 50% and 14.8% respectively.
However, it is not completely smooth sailing from here. According to M Capital Group, the main risks that threaten the continued growth of the U.S. economy are inflation, unsettled trade relations, and another wave of Covid-19 mutations that could shut down the world again. Have we learned from the past year of COVID-19 and adapted our economy accordingly?
“In order for the U.S. economy to continue growing, whether there is another wave or not, the U.S. needs to focus on diversifying supply chains, supporting business investment, and maintaining consumer spending,” says Grace Feeley, a research analyst at M Capital Group.
While the economic indicators are positive, the risks are coming closer to manifesting and threatening such growth. The new variants spreading throughout the world, Delta, Lambda, and Gamma, are vaccine-resistant and muddy the predictions made about the economy and health of the country. These variants bring back the feeling of uncertainty that has wreaked havoc not only on the stock market but the mindset of people around the world. MCG provides unique insight on how to mitigate these risks to possibly ensure a bright economic future.
Financial Assets: Debit vs Equity Securities.pptxWrito-Finance
financial assets represent claim for future benefit or cash. Financial assets are formed by establishing contracts between participants. These financial assets are used for collection of huge amounts of money for business purposes.
Two major Types: Debt Securities and Equity Securities.
Debt Securities are Also known as fixed-income securities or instruments. The type of assets is formed by establishing contracts between investor and issuer of the asset.
• The first type of Debit securities is BONDS. Bonds are issued by corporations and government (both local and national government).
• The second important type of Debit security is NOTES. Apart from similarities associated with notes and bonds, notes have shorter term maturity.
• The 3rd important type of Debit security is TRESURY BILLS. These securities have short-term ranging from three months, six months, and one year. Issuer of such securities are governments.
• Above discussed debit securities are mostly issued by governments and corporations. CERTIFICATE OF DEPOSITS CDs are issued by Banks and Financial Institutions. Risk factor associated with CDs gets reduced when issued by reputable institutions or Banks.
Following are the risk attached with debt securities: Credit risk, interest rate risk and currency risk
There are no fixed maturity dates in such securities, and asset’s value is determined by company’s performance. There are two major types of equity securities: common stock and preferred stock.
Common Stock: These are simple equity securities and bear no complexities which the preferred stock bears. Holders of such securities or instrument have the voting rights when it comes to select the company’s board of director or the business decisions to be made.
Preferred Stock: Preferred stocks are sometime referred to as hybrid securities, because it contains elements of both debit security and equity security. Preferred stock confers ownership rights to security holder that is why it is equity instrument
<a href="https://www.writofinance.com/equity-securities-features-types-risk/" >Equity securities </a> as a whole is used for capital funding for companies. Companies have multiple expenses to cover. Potential growth of company is required in competitive market. So, these securities are used for capital generation, and then uses it for company’s growth.
Concluding remarks
Both are employed in business. Businesses are often established through debit securities, then what is the need for equity securities. Companies have to cover multiple expenses and expansion of business. They can also use equity instruments for repayment of debits. So, there are multiple uses for securities. As an investor, you need tools for analysis. Investment decisions are made by carefully analyzing the market. For better analysis of the stock market, investors often employ financial analysis of companies.
Empowering the Unbanked: The Vital Role of NBFCs in Promoting Financial Inclu...Vighnesh Shashtri
In India, financial inclusion remains a critical challenge, with a significant portion of the population still unbanked. Non-Banking Financial Companies (NBFCs) have emerged as key players in bridging this gap by providing financial services to those often overlooked by traditional banking institutions. This article delves into how NBFCs are fostering financial inclusion and empowering the unbanked.
how to swap pi coins to foreign currency withdrawable.DOT TECH
As of my last update, Pi is still in the testing phase and is not tradable on any exchanges.
However, Pi Network has announced plans to launch its Testnet and Mainnet in the future, which may include listing Pi on exchanges.
The current method for selling pi coins involves exchanging them with a pi vendor who purchases pi coins for investment reasons.
If you want to sell your pi coins, reach out to a pi vendor and sell them to anyone looking to sell pi coins from any country around the globe.
Below is the contact information for my personal pi vendor.
Telegram: @Pi_vendor_247
What price will pi network be listed on exchangesDOT TECH
The rate at which pi will be listed is practically unknown. But due to speculations surrounding it the predicted rate is tends to be from 30$ — 50$.
So if you are interested in selling your pi network coins at a high rate tho. Or you can't wait till the mainnet launch in 2026. You can easily trade your pi coins with a merchant.
A merchant is someone who buys pi coins from miners and resell them to Investors looking forward to hold massive quantities till mainnet launch.
I will leave the telegram contact of my personal pi vendor to trade with.
@Pi_vendor_247
where can I find a legit pi merchant onlineDOT TECH
Yes. This is very easy what you need is a recommendation from someone who has successfully traded pi coins before with a merchant.
Who is a pi merchant?
A pi merchant is someone who buys pi network coins and resell them to Investors looking forward to hold thousands of pi coins before the open mainnet.
I will leave the telegram contact of my personal pi merchant to trade with
@Pi_vendor_247
GRC FOR CAPITAL MARKETS: Beyond Corporate Governance
1. 1
GRC FOR CAPITAL MARKETS:
Beyond Corporate Governance
Authored by:
Gary Cable, Director of Program Management, Sapient Global Markets
June 2016
2. GRC FOR CAPITAL MARKETS: Beyond Corporate Governance2 GRC FOR CAPITAL MARKETS: Beyond Corporate Governance2
3. 3
CONTROLS FRAMEWORKS IN
CAPITAL MARKETS
Underestimating the complexity, speed and
interdependencies of technical environments relied on
by capital market participants puts everyone at risk.
After the “Flash Crash” resulted in the loss of billions
of dollars in a matter of minutes, it became clear that
systemic risk was certainly not limited to exchanges—
and that all financial services firms need to address risk,
both systemic and procedural.
Retaining silos within information and functional
infrastructure hampers transparency and exposes
financial services firms to risk. Yet these silos remain,
reinforcing the need for a comprehensive risk
management framework to assist with identifying,
monitoring, managing and reporting on material and
relevant risks.
Systemic risk is caused by unforeseen events
and dependencies where the failure of a single
entity or application could cause a cascading failure—
and potentially bankrupt or bring down an entire system
or market.
Most capital market firms do a decent job of detecting
market risk at the organizational level, but often come up
short in identifying single points of failure that could
bring down a firm’s entire operations, or that create
policy or operational control gaps across legal entities or
lines of business.
The post-financial crisis world has created continued
pressure on capital markets firms to assess their
operating models and key risk areas relative to the
many regulatory changes that went into effect. However,
regulations themselves do not provide a framework
or a formal process for governance, and regulations
such as Reg SCI are not prescriptive about how such a
framework should be created.
Governance, Risk Management and Compliance (GRC)
is a discipline that aims to synchronize information
and activity in order to operate more efficiently, enable
information sharing, report more effectively and avoid
wasteful overlaps—all of which help organizations
manage systemic risk.
An effective GRC controls framework allows firms to
create a comprehensive approach to manage systemic
and other risk by identifying, documenting and
determining a course of action for remediating any such
risks. It does so by addressing characteristics of people,
process or technology equally.
While GRC is often associated with corporate governance
and policy issues, GRC can be applied to financial
events in the capital markets industry by creating a
controls framework specific to business events and
related risks.
INTRODUCTION
GRC can be applied to
financial events in the
capital markets industry
by creating a controls
framework specific to
business events and
related risks.
4. GRC FOR CAPITAL MARKETS: Beyond Corporate Governance4
Control frameworks are most effective when they can
be used to quantitatively analyze whether sufficient
controls exist and are consistently applied. This can be
accomplished by leveraging business process modeling
tools and persistent data repositories.
An actionable controls framework needs to identify
key dependencies, capture metrics and map them to
detect control points which are the granular events that
occur during the course of business along with their
checks and balances.
TOOLS FOR CREATING
FRAMEWORKS
Figure 1: A complete view of a GRC framework.
Events &
Controls
Rules
Regulations
Policy
Legal
Entity Line of
Business
(LOB)
Region
Business
Function
Accountable
Group
(People)
Assets &
Liabilities
Systems
and Apps
(Tech)
Data
FLOW
F LOW
5. 5
GETTING STARTED
A controls framework can involve multiple levels of
detail and sophisticated cause and effect relationships
throughout the organization. It should enable a firm
to make an intelligent determination of whether to do
something about a problem or leave it alone, depending
on the risk, cost and potential benefits.
Therefore, the best practice is to set the right scope,
focus on where to get the most return on investment in
relation to controlling high-risk areas and regulatory
issues and create a model that can be replicated and
expanded across the organization. The power comes
from leveraging a basic pattern to analyze a specific
problem in one part of the business and then apply it
iteratively to many parts.
Although building a controls framework can be complex,
most firms would rather proactively find risks instead of
having them detected by the audit committee or external
regulator. There is no real argument as to whether
firms should create a controls framework. Ultimately,
success will lie in how organizations set and manage the
appropriate scope and measure the benefits.
Principles from Enterprise Architecture (EA) can be
effective in establishing the connections between
business processes and functions, technology stacks,
security, people and data via their contextual, conceptual,
logical and physical architectures. EA frameworks, like
The Open Group Architecture Framework (TOGAF), use
business context to define the enterprise and the “why,
what, where, when and how” things are done. Merging
the foundational concepts of EA and GRC can be a very
effective combination in defining a controls framework
and building an effective business reference model.
It is also important to create templates for information
capture and distribution based on the firms’ business
reference model, preferably implemented as a web-
based survey where the data can be consistently defined,
captured and maintained. This approach can equally
be used as a method for distributing, analyzing and
visualizing the controls framework in a collaborative way.
Agile is another method that can be quite valuable.
Once scoping and framing are complete, manageable
sprints of work can take place to capture, analyze and
report out. Firms can then rely on a factory model to
incrementally build out the controls framework iteratively
over time and as needed.
Outside experts can offer a good combination of domain
knowledge and tools to help firms create a rationale
based on industry drivers, risk appetite, short-term
objectives and gaps—and help initiate a model that the
organization can continue to develop.
