Meeting the challenges of governance, risk and compliance

22 November 2010

By Steve Husk,
FRSGlobal chief executive officer


The current economic climate heightens the need for all financial services firms to accurately gauge required levels of regulatory compliance and economic capital in order to support their business strategy and risk appetite. More regulations are on the way, demanding increased transparency and more frequent and accurate information about company operations. Robust and comprehensive risk management, regulatory compliance, and efficient governance are therefore topical areas for discussion at many financial institutions. What does this really mean for organisations?


The goal of the compliance process is to make sure that a financial services company meets all of the demands placed on it by the external institutions that make laws and regulations. It also provides a set of guidelines with regard to best practice and processes. Compliance is achieved through various controls that are defined and established to help organisations prevent or detect policy violations and to improve business processes throughout the organisation. Problems discovered using these controls often lead to the redesign of processes to better meet both business and compliance goals.


Identifying, assessing, measuring and monitoring risks is fundamental to establishing business processes that can help companies manage risk with confidence while maximising their opportunities according to their strategy. Effective risk management enables companies to protect the value built within an organisation and can also create new value by identifying opportunities to build growth, increase competitive advantage and drive efficiencies.


Good governance is about steering the company in the right direction as well as evolving policies and procedures and improving efficiency to achieve better alignment with corporate goals. Governance, when properly implemented, helps guide the evolution of a company. Governance processes help create orderly ways to evolve a company as well as improve program and change management across the board.

An enterprise-wide, systematic approach to governance, risk and compliance leads to a process that constantly deepens management understanding of what is going on in a business, while increasing confidence that risks are being managed and key business strategies are being efficiently executed. Such an approach creates a sustainable stream of high-quality information that can help the business turn strategy into actions, track and monitor risks, improve processes, enhance performance and innovation for developing new products and processes, and be a driver for business change. By integrating multiple risk capabilities, organisations can model and predict the impact of actions to ensure that tactical behaviour does not undermine future growth, reputation or viability.


In the past – and in some cases, the present - financial services companies have conducted their business using a silo approach. While streamlining the pre- and post-trade cycle was already underway before the Lehman Brothers default and the financial crisis that followed, it was accelerated by that event and is now occupying boardrooms as never before. Managing information prepared at different frequencies makes comparisons difficult or even impossible, as with no proven way of aggregating data, many companies are unable to gain a company-wide view of risk. There is little transparency of the risks at an enterprise level, and generally, any formal focus on risk management is on the negative aspect rather than taking a proactive approach to strategic risk management. This fragmented approach to risk, with different departments doing their own thing, creates a false sense of security. Members of senior management may believe that their organisations are managing risk, but in fact, these organisations often lack any visibility or insight. This is precisely what happened at Lehmans. The only real perspective a firm has is the historical perspective, and managing a business based solely on looking out of the rear view mirror does not allow a business to move forward.

Straight-through processing or a more holistic approach to regulatory reporting?

By using a framework as offered by FRSGlobal to track, monitor and even model key risk indicators directly against business performance, a financial services company can begin to implement change across the enterprise to increase efficiency and improve business processes. This can lead not only to cost savings and an improved bottom line, but also to a higher degree of performance within the business. Compliance is not negotiable, how a firm manages risk can revolutionise the way to help to protect value, but putting the two together is the way forward.

Risk management today needs to provide automated monitoring of many key risk indicators as soon as certain thresholds are reached so that relevant risk information is constantly being identified, analysed and managed before the risks become loss events and negatively affect the business. By establishing a single platform to automate risk management processes across disparate systems enterprise-wide, multiple scenarios can be modeled for future projects or products. These scenarios can be effectively risk-adjusted and managed, before submitting the proposed plans to management and regulator.

Straight-through processing was an ongoing issue for firms during the 1980s and 90s, at this time it was felt that a single front–middle-back office solution was the answer to the problem of faster trading and risk management. However, in the late 90s focus shifted to the business of securitisation and product silos became even more entrenched.

Integrating compliance and risk management means we are going back to the idea of focusing on business processes that improve operational efficiency effectiveness while effectively managing risks and meeting regulatory reporting requirements for risk-based performance management to all internal and external stakeholders. In other words they are two sides of the same coin. Strategy is the ‘what’. Governance is the ‘how’. Strategy management lays out the goals of the organisation as well as initiatives for turning those goals into action. Governance provides the rules, policies and applicable regulations that must govern those actions. Business planning is more effective when it is informed about the material risks to the business, and resources for mitigating those risks are allocated appropriately. Financial results need to be consolidated in a way that ensures compliance in order to be reportable. In each case, parallel business processes are utilising the same data for separate but related purposes.

Ultimately, all parts of the business interact and each has a dependency on the other.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development