Ana-Maria Chirila (Manager) and Cecilia Tondini (Manager) from Avantage Reply Avantage Reply

Ana-Maria Chirila (Manager) and Cecilia Tondini (Manager) from Avantage Reply  Avantage Reply

Volatile markets and the increasing regulatory pressure have increased the urgency for financial services institutions to put robust governance, risk and compliance (GRC) frameworks and systems in place.

1.     What is GRC and why is it important?

GRC is an integrated strategy that empowers organisations to effectively manage organisational governance, risk, and compliance. A comprehensive GRC program includes two elements: an integrated GRC strategy and the tools and processes used to centralise, manage, and deploy this strategy.

Integrating GRC capabilities does not mean creating an entire department focused on GRC and dismissing decentralised management. It is rather about establishing an approach that ensures the right people get the right information at the right time; that the right objectives are established and that the right actions and controls are put in place to address uncertainty and meet compliance requirements.

When GRC is done right, the benefits accrue. Integrating GRC processes and technology across all or many silos can have the following advantages:

·       Reduced costs

·       Reduced duplication of activities

·       Reduced impact on operations

·       Better information quality

·       Ability to gather information quickly and efficiently

·       Ability to repeat processes in a consistent manner

2.     What are the Drivers of GRC?

Overall, GRC creates value by enabling financial institutions to manage and reduce risk in a coordinated manner: it facilitates the cooperation between the three lines of defence.

Broadly speaking, financial institutions gain efficiency in the following areas:

a.     Regulatory compliance

Regulation is central to the topic of GRC. Organisations must be aware of changing regulatory requirements and be able to adapt quickly. A well-defined GRC framework can help to do this, preventing compliance breaches and ensuring that necessary actions are taken at an early stage.

b.    Business processes

GRC enables to get a clear picture of all the business processes in place within the institution. It helps answer the questions: What is the role of a business entity? Who is responsible?

From that standpoint, management is able to identify the strengths and weaknesses of those processes and decide on areas for improvement and opportunities with the aim of increased control over the business.

c.     Risk and Control framework

As is the case with improved processes, GRC fosters the risk and control framework by enabling businesses to get an accurate map of all business risks and controls and to take appropriate mitigation actions as soon as they arise.

d.    Data management and reporting

At the level of data management, GRC allows better dissemination of information, providing a central source, improving data governance.

3.     Challenges of GRC implementation

GRC implementation is not an easy task: numerous implementation challenges await any financial institution starting this journey.

a.     Implementing GRC with agility

Implementing a GRC tool within a financial institution is not an easy task, as it involves many stakeholders developing a shared vision on processes and workflows. It may be time- consuming, as every business unit has its objectives within the primary organisational strategy. Ensuring that effective integration is in place may often be the most significant barrier to successful implementation.

b.    Engaging the three lines of defence

Risk management should not be the sole prerogative of risk and compliance managers or internal auditors only. Involvement from the front line is also very important.

Onboarding the three lines of defence is therefore a crucial and challenging step.

c.     Aligning GRC across the organisation

Successful GRC implementation requires a single approach to risk management, clearly defined roles, a single source of reliable information, and a good documentation of processes. The critical challenge is to lead people to an added value-driven behaviour – but once the direction and commitment culture is embedded, confidence that the team will “pick up the torch” is vital.

d.    Adoption challenges and IT requirements

Finally, implementing a GRC tool is not only about people, but also requires a strong assessment of the underlying IT dependencies.

In order for financial institutions to successfully tackle the above-mentioned challenges, opting for a well implemented GRC tool through a structured, agile, and integrated approach can be the solution. To assist with this, Avantage Reply has recently entered into a partnership with MetricStream, a global market leader in integrated risk management (IRM) and governance, risk, and compliance (GRC). The hope is that this partnership will combine the deep expertise in risk management of Avantage Reply with that of MetricStream in order to help financial institutions to successfully tackle their GRC challenges.

More information about GRC at Avantage Reply .