The new compliance agenda has capitulated to the corporate compliance fatigue
The overly regulated oversight reporting requires an integrated compliance landscape where good governance results in optimized risk management and automated compliance processes. The journey of Governance, Risk, Compliance and IT-Security (GRC) conformity, requires a holistic approach in addressing the massive overreach. The Copenhagen ComplianceŽ Global Actionable Regulatory Program (GARP) maintains the governance religion but changes the risk management rituals to be compliant.
Between the years 1945 and 2008, the frequency of financial crises and/or occurs every five years . Therefore, statistically we are currently on the verge of another crisis. The Greek crisis, the collapse of the Chinese banking system, the global real estate or the stock market bubble, Middle East political issues are just some of the triggers that could destabilise the global financial system any day.
Think global, but act on the each GRC component
Therefore, legislators, oversight authorities and organisations have introduced and implemented an alarming number of new and complex legislative initiatives to avoid another uncontrollable financial crisis. The sheer magnitude of regulation has brought the companies and global corporations on their knees, begging for less compliance, while management often has a disturbingly ambiguous approach on how to address the increasing collection of regulatory compliance.
Compliance storytelling
Due to the organisation's ever-changing compliance profile, those companies that manage compliance on a jurisdiction-by-jurisdiction, regulation-by-regulation basis, end up with a fragmented GRC structure. Th C-level officers then face significant challenges while managing the wave of new global regulatory compliance. Controlling costs becomes an intimidating challenge to the CFO's and IT/data management for process automation is a struggle for the rest of the organisation. Cyber hacking can be a serious issue and must be included in the lines of defense against the most significant risks.
Consequently, the old school, silo oriented, check-the-box, jurisdiction-by-jurisdiction, report-by-report, form-by-form, template-by-template GRC approach is inundated and unsustainable. Recreating the wheel to comply with each regulatory measure is no longer an option because more than 40% of compliance costs stem from duplication of efforts just for disclosures, reporting & record retention.
Cost challenges are a timely value creator
Another simple solution is how the compliance breaches effectively communicated within the organization and to stakeholders. A transparent GRC communication strategy may provide some initial blows. However, it can later improve compliance quality, reduce costs, increase productivity, decrease compliance risks and develop a culture of trust in the organization.
Enterprises that have cost-effective and timely and value creating manner strategy will globalise the compliance efforts. It needs policies that drive towards a seamless and actionable regulatory journey to meet the challenges of the new and upcoming complex global regulatory compliance.
Global Actionable Regulatory Programme (GARP)
GRC program depends not only on statistical data, facts and figures but includes the anecdotal information as well. Compliance storytelling is a powerful tool to impact the understanding of the GRC value for the rank and file disclosures and will help that the numbers sink in deeper and make good use of the abundance of GRC data.
The GARP approach is the first step towards the adoption of an enterprise-wide, holistic business operating model with a focus on costs, avoid duplication & more automation/IT. The methodology will document and restructure the current GRC framework, data architectures & internal processes, into a cost-effective, scalable, firm-wide compliance strategy. GARP will provide a comprehensive regulatory service within the organization to cover many dozens of regulatory filing requirements at a global level.
Non-compliance drives improvements
The review of GRC lessons learnt across all trades continues to be narrow and precise. C-level officers must look if the drivers of behavior might be valid across to other professions or areas. Instead of designing new processes and controls, use the information of non-compliance to drive improvements, and learn from the mishaps of your peers. At the 9th annual European GRC Summit in Stockholm on the 22-23rd September 2015 at The World Trade Center, we address these issues. http://www.copenhagencompliance.com/2015/stockholm/agenda.htm
Oversight authorities new focus on the accountability of individuals for their actions and the actions of their firms. The right response to the address, is to create a comprehensive, accountable and transparent GRC program. The program will build and preserve a GRC culture and integrity. The organization will be able to document and demonstrate to all stakeholders, that if a compliance issue does occur, the irregularity is irregular and does not, per say constitute wrongdoing by the company or the management.
GRC controls and regulatory systems back on track
Implementing the Copenhagen ComplianceŽ Global Actionable Regulatory Programme (GARP), is the focal point of reference for the principles, procedures, framework and structure in the organization.GARP supports the supervision and governance of the formation of an effective GRC program that integrates the implementation of systems, processes, controls and IT tools.
The first step is to incorporate the number of GRC regulations in a framework. The result is that the sum of the components, together will constitute the basis of a relatively straightforward answer on how the company must run the GRC processes, controls, and the regulatory systems back on track. For further information on how to start the GSRP process see: http://www.copenhagencompliance.com/FinancialCompliance-Brochure.pdf
