Newsletter | Volume 1

Issue I
Issue II
Issue III
Issue IV
Issue V
Issue VI
Issue VII
Issue VIII
Issue IX
Issue X
Issue XI
Issue XII
Issue XIII
Issue XIV
Issue XV
Issue XVI
Issue XVII
Issue XVIII
Issue XIX
Issue XX
Issue XXI
Issue XXII
Issue XXIII
Issue XXIV
Issue XXV
Issue XXVI
Issue XXVII
Issue XXVIII
Issue XXIX
Issue XXX
Issue XXXI
Issue XXXII
Issue XXXIII
Issue XXXIV
Issue XXXV
Issue XXXVI
Issue XXXVI

click here to

Subscribe to our newsletter



To Unsubscribe click here

Rewriting the regulatory compliance cookbook



Instead of delegating the regulatory compliance authority to the oversight bodies, to avoid a new fiscal, monetary or credit crisis, the right approach would have been to analyse the accrued Governance, Risk Management and Compliance (GRC) failures, and to rewrite the compliance recipes based on facts. Regulators were somewhat slow to recognise the impending collapse of the financial system because a comprehensive compliance rule-book was unavailable in 2008.

From experience, we know that it is difficult for the oversight authorities to connect the disparate events that comprised the financial collapse and the subsequent crisis as a coherent compliance rule-book was missing. The primary reason is the use of each regulatory issue as a separate legal implementation module, without connecting the GRC components into a holistic compliance framework and rule-book.

Compliance without any significant value
To avoid another even severe financial crisis, politicians have given the keys to the Pandora box of compliance activities to the oversight authorities. They have in turn bombarded the financial sector with loads of Good Governance and Risk Management and Compliance (GRC) regulatory implementation, disclosures and reporting. The result is that financial institutions are now hiring GRC officers and personnel by the dozens, to check the box and fill in templates to document that they comply without creating any significant value.

The result is that the board and senior management of big or small financial institutions no longer have the real authority to enforce GRC instructions in the organisation. They have ceased to play a central role in identifying & optimising risk management to risk Intelligence. The GRC vulnerability of risk management is no longer based on the compliance culture of the financial institution but primarily focused on GRC transactions & processes, which are de-facto addressed by the oversight authorities with a one-size-fits-all approach.

One of the missing links is the ability to scan the systems & regulating mechanisms that balance the long-term costs/benefit of past GRC failures in any particular financial institution, and to restructure the GRC framework, architectures & internal process to a cost-effective, scale-able, enterprise compliance strategy.

Unconscious Compliance bias
It seems that the above somewhat impatient delegation of compliance authority to oversight establishments are probably based on inaccurate narratives of the financial rulebook on monitoring, management & compliance failures of the past. The lack of awareness and erroneous risk narratives could not reflect the links between the housing market, the subprime mortgage market, and the financial instruments being used to package the mortgages into securities, causing the crash.

The result is a significant increase in compliance costs without any remarkable improvement in compliance infrastructures with both regulators and stakeholders. Reinventing the wheel on each regulatory has resulted in operating expenses on compliance-related technology & headcount to be >7% of total administration costs[1]. An estimated 20-40% of future compliance cost can be avoided if overlaps, duplication, models, transactions, reporting and record retention issues are addressed in an integrated, timely and structured manner[2].

The taxonomy of regulatory data.
On the other hand, if the oversight authorities take a holistic approach not only to regulatory compliance but include the components of Governance, Risk Management and IT-Security the integration process will improve. The results of the GRC and IT security driven compliance processes will help to define the optimal balance sheet structures in a given set of market conditions in the financial services division. http://www.copenhagencompliance.com/GRC3.html

The new regulatory framework for the authorities will provide insight into the company's processes to boost compliance preparedness and implementing adequate controls to monitor data and maintain quality across the entire GRC life-cycle in the new compliance rule-book. With the added cooperation management can acquire the IT tools or services that pull high-quality data from different areas of the business, so that risk analysis is the primary component for better decisions.

In a paper Why the Federal Reserve Failed to See the Financial Crisis of 2008 http://www.irle.berkeley.edu/workingpapers/111-14.pdf researchers from Berkeley University analyse the meeting transcripts of the US Federal Reserve's primary decision-making body, the Federal Open Market Committee (FOMC). They document that the FOMC had surprisingly little recognition that a severe economic meltdown was underway, even after the collapse of Lehman Brothers on September 15, 2008.

At the 11th annual European GRC and IT Security Summit, a FINANCIAL SERVICES WORKSHOP will be conducted on the 22nd November.

The Financial services workshop will be led by David Gyori, CEO at Banking Reports: FinTech Training for Bankers with participation from The International RegTech Association, Lloyds Banking Group, Starling Bank, Barclays UK, The Retail Banking Academy and more. http://www.grcassembly.com/agenda.htm.