The interconnectedness of all things: Taking a holistic approach to Governance, Risk & Compliance

The regulatory environment, and consequently the role of compliance, has changed significantly in recent years. There has always been significant overlap between regulatory compliance and risk management; the Compliance function’s fundamental purpose after all is to manage the firm’s regulatory risk. More recently we have seen how a firm’s governance, culture and subsequent organisational behaviour are core to how all risk is managed within the firm. In a post credit crisis world it should not be surprising therefore that an integrated approach to governance, risk and compliance (GRC) has been identified by both regulators and the industry alike as a potential route to the avoidance of past mistakes.

Compliance can, and should, take a much greater role in ensuring that both risk and governance systems are not only compliant with the regulatory requirements (e.g. the Corporate Governance Code), but are also as effective as possible within their firm. In this way the Compliance function can make a significant contribution to the firm’s performance as the better a firm is run (governance) and manages risk , the more successful it will be. And despite what both regulators and sometimes even our own colleagues might seem to believe, we in the compliance profession work for commercial organisations, and we want them to be commercially successful.

‘Corporate Governance is the system by which a firm is directed and controlled.’ This is the definition of the UK’s Department of Business, Innovation and Skills (BIS). It is clear from this definition that corporate governance is simply a framework to assist senior management in running the business. Therefore I think you can clarify this definition still further: ‘Corporate Governance is the framework that allows the free and timely flow of appropriate and accurate information within the business enabling senior management to improve their decision making’. OK, I admit that this is slightly longer than the BIS definition, but I do think it makes the purpose of corporate governance much clearer.

Risk management is also a system. It is the process of identifying, and then managing, all of the risks that arise in the course of a firm’s business on an ongoing basis. What is often forgotten is that the objective of risk management is not only to mitigate risks that the firm does not what to take but has to, but also to identify and manage the risks that the firm does want to take in the course of achieving its commercial objectives.

It is only through taking risk that reward is obtained and that includes regulatory risk. By operating in a regulated market your firm is taking regulatory risk, and the better that regulatory risk is managed then the greater the potential rewards for your firm. Therefore the more effective the Compliance function can be in identifying and managing regulatory risk the more of a competitive advantage it can provide its firm over other firms operating in the same regulatory environment.

Compliance is, as already stated, effectively managing the firms’ regulatory risk. This is done through the design and application of specific systems and controls, based mainly around educational, advisory and assurance requirements. For example by identifying and informing the business of an upcoming change to a regulated process (education), being part of the project team to identify, design and implement any changes to processes required (advisory) and subsequently to check that the new processes are in place and working effectively (assurance).

So whilst the individual requirements of Governance, Risk and Compliance can be stated in quite simple terms, in practise there is considerable overlap between the three and, more significantly, the application of each can and will enhance the effectiveness of the others. Therefore when designing, implementing or simply managing either an integrated GRC system, or one individual element of it, consideration must be given to the impacts of actions within one element upon the others.

Which brings us to the conclusion that all three of these key activities should be thought of not only as complementary, but as fundamentally interdependent and critical to the overall success of the business.

Organisational transformation: 3 key stages for managing change

In a Dilbert cartoon the eponymous office hero casts his satirical eye over the process of organisational transformation, concluding it is carried out by non-communicative morons. But are the problems really down to management style and lack of communication or is there a deeper malaise for managers?

A major challenge for managers today is a lack of time to think and do things differently. But with day-to-day operational tasks and a focus on short-term results rather than strategic innovations taking up all their time, what then about securing the future? What do they do when the environment changes?

Understanding the process of organisational transformation and establishing the critical success factors for achieving change is of practical value for managers of any large organisations faced with the need to adapt to radical changes in the environment. Below are the three key stages for managing organisational transformation along with the critical success factors for managing change at each stage.

Stage 1: Break with the past

Bring in outsiders. The Board should introduce entrepreneurial outsiders with targeted expertise onto the top management team.

Break with your administrative heritage. Important mechanisms here can be the removal of blockers, rotation of managers, promotion of young managers untainted by the organisational heritage, the utilisation of project teams, the achievement of early successes and designing a suitable bonus/incentive system.

Use aspects of the administrative heritage that help the change process. Not everything that worked in the past needs to be thrown away. This will vary from company to company. Some may be able to leverage a traditional command-and-control management style to achieve more rapid implementation of change; however, in environments where a more democratic leadership style is the norm, it may be more appropriate to leverage other factors, for example, customer relationships, a strong R&D department, or the latent enthusiasm of organisational members for participating in new initiatives. The crisis is also an important lever for organisational change.

Stage 2: Manage the present

Vary your leadership style as appropriate. The top-down approach of Stage 1 may be still required to break with the past in some parts of the organisation, while other parts may by this stage already have the ability to learn and therefore may be given authority and empowerment to act.

Exploit best practice from your own or other organisations. This will require knowledge acquisition, knowledge internalisation and knowledge dissemination.

Reconfigure, divest and integrate resources. This involves everything from streamlining business systems to removing non-aligned employees to consolidating new acquisitions operationally and culturally.

Stage 3: Invest in the future

Empower the organisation. The top management team should delegate to employees as well as motivating and enable them to act.

Enable the organisation to engage in an exploration of new ideas and business practices. You can achieve this by encouraging innovation, trial and experimentation and by developing a culture which encourages informed risk-taking and facilitates learning from mistakes. Exploration enables the organisation to develop new capabilities fitted to its specific context, rather than just importing systems and routines from other contexts.

Create new paths. This means creating a deliberate change in direction using new capabilities, whether that be in terms of new products, services, processes or business models. The combination of exploration and path creation will lead you to the “disruptive innovation” that will help you secure the sustainable competitive advantage.

By going through these stages, organisations can establish new developmental pathways, enhance their strategic flexibility, and react successfully to changes in the environment.

Researchers report that cyber criminals have used spam servers to send 19,000 malicious emails to UK customers of Barclays, Royal Bank of Scotland, HSBC, Lloyds Bank and Santander in an attempt to steal bank login details.

Containing the Dyreza banking Trojan – also known as Dyre – the phishing emails pose as a follow-up email from a tax consultant, asking the user to urgently download an attached file in order to complete a financial transaction. A second email asks the user to attach files to verify financial and personal details, while a third email is also sent. Attached to the emails is an archive containing a malicious .exe file.

Dyre shares many similarities with the infamous Zeus malware. This works by installing itself on the user’s computer and becoming active only when the user enters credentials on a specific site, usually the login page of a banking institution or financial service. Hackers inject malicious JavaScript code, allowing them to steal credentials and further manipulate accounts, all completely covertly.

If the user opens a banking web page, the malware will contact a malicious server and send it a compressed version of the web page. The server will then respond with the compressed version of the web page with malicious code added to it. This altered web page is then displayed on the victim’s web browser. Its appearance remains exactly the same, but the added code harvests the victim’s login credentials.

Phishing threat to businesses

Phishing emails are a major problem for companies, as staff are often unaware of the risks clicking on links or opening attachments from unknown senders.

Digital banking has surged in popularity over the last few years, but research out today also shows many still won't trust a lender without a brick-and-mortar presence.

Just less than half of UK banking customers would not be comfortable sorting out their finances solely online or by mobile, while a third still don't trust a bank without branches on the high street.

It is important that banks move at a pace customers are comfortable with and allow them to choose how they want to interact with their bank," said David Ebstein, Europe, Middle East, India & Africa head of digital financial services at EY. "While they are right to encourage online and mobile banking, face-to-face communication clearly remains an important way to communicate for many people.

"In the same way that people at first were reluctant to replace their fax machine with email, this is simply a learning curve that banks must help their customers with.”

"Although people are increasingly less reliant on branches, digital remains complementary, and not a complete replacement for human interaction.”

Despite the scepticism, digital banking is becoming more commonplace, with around a third of those responding to the survey stating they now use online and mobile banking more than they did a year ago.

The EY survey found consumer mistrust spreads to banks more generally as well, regardless of how well-established they are. Four out of five of those questioned were concerned they might not be receiving good quality, unbiased advice from their bank, while 82 per cent did not trust their bank to tell them if there was a better product which suited their needs.

"Trust is the bread and butter of retail banking, so it is concerning that so many customers feel they cannot trust the advice they are given," Ebstein said. "We are increasingly seeing people take control of their finances and proactively manage their money, but this shouldn’t be in reaction to feeling that banks are unable to properly serve them."

Meanwhile, around a third said they had used somebody other than a bank for products which they would traditionally turn to a bank for.

"Banks should see this as an opportunity – they need to engage with FinTechs and where possible emulate the simple, online processes and features that people want if they don’t want to lose business," said Ebstein.

Will Digital be the Saviour of Asset Management & Private Banking

Following some recent news about fee passive funds being offered by some Asset Managers, there is a profound crisis gripping the sector of Asset Management and Private Banking. In Accenture recently found when speaking to investors some time ago, that there’s significant opportunity for firms that offer digital technology, particularly around filling gaps in investor knowledge, augmenting the existing relationship and improving investor satisfaction with their advisors and institutions. The predictions that were made about the sector are coming true much faster and worse than everyone imagined.

Over the last 10 years 86% of Active Managers have not outperformed the broad indices like the S&P500 and neither were the hedge funds on aggregate able to do this. AuM fees are collapsing all round and digital FinTech are pushing Private Banks to go Digital in their client interactions.

Robots will soon replace all non-essential staff Big Data for research, portfolio and wealth management with regulatory-compliant Robo-advisors both for the simple conversations, process assistant, VIP concierge and advisor to the advisor In a next stage Blockchain will allow greater efficiencies throughout the whole value chain for all asset classes from front to back

What is then the future value proposition of Asset Managers and Private Banks?

We now see that cost cutting needs to be so drastic that we prefer to talk about redesigning the business architecture of the institution on a zero cost basis – from the ground up, basis point by basis point of cost and revenue.

On the revenue side, Private Banks are rediscovering the merits of Net Interest Margin, namely by offering structured real-estate credit to the UHNI. But they are all scrambling to rebuild these competencies.

The tech sector in Edinburgh now accounts for 1 in 8 businesses, and according to the 2016 Tech Nation Report, Edinburgh is the largest technology cluster outside London in terms of productivity.

It’s not just the vastly growing startup scene and infrastructure that makes Edinburgh an attractive proposition for entrepreneurs. The city is fondly referred to as one of the most liveable cities in Europe. The average cost of renting, say, a 1 bed flat in Edinburgh comes in at £525, compared to £1,430 in the English capital. Not exactly insignificant.

With a population of 500,000, Indeed, those looking to attract the ambitious and tech-savvy to the city are calling it ‘The Level of Living Capital’, to reflect the comparably low cost of living compared to its counterparts further south.

Edinburgh is, after all, the second-largest financial centre in the UK, giving fintech startups a solid financial infrastructure to work with. They’re calling it a boom.

My experience of 7FiftyTwo was very good. From the first contact, until I was successfully placed into my current role, 7FiftyTwo consistently supported me. 7FiftyTwo offer a professional service that I would highly recommend.

7 Fifty-Two was instrumental in securing me a contract with my current employer. Throughout, they were not only extremely professional but a pleasure to deal with. I would not hesitate to contact them again.

Having worked with 7 Fifty Two in getting my current role I found them to be a real asset. They represented me extremely well and were engaged throughout the process both before and after the application.

7 Fifty Two did everything right from step one - matching me with the right role until placing me in it. They were responsive to every question I had and provided answers very swiftly. Without doubt I would use them again.