28 July 2014

68605

Matthew Long - Oracle

5 | posts 6,904 | views 0 | comments

Future Finance

Finextra and Oracle have gathered together some of the industry's top thought leaders to discuss, debate and analyse the key trends and issues within transaction banking, regulations and retail banking. This group will focus on upcoming regulations, new service offerings and industry debate shaping the new financial services landscape with regular blog posts, video interviews, webcasts debates and surveys.

Overcoming GRC Silos Through Analytics and Reporting

16 April 2014  |  760 views  |  0

As I mentioned in the previous blog "When best of breed financial crime and compliance “point solutions” aren’t enough", many companies are increasingly looking to consolidate their various operational risk, compliance, audit and business continuity solutions. This is to help break the GRC silos and create a “single source of the truth” for better risk based decision making.

While this is arguably easier using a single GRC data source and a single provider of all GRC linked solutions, today’s reality paints a very different picture. Over time many companies have brought in a variety of GRC point solutions that addressed specific regulatory or organizational pressures at that time but without a longer term strategic or consolidation view. 

It is not unusual to see KYC/AML transaction monitoring, case management and suspicious transaction/regulatory reporting (and sometime fraud) requirements met by one or two suppliers, PEP screening another and loss data capture and risk/control assessments, Operational Risk capital calculations, business continuity management and audit requirements managed by excel or further/different suppliers.

As well as being generally inefficient and creating many operational risks in its own right, the end result of this approach is a patchwork GRC framework with data silos dotted all over the company, each being managed by different people, with different views on the importance of data quality and timeliness. This is a difficult situation for senior and executive management who are under increasing pressure to improve their visibility on the company’s risk landscape and bring in more risk based decision making.

However, while the GRC “single source of truth” may be ideal, a complete consolidation programme to get there is not always financially viable, or even desirable, at a boardroom level according to a report issued by KPMG in 2012.

According to the KPMG survey, (The Convergence Revolution),“GRC” is already seen to be consuming a large proportion of company budgets and this perception may be deterring companies from investing in improving its coordination and consolidation.

In the report, KPMG further reveals that almost two-thirds of respondents considered GRC "convergence" to be a cost rather than an investment, further damaging the chances of obtaining further budget. However, as the below chart shows this is just one of many barriers to achieving greater consolidation.

Question: Which of the following do you consider to be the most significant barriers to greater convergence of governance, risk and compliance at your organization?

So, what to do?

It is under this environment of perceived complexity, high cost and unclear benefits that companies are increasingly looking to risk and compliance reporting solutions to help solve their GRC consolidation issues.

By implementing a GRC analytics reporting layer, one that imposes a standard GRC taxonomy, takes in data from the various GRC data sources and consolidates it into a series of enterprise level and actionable management dashboards and reports, companies can achieve many of the associated benefits that go with consolidation.

With the right type of business focused analytic reports and dashboards (heat maps, trending, point in time and time series) along with sufficient historic data, at a minimum, this approach  allows companies to make some sense of the vast stores of GRC data that they have within their enterprise and start to make more informed risk based decisions.

This improves further if the solution can be configured to provide ad-hoc and on-demand reporting and matches the specific requirements of the various GRC roles, such as operational risk personnel, audit teams, compliance teams, lines of business management and executive management.

All in all this represents a simple, cost effective and lower risk option to help move the company towards the widely desired GRC consolidation. What do you think? We’d love to hear your views on this topic.

TagsRisk & regulation

Comments: (0)

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Matthew

Anti Money Laundering System Assurance

16 July 2014  |  505 views  |  0  |  Recommends 0 TagsRisk & regulationGroupFuture Finance

Going Beyond Capital Calculations and Adding Business Value

16 April 2014  |  2444 views  |  0  |  Recommends 0 TagsRisk & regulationGroupFuture Finance

Overcoming GRC Silos Through Analytics and Reporting

16 April 2014  |  760 views  |  0  |  Recommends 0 TagsRisk & regulationGroupFuture Finance

Tackling New AML-FT Risk Management Guidelines

04 February 2014  |  1715 views  |  0  |  Recommends 0 TagsRisk & regulationGroupFuture Finance

Best of Breed Financial Crime and Compliance

09 January 2014  |  1481 views  |  0  |  Recommends 0 GroupFuture Finance
name

Matthew Long

job title

Financial Crime and Compliance Management

company name

Oracle

member since

2013

location

Cappellen

Summary profile See full profile »

Matthew's expertise

What Matthew reads
Matthew writes about

Who is commenting on Matthew's posts