The risk and compliance landscape is changing dramatically. As risk and the regulations developed to manage it increase, so too does the need for greater accountability. The result? Strained relationships between compliance and risk management teams.
We see a trend toward unifying compliance and risk management under the same umbrella to help address the challenges of the new risk landscape. It’s a principled, ethical approach to governance. Good governance guides organizations to do the right thing.
If a company has principles, ethics, and values oriented toward data privacy, then complying with 12 different data privacy regulations doesn't have to be overwhelming. Most of the required processes, policies, and procedures are already in place. A regulation like GDPR may only take adding one or two processes - like breach notification.
That is just one example of what good governance can do for an organization. The real beneficiaries for a company that values governance are compliance and risk management.
More Efficient Compliance
Good governance means investing in compliance and making it as efficient as possible. You are not just checking a box. Your tasks and actions involve the big picture and all the little details. Compliance is empowered because leadership believes in its importance.
By making compliance more efficient, it creates good feelings among the staff and the people you touch. Suddenly, everyone who works in compliance understands the purpose behind what they do, takes pride in their work, and shares the good feeling with those they frequently encounter - like risk management.
Some regulations exude principled compliance like the UK Senior Managers and Certification Regime (SMCR) regulation. It mandates that senior managers of UK financial institutions must be competent in their duties and personally liable for their actions. Fiduciary responsibility is nice, but with something as important as banking, we value even more personal responsibility.
More Effective Risk Management
Good governance values the role of risk management. Just as the company does not want to run afoul of regulations, it doesn’t want risks left unaddressed or turning into incidents. Risk management is emboldened in its activities, ensuring policies and procedures are in place and mapped to controls. Third parties are assessed and continuously monitored.
When you manage risks with intention and purpose, it’s less likely that incidents and breaches occur. Risk is being managed. That also helps compliance, which doesn’t have to report to regulators per a breach notification requirement.
However, even with good governance and operating with principles and ethics, unfortunate events can occur. A rogue employee can do harm. A monetary incentive can cause illicit behavior. When these incidents occur, companies with good governance swing into action with compliance and risk management performing triage, among other remediation activities.
Compliance and Risk Management United
Given the risk landscape is changing dramatically, organizations with good governance, principles, and ethics see a synergy between compliance and risk management.
Both departments use controls, policies, and procedures to accomplish objectives. Compliance manages regulations, which helps address risks to the organization. Risk management manages risks beyond compliance’s threshold but needs compliance’s help for disclosure requirements.
Compliance and risk management united is the best way to meet the challenges from a torrent of regulations and runaway risks.
The Governance Trend
Look for signs of organizations adopting governance, principles, and ethics in 2020. Whether it’s regulations like UK SMCR mandating personal responsibility or the sheer volume of regulations and risks, governance offers a way to stay ahead and unite compliance and risk management.