Conquering Compliance To Pivot Business And IT’s Focus On Achieving Agility

Share this post:

It’s no secret that the volume and depth of regulations have positioned regulators as the top “customer segment” for many global financial services organizations, that’s why financial services risk management is so important.

Many organizations I speak with talk about how they have to juggle the need to revisit traditional business models, driven by demands to meet shareholder expectations and keeping FinTechs at bay with daunting regularity, all the while in an environment where agencies such as the OCC, SEC, FCA, BoE, APRA, and the FRB issue a litany of requirements, reports, tests, enforcements, and warnings.  The regulatory list is exhaustive with a goal post that’s always moving – it seems you can’t throw enough bodies at staying compliant.

Further challenging organizations is the disparity as to where regulations affect a business unit, which was recently illuminated by a handful of enforcement actions ranging from the Consumer Financial Protection Board, in the US,  fining a payments company for misrepresenting how it protects customer data (IT) to Habib Bank (IT and Risk Management) receiving an enforcement action for AML .  It’s clear the scope of regulatory requirements and scrutiny are rather all encompassing across an organization and no department is spared.

Instilling compliance into an organization from a cultural, functional, and infrastructure perspective is no easy feat.  Out of necessity to tackle the problem and provide an infrastructure to manage what promises to be a continual onslaught of regulations, organizations are turning to a combination of technology and thought leaders to provide the most painless and “cost conscious” solution as possible.  Given the complexity of the regulations and how organizations have traditionally tackled this problem, compliance executives know that there is no guaranteed elixir.  Further, compliance is pervasive as it touches every element of an organization from IT to sales to the CEO and of course, CCO. What I have observed in working with our clients, is that moving to a holistic view of compliance and leveraging contemporary technology to support the compliance program is a giant step from what often is a silo-ed, manual, and business line / functional focus that is policed by an overworked compliance function.

Due to this overwhelming and ever-changing nature of the regulatory beast, many financial services organizations I meet with recognize the value of implementing a regulatory compliance framework and how it has the potential to pivot banking organizations to simultaneously manage risk proactively and create value through risk management.  Rather than throw budget at “one off” projects that help organizations with compliance, top performing organizations are using compliance spend as a catalyst into a new level of transformation for their business.

Banks that achieve results at pace tend to also focus on the “why” part of compliance first, by looking to solve, improve, or transform a risk and compliance business problem such as business transformation or aligning risk and Finance. And, these banks typically focus on either a portfolio of assets, a geography, or a line of business. They establish a clear business outcome and work backward through the “how”(i.e. such as improved analytics and velocity of risk data as it moves from the back office to the front office where decisions are made) and “what” (e.g. governance, data quality, glossary, lineage, etc.). These organizations constrain the effort to only those activities that contribute to the outcome. This allows banks to develop the necessary strategy, process, and technology pieces to solve today’s risk problems and anticipate those in the future. As a result, they not only do what the regulators are asking them to do, but they are also transforming their business to focus on developing a competitive advantage.

Financial institutions have been investing and focusing on building out the common data capabilities including MDM/RDM, metadata management, data quality, and governance for years and are now finally linking these data capabilities into enterprise-wide GRC solutions. These GRC solutions capture the data at the source and in the field by “non-risk” people and make it available to address a multitude of business and regulatory requirements.  Having this enterprise capability reach the boundaries of the organization and leveraging this data as required is basically table stakes for addressing compliance.  However, this just is the mechanics of the problem –  but rather, it’s how organizations approach compliance that either keeps the regulators at bay or positions the firm for economic benefits or even business advantage. What transforms a compliance-only capability to a cost avoidance/reduction, value creation capability is how you leverage the enterprise view of data to derive insight.

Financial services risk management

How you can leverage data to gain insight is being revolutionized. There are some capabilities through cognitive tools that are game- changing enough that one can call them silver bullets, offering the promise to move an organization’s infrastructure from a mechanical data repository to an agile, compliance fit-for-purpose environment. Today’s cognitive technology is able to help with financial services risk management. The automatic mapping of the regulation to the control infrastructure of an organization in order to illustrate that a regulation itself is aligned with an organizations control infrastructure, policies and procedures, is the secret sauce.

In today’s age, hiring more people isn’t going to pass muster to achieve compliance and business transformation. There is clear mandate to achieve compliance and transform– and that’s through cognitive technology. We at IBM have been at the forefront of leveraging cognitive technologies in financial services risk management by helping our customers with integrating cognitive with qualitative, big data technologies with quantitative and everywhere in between.

The mandate is clear during conversations with customers – those organizations who transform their undercarriage both comply (i.e. run) and catalyze (grow) simultaneously.

Vice President, Risk Analytics

More Banking stories

IBM Algo FIRST becomes IBM FIRST Risk Case Studies

In the continued evolution of the IBM Governance Risk and Compliance (GRC) product line, I am pleased to announce that effective today, Algo FIRST (FIRST) is rebranded to IBM FIRST Risk Case Studies. Algo FIRST was acquired by IBM as part of the Algorithmics acquisition which took place in October 2011. During its time at […]

Continue reading

The Thomson Reuters and IBM Exclusive Breakfast Briefing, Oct. 2, 2019 in Toronto

How do compliance professionals manage more than 57,000 regulatory alerts in one year? IBM OpenPages with Watson recently had the opportunity to join host Thomson Reuters for a morning of regulatory compliance thought leadership to explore this very topic. The day began on the 29th floor of Thomson Reuters client center bringing together more than […]

Continue reading

The challenge of managing hundreds of daily GRC alerts

Today we are inundated with alerts, breaking news, celebrity scandals and what their neighbor had for lunch.  The feeds are not limited to one medium; your computer, your television, your phone, your tablet and now even the watch you wear on your wrist. The flood of data that comes in can bury a person. How […]

Continue reading