Good governance: good news for compliance and risk management
The risk landscape is changing dramatically. With more risk, more regulations, more of everything, it’s increasingly complex and requires greater accountability. The net result? It’s straining relationships between compliance and risk management officers and staff.
We see a trend that would unify compliance and risk management under the same umbrella and help address the new risk landscape. It’s a principled, ethical approach to governance. Good governance guides organizations to do the right thing.
For example, when a company has principles, ethics, and values toward data privacy, complying with 12 different data privacy regulations isn’t overwhelming. Most of the required processes, policies, and procedures are already in place. A regulation like GDPR may only take adding one or two processes like breach notification.
That’s just one example of what good governance can do for an organization. The real beneficiaries for a company that values governance are compliance and risk management.
More efficient compliance
Good governance means investing in compliance and making it as efficient as possible. You’re not just checking a box. Your tasks and actions involve the big picture and all the little details. Compliance is empowered because leadership believes in its importance.
By making compliance more efficient, it creates good feelings among the staff and the people you touch. Suddenly, everyone who works in compliance understands the purpose behind what they do, takes pride in their work, and shares the good feeling with those they frequently encounter like risk management.
Some regulations exude principled compliance like the UK Senior Managers and Certification Regime (SMCR) regulation. It mandates that senior managers of UK financial institutions be competent in their duties and personally liable for their actions. Fiduciary responsibility is nice, but with something as important as banking, we value even more personal responsibility.
More effective risk management
Good governance values the role of risk management as well. Just as the company doesn’t want to run afoul of regulations, it doesn’t want risks left unaddressed or turning into incidents. Risk Management is emboldened in its activities, ensuring policies and procedures are in place and mapped to controls. Third parties are assessed and continuously monitored.
When you manage risks with intention and purpose, it’s less likely that incidents and breaches occur. Risk is being managed. That also helps compliance, which doesn’t have to report to regulators per a breach notification requirement.
However, even with good governance and operating with principles and ethics, unfortunate events can occur. A rogue employee can do harm. A monetary incentive can cause illicit behavior. When these incidents occur, companies with good governance swing into action with compliance and risk management performing triage, among other remediation activities.
Compliance and risk management united
Given the risk landscape is changing dramatically, organizations with good governance, principles, and ethics see a synergy between compliance and risk management.
Both departments use controls, policies, and procedures to accomplish objectives. Compliance manages regulations, which helps address risks to the organization. Risk management manages risks beyond compliance’s threshold but needs compliance’s help for disclosure requirements.
Compliance and risk management united is the best way to meet the challenges from a torrent of regulations and runaway risks.
The governance trend
Look for signs of organizations adopting governance, principles, and ethics in 2020. Whether it’s regulations like UK SMCR mandating personal responsibility or the sheer volume of regulations and risks, governance offers a way to stay ahead and unite compliance and risk management.
While the coronavirus has dominated news cycles, other notable events occurred around a number of new rules, regulations and guidance, from California’s data privacy regulation to NIST data privacy framework and SEC guidance on cybersecurity for financial service firms.
UK banks must now comply with the Senior Managers and Certification Regime, known as SMCR. Learn SMCR’s major requirements, top challenges, and best practices for compliance.
In this post, we share the importance of BYOD policies, alert you to compliance challenges, as well as the risks posed by personal devices tethered to IT infrastructure.