Can a financial institution's governance, risk and compliance effort be a strategic tool, or is it simply a cost of doing business? Are compliance efforts simply items to check off an organizational "to do" list, or can best practices actually improve shareholder value? These are important questions that some financial services executives continue to ponder.
To others it has become increasingly clear that taking a strategic approach to GRC can enable financial institutions to accrue real benefits, ranging from simple cost efficiencies to increases in share price that are driven by reductions in perceived risk from investors.
How do financial services firms move from a reactionary to a strategic approach around GRC? They would be well-served to start by taking a comprehensive approach to all compliance activities; thinking strategically and acting tactically; using technology to facilitate a "culture of compliance"
Attacking each new compliance challenge as a separate task is a losing proposition. It is costly and creates internal conflicts and discrepancies. Pressing business needs and constrained budgets admittedly pose challenges, but taking a longer term and proactive view of compliance has proven to be a more efficient approach.
Historically, many organizations have handled GRC initiatives as isolated projects, scattered among different departments and business units and often dispersed across the globe. Each function, division or line of business independently responds to a mandate, focusing only on the implications for the problem at hand. This myopic approach is not only costly and chaotic, but also compromises integrity and consistency. Coupled with increased regulatory burdens and increased public scrutiny, it has also led, according to some estimates, to expected costs of more than $30 billon dollars.
The key to addressing these problems is an integrated, standards-based GRC platform. This platform does not need to be monolithic or implemented all at once. Instead, it requires that financial services institutions have a plan and framework to guide them to an overall goal, as well as technology that can self-integrate as components are deployed over time.
The Sarbanes-Oxley Act has become a catalyst in the global landscape of financial compliance requirements. It has led many governments and regulators to revisit existing standards or create new legislation.
In this era of ever increasing and complex regulatory requirements, financial service organizations are under unprecedented pressure to demonstrate adherence to standards and make the management of financial reporting controls part of their daily business. With the internationalization of compliance requirements, global organizations need to rationalize their efforts across regions, as well.
In financial services, the Basel II Accord requirements best represent the need for a strategic view of compliance and risk management. The accord groups together many historically disparate risks-such as credit, market and operational-into one framework.
Remember that, fundamentally, financial institutions are in the business of assuming and managing risk. Recent compliance and regulatory initiatives have focused on how well a company is managing those risks as opposed to simple, empirical measures. Establishing sound business processes to help manage financial compliance and risk is the very first step.
Compliance initiatives must encompass more than technology and processes. People are the cornerstone to success for financial services institutions. Employees can no longer consider compliance as something to do before they can do their real job, but as a fundamental part of their job. Fostering a culture of compliance is paramount, and technology can help foster it. Having the proper tools, such as business intelligence and analytics, goes a long way to creating this culture, by providing all employees with the means to measure their compliance.
The payoff from taking a strategic approach to GRC is that by getting their internal controls in check, companies have an opportunity to use their financial compliance process as a foundation for better oversight, improved business ethics, and stronger corporate performance. When looking at cost containment opportunities, many financial services institutions fail to even talk about gaining returns from a GRC investment-a significant missed opportunity. As the Open Compliance and Ethics Group states, the point of GRC is to drive "principled performance."
A recent study conducted by Lord & Benoit, a Sarbanes-Oxley research and compliance firm, revealed that companies that reported a clean bill of health with respect to financial reporting saw their share-price performance increase by 28 percent. In contrast, those companies that had ongoing violations saw their share prices drop by six percent. Perhaps most interesting, however, is the finding in the study that companies can recover if they fix problems, in some instances by as much as 26 percent of share-price value.
Sound GRC also can impact the cost of borrowing. A study from the University of Wisconsin shows that companies reporting internal control deficiencies have an increased risk of misstating their financials, which causes the cost of equity to increase approximately one percent. For a company with a market capitalization of $1 billion that's equivalent to a $10 million shift.
Looking from the perspective of legal liability, there are concrete returns from compliance spending. Research from the General Counsel Roundtable, a program of the Corporate Executive Board, finds that each additional dollar of compliance spending saves an organization, on average, $5.21 in legal liabilities, harm to the organization's reputation and lost productivity.
The additional pressure of complying with new regulations will lead to significant competitive and financial-leverage advantages. The judicious use of technology can provide favorable ROI to companies looking to capitalize on every market opportunity while simultaneously reducing internal costs and coping with the increasingly stringent burden of regulation.
Kyle Duckers, director, Oracle Financial Services Global Business Unit (c) 2008 Bank Technology News and SourceMedia, Inc. All Rights Reserved. http://www.americanbanker.com/btn.html/ http://www.sourcemedia.com/