Making the connection
Connecting Governance, Finance, Risk & Compliance allows firms to govern all important issues and risks that exist at the intersection of multiple functions. Breaking silos and adopting a forward looking, holistic view of GFRC functions will be what provides financial institutions with a competitive advantage, writes Richard Reeves
In March 2015 former Barclays’ chief executive, Antony Jenkins, warned that banks still have to face up to the “full disruptive force of technology.” Banks are looking for the “triple win”, he added, working to remove costs, improve control and enhance the client experience. He may not have explicitly mentioned it but he was, in fact, espousing the benefits of connecting Governance, Finance, Risk & Compliance (GFRC).
GRC, or Governance, Risk and Compliance, as a subject area has been around for quite some time now – it’s commonly accepted that there has been a convergence, or at least a closer alignment, of risk and compliance functions. Aligning and sharing knowledge and information metrics is a way of providing another line of defense. But there is a new trend. And one that seems to address the points Jenkins and other banking CEOs arguably know reflects the new reality.
The financial crisis effectively forced firms to assess internal governance procedures and wider approach to risk management – there is now a clearly defined and well publicized need to strengthen existing GRC procedures. Put simply the backward looking nature of traditional GRC was solely concerned with preventing repetition of previous failings. A forward looking approach, agile enough to decipher new threats, is what is now desired and indeed required – regulators, shareholders, the financial media and all right minded professionals are demanding this.
And this is where we see governance, finance, risk and compliance converging. Risk and finance integration projects are, of course, now commonplace the banking sector, with many leading firms having established risk and finance transformation programs. Economic capital, risk adjusted performance metrics, stress testing and regulatory capital are now being discussed in the same forums, with mounting regulation (think Dodd-Frank, Basel, MiFID, IFRS concerns) acting as the catalyst agents.
As a case in point, traditional budgeting for financial institutions will soon be a thing of the past. This balance based annual process, will, through necessity, needs to adapt if it is not to become a footnote consigned to the financial history books. This is because of regulatory pressure on the budgeting, planning and forecasting process to deliver more insightful and forward looking information. Regulatory pressure from the likes of the European Banking Authority (EBA), the Dodd-Frank act and other local rules mean banks are being forced to disclose more information on how funding and capital activities work via stress testing and forecasting – again GFRC appears to be the sensible route.
Another area where GFRC is perhaps most exposed at the point of regulatory supervision is where the regulatory has a constant flow of prudential information from institutions on a monthly and quarterly perspective. This is supplemented with annual submissions in terms of annual reports, ICAAP and ILAA documents, not to mention initiatives such as the Asset Quality Review and Annual Stress Tests. Each of these submissions requires institutions to establish strong governance frameworks to support accurate financial measurement and forecasts, prudent assessment of risk and evidence the entire process with compliance to regulatory reporting requirements and guidelines. So, in the event of a change in circumstances (e.g. institutions risk appetitive, the global economy, the local economy or even a regulatory rule change), institutions are able to identify what areas of the business may be impacted, through their governance framework. From here they are then able to identify who will assess the potential financial and risk impact, explaining the impact to their supervisor through their regulatory submissions and reviews.
Notably, the traditional silos of separating financial risk management and non-financial risk management has also become antiquated to say the least. Linking all risk (whether it’s operational risk, IT, security, compliance or anti money laundering functions) to profitability is the new norm. Boardrooms certainly ask the question of their back and middle office functions and those boards operating with a GFRC framework in place should stand to benefit most (see Box 1).
Furthermore, traditional GRC, in which each regulatory development had its own initiative, resulted in the creation of further silos. Multiple silos of competing systems and processes are never desirable and it’s perhaps here that GFRC can perhaps make the most impact in an environment where increased resources for ensuring compliance are deemed essential.
Certainly IFRS9 (accounting for financial instruments) and IFRS13 (standard on fair value calculations) will create a burdensome amount of work for both risk and finance. And these risk based, forward looking calculations around valuation and re-valuation of financial instruments are, in fact, a living and breathing example of how governance, finance, risk and compliance are working side by side.
Accounting may have traditionally been a backwards looking reporting process, but not anymore. The concept of risk-adjusted, performance management is now all important for accounting. Risk and finance data will be the leading drivers here and it will be those firms that adopt a GFRC framework that will be able to bring risk and compliance metrics into a meaningful dialogue with accounting. Having this holistic view will be what gives banks a competitive advantage.
New or amended regulation that has emerged post-crisis is, by its very nature, multi-disciplinary. The pillars of both Solvency II and Basel III have included financial risk, operational risk, regulatory reporting requirements and there is a distinct overlap between risk, finance, and compliance within IFRS 9.
An enterprise wide view
Furthermore, looking at risk from an enterprise wide level, breaking down silos, leads to benefits. Stress testing and model validation may be old hat but what is new for many leading firms is the fact that this is being done at an enterprise level across asset classes, with the alignment of qualitative and quantitative risk management.
Business Benefits of GFRC: At a Glance
- The incorporation of tools such as scenario analysis and predictive analytics to forecast both future performance and potential threats
- The placement of governance and compliance into strategic decision-making through their relation to financial and performance metrics.
- The connection of behavior, financial performance, and remuneration to help manage areas such as compliance and conduct risk.
- The general ledger and IFRS is another area of overlap between risk, finance, and compliance, as it requires operational and financial controls and areas such as amortized costing and hedge accounting, requiring the input of both the treasury function and the risk function.
And the newly emerging area of conduct risk, further supports the concept of GFRC. Record fines for misconduct are commonplace – the first half of 2015 saw six times the amount of fines by the UK’s Financial Conduct Authority compared with the same period in 2014, for example, according to data collected by Wolters Kluwer Financial Services. But financial metrics are key drivers here, additionally supporting the trend to bring governance, finance, risk and compliance together if mitigating reputational risks and ensuring sound governance are to work together for the economic benefit of an institution.
Whether they know it or not all banks have these challenges and increasingly banks are moving towards the GFRC concept, sharing metrics, data and strengthening collaboration. Fittingly for today’s world, GFRC includes conduct risk, model risk, economic and regulatory capital, and reputational risk management, as well as practices such as enterprise stress testing compared to conventional enterprise governance, risk, and compliance processes.
The aim is to put a robust framework in place that effectively enables firms to govern and manage risk and business performance at all points and intersections across the organization. But the key with the GFRC concept is about creating and operating within an overall ecosystem to get a more strategic, forward-looking and integrated view of the business. What needs to be made clear here is that in practice, it is not pragmatic – nor necessary – to merge these different department’s systems together completely into one consolidated GFRC system.
Instead, it is more important to provide a broad array of technology, content and consulting services to implement customized GFRC solutions to all sizes and types of financial institutions.
Regulators are urging financial institutions to prove that the information that they use to run their business is aligned with everything that is submitted. As a result, finance, risk management and compliance information (specifically regulatory reporting) needs to be linked.
Given the increasing complexity of the GFRC environment, with regulators pushing the borders of regulation, institutions are looking for efficiencies and increased re-use of data. At the intersection of those areas there is a large overlap for the data that is used. Providing a data management platform that allows financial institutions to bring the necessary data together and ensure its quality for multiple use cases will be imperative for success.
To truly shift the existing paradigm, a linkage between the previously siloed areas of governance, finance, risk and compliance needs to be established to create a unified GFRC strategy. And through this shift technology can surely be harnessed to achieve the “triple win” – removing costs, improving control and enhancing the client experience.
Richard Reeves is vice president of strategy for OneSumX – the GFRC platform developed by risk and regulatory technology company Wolters Kluwer Financial Services. Reeves joined Wolters Kluwer Financial Services in 2015, bringing more than 30 years of industry knowledge, expertise and experience to the company. Most recently, he was senior director with Algorithmics/IBM, were he led the Business Intelligence Group. Prior to this Reeves was a managing director with SunGard-WhiteLight where he developed a Basel II team and solution based on the WhiteLight Analytic Server technology. He has also worked at KPMG, where he was responsible for teams in the UK and US offering financial service consulting services. He holds a bachelor’s degree with joint honors from Durham University, England.