Late last month, I had the pleasure of attending and facilitating a couple of on-demand panels for the American Banking Association’s (ABA’s) first-ever Risk and Compliance Virtual Conference.Needless to say, there were quite a few differences from attending in person – namely the missed opportunity to spend time with industry friends and fellow risk and compliance enthusiasts. And while there’s no re-creating the power of face-to-face interaction, the ABA did a phenomenal job of pulling together topics and experts on a very condensed timeline.
In “normal” times, the Risk Management Conference and Regulatory Compliance Conference are two separate conferences, held at different times of the year. For as long as I can remember, the former was historically a broad-ranging event (with a smaller, targeted audience) that focused more heavily on financial risk and, in recent years, began to branch out to include more sessions on non-financial risk types – like operational risk. The latter was a larger event (growing larger and larger each year) that was hyper-focused on compliance risk.
As I attended this year’s combined virtual conference, I started to think about how appropriate it was to combine the two, since more and more often we’re seeing the convergence of compliance risk program elements with operational risk and other non-financial risk types, such as reputation risk and strategic risk. This is in large part due to companies’ increasing focus on building and maintaining enterprise risk management programs – and it makes a lot of sense, based on my own experience. Banks typically tend to have more mature compliance risk programs, as compared to operational risk, so I can see a clear opportunity to leverage elements of one to fortify the other.
As these risk types begin to converge, it’s critical to establish common taxonomies. In some cases, risk programs have been built in silos and are often managed in disparate systems. Banks should be working toward system-wide reporting and creating an aggregated, holistic view of their risk profile. But this effort becomes labor intensive if you don’t have a risk-type-neutral framework in place to establish the shared risk classification.
The effort to create one is necessary, though, because it’s imperative that your risk programs are able to “talk” to one another. The alternative opens up a whole new set of risks: first, an inability to produce meaningful, actionable reporting; and second, aggregating risk across the enterprise becomes cumbersome, leading to difficulties in adequately identifying, measuring and controlling your risk.
As I reflect on this year’s wonderful live and on-demand sessions, a few key themes are resonating with me. In many ways, the pandemic has desensitized us to words and terms like “unprecedented,” “record-breaking,” “new normal,” and “shifting priorities” – they’ve become part of our everyday vernacular. But as I look at those words in reflection to the work I love, they can and should be applied to the way we think about existing risk and compliance management programs.
It’s a paradigm we must adjust to meet the demands of this “new normal.” While many organizations shifted their focus at the beginning of this crisis, we’ve reached a point where it’s time for all of us to address key issues and continue to ensure compliance, manage risk, and keep the business going. Right now, I’m looking at this through a few lenses:
Technology particularly in the regtech/fintech spaces will continue to play an increased role in our risk programs as we explore opportunities to migrate from manual processes and controls toward automation. Ultimately, this will provide a huge lift in efficiency and risk mitigation. I see real opportunity for this in the monitoring and testing spaces.
Automated monitoring allows for real-time insights, which will help financial institutions identify issues sooner and make remote teams more nimble. Automation also will make testing more representative, enabling banks to move away from small samplings to a situation where they could test an entire population, leading to increased accuracy and greater coverage by no longer relying on just representative populations.
As a first step in this transformation, it’s imperative that organizations take the time to find a single source of truth for their data. As operational risk and compliance risk converge and we move toward enterprise risk management programs, organizations must ensure they have a single source of information to support the various elements of their risk management program (i.e., key performance and key risk indicators).
In these uncertain and unprecedented times, it’s easy to get overwhelmed. I had so many great takeaways from the virtual conference that added to all the thoughts already swirling in my mind … but you can’t tackle everything all at once. No matter where you are in your risk management program journey, it’s crucial to review your existing framework now and ensure it’s in order and as strong as it can be. Only then can you start your renovations and prepare for what’s next in this “new normal.”
With our Spinnaker Sit-Down interview, we give you VIP access to industry influencers, thought leaders, and movers-and-shakers who share their unique insights and perspectives on industry issues, trends, and questions. This month we sat down with Maquette Advisors Managing Partner Bob Birmingham III, a seasoned consumer compliance professional, to talk about changing the narrative about regulatory compliance, what you need to know today, and what’s on the horizon as we fast-forward 10 years.
Executive Leadership Coaching 4 minute read
Ask Cara Williams what’s the one thing she’d take to a desert island, and you won’t be surprised to learn she’s packed a boat.
Regulatory Compliance & Risk Management 2 minute read
The Big Picture Aggressive growth is a great business goal, but to achieve it the smart way, organizations need to have their houses in order first. One Top 25 bank was recently moving forward with a growth plan when it was stopped in its tracks by a consent order. Rather than gearing up for expansion, the company found itself needing to implement and maintain an effective Compliance Management Program (CMP) to meet consumer protection regulations – and the team charged with the effort had limited bandwidth and expertise.
Regulatory Compliance & Risk Management, Compliance 1 minute read
Like how we think? Subscribe to have our articles delivered direct to your inbox each month.
Headquarters: 8000 Franklin Farms Drive, Suite 100, Richmond, VA 23229
©2020 Spinnaker Consulting Group. All rights reserved.