Why the Chief Risk Officer has become the most important person in your organisation

The role of the Chief Risk Officer (CRO) is by no means a new one. Risk has always existed in business and there have nearly always been people in business who’s job it is to manage, minimise and mitigate that risk.
But the past decade has seen the emergence of a greater volume and type of risk than was around previously. The nature of geo-political, regulatory, cyber and technology risks mean that modern businesses face greater challenges than before and this has changed the role of the CRO for good.
It was once a role that existed mostly to mitigate more traditional risks to a business – although an important role, it was relatively low profile and not one that was centre-stage in the business. But because the nature of risk has changed so radically, so have the requirements expected of a CRO.


Three ways to improve the efficiency of your FS compliance team

The pressure on compliance teams in Financial Services (FS) over the past decade has been enormous. Increased regulation, globalisation and a conservative approach to technology in many compliance teams, has left a number of banks and other FS providers struggling to make their compliance function truly effective.

It’s not a situation that is likely to improve in the short-term. Accenture’s 2019 Compliance Risk Study surveyed 151 senior compliance executives at banking, capital markets and insurance institutions globally, and revealed that 71 per cent of financial institutions’ compliance departments are facing a cost reduction target. 64 per cent of those are targeting budget reductions of between 10 and 20 per cent over the next three years – a considerable reduction when you think that many compliance departments would already consider themselves under-resourced.


What is behind governance failure and how can it be addressed?

2018 was a year that seemed to have more than its share of relatively high-profile corporate governance failures. One of the biggest was Carillion, the UK multinational facilities management and construction firm.
At its height, Carillion was listed on the FTSE 250 and had annual revenues of around £5bn worth of revenues and employed around 43,000 workers across the globe. But over nine months in 2017, the company issued three profit warnings, disclosed £845m worth of write-downs, had 39% wiped from its shares and lost its CEO.
By the time it went into compulsory liquidation in January 2018, Carillion had racked up debts of £1.5bn with less than £30m left in the bank. What causes such wholesale corporate governance failure and how can organisations address it before it escalates out of control?


How digital risk and compliance have become integral to the insurance sector

Insurance is a sector that has been slower than most when it comes to digital transformation and the use of digital solutions to address traditional challenges and introduce new products and services. With methods and processes established decades ago, there is a conservatism that pervades across much of the insurance industry, and it has also been held up by legacy technology that makes digitisation much harder than is desirable.

But market forces over the past five years have combined to make addressing digital transformation more urgent and a key priority for insurers. To respond to these market forces, digital risk and compliance is going to be essential for the insurance industry.


Gartner’s security and risk management trends for 2019 demonstrate CEOs’ growing awareness of risk

It is not uncommon for CEOs and other board members to talk a good game when it comes to cyber security. They discuss in public the seriousness with which they approach managing cyber security, and talk internally about the need for vigilance and for all employees to be mindful and smart on matters relating to security.

But the reality can be very different. Many CEOs are often just paying lip service to cyber security, without allocating the required investment in staff and infrastructure that modern security and risk management requires.


Why 2019 will be a year of continuous supervision in FS compliance

This past year or so in Europe has witnessed an almost unprecedented number of new regulations that Financial Services (FS) firms must adhere to. We have seen new legislation including GDPR, MiFID II and PSD2 introduced, additional regulatory hurdles to navigate for an FS industry that was already one of the most heavily regulated in the world.

This has significantly increased the pressure on GRC teams within FS firms. Not only is there more regulation but the penalties for non-compliance have increased too, which means compliance functions will be tested like never before.


What benefits are there from a strong GRC function and can it affect the bottom line?

As one of the world’s foremost GRC providers, recognised by analysts for the strength of our technology and working with an array of blue-chip customers across a variety of industries and territories, we are obviously major advocates for an efficient and effective GRC function.

Remaining compliant with relevant regulation has become a much more involved process over the past decade or so, while at the same time there is more risk to businesses than at any other point in time. Organisations have to do much more to demonstrate compliance and it can be a significant undertaking that requires time, resource and the right technology platform to get right, while managing and mitigating risk is a long-term and on-going task.


MiFID II, GDPR and other legislation – what has the impact been after one year?

At Oxial we choose our partners very carefully, preferring to only work with companies and consultancies that really add value to our own proposition and technology. One such partner is EY, which fits our supervised and digital compliance model particularly well.

With Oxial’s technology to automate controls and processes around compliance legislation, in conjunction with the vast industry expertise and understanding offered by EY’s consultants, there is a powerful proposition for any organisation that wants to approach compliance in a more joined-up and modern way.


No-deal Brexit could spell disaster for firms struggling to stay on top of GDPR

We’ve written previously about how Brexit is the ultimate in risk management. Organisations must fully understand their level of exposure to Brexit – what is their supply chain, who do they trade with and what the likely impact of Brexit will be?

They can either make changes ahead of time to mitigate that risk or at least put in place contingency plans for the future. That’s a hard task right now because of the sheer uncertainty involved with Brexit. Even now, with just over a month or so until Brexit takes place, we do not know what form it will take or even if there will be a deal or not.


Three ways to optimise your Governance, Risk and Compliance function

We discussed recently the growing importance of Governance, Risk and Compliance (GRC), as organisations look to protect themselves against the multitude of threats faced by organisations in 2019.

We live and work in a world containing more risk than ever before and the penalties for non-compliance and poor governance are also growing and are increasingly being enforced by regulators. So GRC has become one of the most important functions in any business, valued by the board and playing a central role in the strategy of many organisations.

For those firms committed to GRC there is an on-going challenge to ensure that it operates as it should. What should those organizations be doing to optimise their GRC function?