What benefits are there from a strong GRC function and can it affect the bottom line?
As one of the world’s foremost GRC providers, recognised by analysts for the strength of our technology and working with an array of blue-chip customers across a variety of industries and territories, we are obviously major advocates for an efficient and effective GRC function.
Remaining compliant with relevant regulation has become a much more involved process over the past decade or so, while at the same time there is more risk to businesses than at any other point in time. Organisations have to do much more to demonstrate compliance and it can be a significant undertaking that requires time, resource and the right technology platform to get right, while managing and mitigating risk is a long-term and on-going task.
But what are the advantages of doing all this? How can a strong and demonstrable record of compliance and regulatory adherence be utilised by businesses?
Achieving and maintaining compliance
Looking at the obvious benefits first, a smart and modern GRC function will ensure that the organisation in question achieves compliance with whichever regulation that it needs to. For Financial Services (FS) firms, this could include legislation such as MiFID II, MiFIR, EMIR and Basel III, in addition to more general data privacy legislation, especially GDPR.
GDPR is a good example of how GRC can help maintain compliance. It’s a piece of legislation that applies to any organisation holding data on EU citizens, and it is looking like the EU will be more than willing to enforce some of the biggest penalty fines ever seen for non-compliance of GDPR.
But achieving compliance on existing data is one thing – fresh data will be generated almost constantly and that also needs to comply. A modern GRC function, working with a digital platform that uses a process-driven approach, is the best way to guarantee compliance on an on-going basis. Compliance doesn’t begin or end on a fixed date and so must be approached as a continuous requirement.
This peace of mind that compliance is guaranteed, both now and in the future, is a tangible and highly-valued benefit of GRC. But relying on automation for elements of risk and compliance, a key component of modern GRC, has other benefits too. Instead of humans trawling through compliance data, machines can not only do this much more effectively but also much quicker.
This can free up compliance teams to focus on other areas of the job. Compliance can be used as a more pro-active business function – with team members’ time freed up from more monotonous tasks, compliance used in this way can add more value elsewhere in the business.
Can compliance equate to profit?
But increasingly I think that demonstrating an organisation is well-run, governed effectively and is compliant can be a powerful marketing advantage for that company. We are already in an era where consumers hold much of the power and this can become an even greater driver for compliance.
Being a company with a strong record of compliance can be a true differentiator. With consumers asked for more and more of their information and data by brands and businesses, surely it stands to reason that they would favour the organisations that look after that data well, protect their privacy and respect their rights?
Consumer data is precious and has a real value to the business. When consumers become more aware of this, they will act accordingly. So any firm able to position itself as a champion of consumer data, well-governed and compliant with all regulation will be best placed to take advantage of that.
Perhaps in early 2019, it is still a little early to claim that a highly functioning GRC function can have a significant impact on attracting and retaining customers, and therefore the bottom line. But at the same time, consumers are increasingly aware of the value their data holds and one day soon may let this steer their purchasing behaviours.
For information on how Oxial can put the technology platform in place for a smart and effective GRC function, please get in touch with us here.
PP: “It’s difficult to say, but I don’t think so. Perhaps for data protection when an incident occurs, that could see one of the major fines, but that is still unlikely I would say.”
PP: “A massive fine is something that no organisation would want of course, but I think what could be equally damaging is the long-term brand implications of say, non-GDPR compliance. No bank wants to be known in perpetuity as the firm that does not look after its customers’ data properly, and the long-term damage to a bank’s credibility and trustworthiness could be vast. This is perhaps a greater risk than the threat of a fine.”