Many of my friends and colleagues in the financial services and health care industries are dealing with the onslaught of new risk management and compliance requirements from the recent changes in regulation. These rule changes are driving major changes and increased cost, however, with few tangible financial benefits at the individual firm level. Sure, the rules make it safer and less volatile for everyone, however, so would wrapping my son up in bubble wrap and blinking lights before allowing him to ride his bike outside.
All complaining and criticizing aside, many agree that, at this point, it's no longer a question of what needs to be done to comply, but rather how to best do it. There is a general perception that increased risk management and compliance is directly correlated with a more cumbersome business environment, resulting in slower business decisions and time to market. If the focus is on just adding more checks and balances, I can easily see how this can be true. However, this does not have to be the case. Is there a better way?
I think there is...
Another term for risk is "uncertainty," and another word for compliance is "constraints." In evaluating any decision (regardless if it is from a risk management or strategic perspective) it is extremely helpful if one:
* understands the key uncertainties
* has a clear view of any key constraints
Therefore, if we look more broadly at this as an opportunity to improve our capabilities to better understand uncertainties and constraints in decision making (not just the information that the regulators are mandating) ... then, the focus shifts to enabling higher quality decisions vs. just 'checking the box' on risk management and compliance requirements.
This means that instead of the risk management and compliance groups making their own processes and systems improvements and imposing them on the business, the effort is instead a broader enterprise initiative that involves groups like strategy, financial planning and analysis, and customer / business analytics.
For example, by treating this as a broader enterprise initiative from a systems perspective:
* The user requirements for new the systems will consider and be able to support more types of analysis and decisions.
* The data and information aggregated and distilled in the systems will cover a greater span of the organization, putting information from many different parts of the organization into one place that can be more readily accessed and used for both risk management and compliance, as well as business decisions.
* There will be a more direct tie between business information systems and the compliance/risk management systems since they would be imbedded in the same architecture, leading to increased efficiency and less redundancy.
* The information and insight available to each individual group would be broader, and therefore analysis and decisions by each of these groups would likely consider a broader perspective.
As a result, the system becomes much more of a business/customer/competitive intelligence tool than just a compliance and risk system. Organizations that do this well, can actually increase both the confidence that they have in decisions they make, as well as the speed/efficiency of making those decisions.
There is no question that this type of system would take plenty of time and resources. However, given that many institutions already need to make this investment to just upgrade their risk management and compliance systems, why wouldn't one want a systems that provided both business and compliance benefits?
DAVID M. WONG is director of cross-asset strategy and planning at CME Group, the world's largest and most diverse derivatives exchange.
February 27, 2012
Copyright 2012© LRP Publications