Management

Delivering competitive advantage

 Print E-mail
Written by John Pfuhler, director, Product Management at CheckFree   
Thursday, 28 August 2008
Building a vital bridge across siloed compliance and operational risk initiatives requires the cornerstones to support it.

Just another ‘necessary evil’ is what comes to many a mind when considering the endless wave of regulatory and legal mandates.

With organizations diversifying both geographically and materially in their pursuit of new markets and profits, the ability to simultaneously juggle multiple compliance mandates such as Sarbanes Oxley, MiFID, AML and Basel II  is rarely considered a business opportunity.

However, when you apply internal standard operating procedures or additional operational policies from business partners, it becomes clear that a holistic plan to address all of these mandates, as well as those to come, would be the best way to achieving compliance while maintaining profitability.

Why then does the banking culture still veer towards unsustainable, one-time, silo-based compliance projects and why are these compliance projects in turn seen as independent of other operational risk management initiatives?
For many organizations, the multiple risk and compliance initiatives can seem like insurmountable barriers.

 Yet indications suggest that the trend toward increased regulation is set to intensify in the coming months and years. In addition to the regulations already in place, the international finance industry alone already faces as many as 20 new initiatives in the next three years.

Culture and habit prevail so holistic integrated strategies are often passed over in favor of one-off compliance specific or operational risk projects that do not account for the significant overlap across multiple regulations and operational silos.

Each time a new mandate is introduced or changes occur there is a mad rush to develop yet another audit checklist or apply modifications to existing checklists; thereby introducing a vicious, overlapping cycle.

There is also the need to review all of the relevant software applications that correspond to specific compliance or operational risk requirements. The consequence is costly in terms of duplication of efforts, disparate technology solutions, and counterproductive remediation efforts that often go undetected until the next testing cycle occurs.


Where then are the executives with the holistic view of all industry and regional mandates facing their organization? Where is the corporation’s ability to make fully informed decisions? Without it companies remain vulnerable to the increasing complexities and interdependencies of enterprise risks.


Converging efforts to achieve compliance across multiple mandates and mitigate operational risk, while simultaneously enjoying a return on investment may seem like a complete paradox.

It clearly calls for a paradigm shift across the entire organization, starting with senior management. Looming compliance deadlines, fear of financial losses, damage to reputation, tightening budgets and pressure to improve the bottom line, mean this concept of convergence can be a hard sell to those who can shepherd in change.

However, even the toughest critic must admit that the current labor intensive, fragmented approach isn’t sustainable in the long-run.

Forward thinking organizations are recognizing that critical cornerstone business processes such as reconciliation and exception management form a “foundation” layer as well as an early warning system upon which financial governance can be built.

Timely and accurate reconciliation of the balance sheet, segregated management of exceptions and automated risk alerts can detect irregularities at an early stage before developing into a corporate crisis - it is no coincidence that this foundation layer and its management of transaction integrity is where the auditor typically starts.

A two-pronged strategy can be devised whereby the first prong emphasizes the need for clean reliable data to drive risk analytics and the second prong emphasizes control activities including approvals, authorizations, verifications, reconciliation totals and segregation of duties.

Combined together, it becomes clear that reconciliation and exception management best practices can drive enablement of an array of compliance and operational risk initiatives including SOX, Basel II and Solvency II.

By applying a strategy based on cornerstone processes organizations can better leverage IT investment and resources.

These cornerstone processes focus the back office on delivering key operational benefits such as increased productivity and risk mitigation while also satisfying the internal control requirements of the various compliance mandates.

This focus allows organizations to derive multiple benefits from a single solution implementation and ensure that through their own controlled implementation they satisfy auditors and regulatory bodies by maintaining the integrity of transactional data.  

Through these cornerstone processes a vital foundation layer is formed for a strong operational risk management framework whilst naturally traversing and enabling multiple compliance and control mandates. This is in line with Federal regulators who have called for ‘a consistent and comprehensive capture and assessment of data elements, needed to identify, measure, monitor and control the bank’s operational risk exposure.’

When reviewing process automation systems, opportunities exist to identify and collectively review business processes that are relevant across multiple governance, risk, and compliance initiatives. By abandoning the myopic approach to business process review across all of these workflows, potential problems can be identified and improvements simultaneously applied across compliance initiatives.

In short, no one will argue that you’ve achieved your goal if a 15-step manual business process delivers effective internal controls. However, if a brief review of this business flow could produce a five step process largely managed by automation, your benefits will clearly extend beyond compliance alone.

The moral of the story: bare minimum, silo-based projects may lead to bare minimum compliance and operational risk management at a hefty cost. Without a more strategic integrated approach, your organization is not only perpetuating the rising cost of compliance and operational risk management and its reputation as a necessary evil, you are also likely leaving ‘free’ money on the table.

Who knows, business process improvements, automation, or potential functional centralisation with a holistic approach might even deliver that all important competitive advantage.


 
 
Share this article:
Digg It! Digg it!   Post to del.icio.us del.icio.us   Seed in Newsvine Newsvine   Post to reddit Reddit   Facebook  Stumble It! Stumble It!  

Subscribe to our weekly newsletter for top jobs, news, blogs and more

Get the latest senior finance job roles, news, blogs, features, industry moves and opinion delivered directly to your inbox every week. Sign up here .