Compliance and risk, is there an easier way?

While IT chiefs of banks have made great strides in compliance projects, often different families of risk are managed quite separately, and many firms are failing to take a co-ordinated approach to governance, risk and compliance.


IT teams doing long hours in the City building and integrating compliance systems are unconvinced that software frameworks are about to make their lives a whole lot easier.

With less than 100 days until Markets in Financial Instruments Directive (MiFID) kicks in, many IT chiefs and compliance officers are focusing on this one directive, rather than taking the time to work on centralising their compliance efforts with a governance, risk management and compliance (GRC) framework.

Yet a recent report published by risk consulting firm Protiviti says that in a regulation-driven world, compliance frameworks are the way forward, although executives face substantial challenges in implementing them.

The appeal of a GRC framework is that they span operational risk, credit risk, market risk, financial reporting compliance and IT governance and offer a holistic alternative to the fragmented point solutions available in the market.

The report states that the use of GRC software is on the increase. According to the survey, 34% of firms have already implemented a GRC framework, while another 22% anticipate they will do so.

Certainly, the scale and expense of compliance exercises is beginning to prompt a more centralised response from big financial services players, hope the suppliers.

"Banks are easily spending €10m (£6.68m) each on MiFID compliance alone," points out Sunil Chopra, CEO of outsourcing firm Tata Consulting Services. Chopra has noticed a greater desire for implementing centralised systems that take a top down view of all across the enterprise.

And the volume of duplication of effort uncovered in running multiple compliance tasks is also quickening the search for a more centralised approach according to S.Ramakrishnan, CEO of Reveleus and Mantas. His thesis is that Basel II and its requirement for operational risk was a catalyst for discussion of generic frameworks: “People implementing [solutions to comply with Basel II] were in the interesting position of looking across the office and seeing colleagues involved in very similar work for Sarbanes Oxley."

Yet financial regulation think tank JWG-IT Group has found that IT departments are sceptical that GRC frameworks are going to change their lives just yet. In a report published in June, the group said that only 20% of companies questioned are confident that implementing MiFID systems is an opportunity to gain a competitive edge with improved offerings.

"The vast majority of firms sit amidships and believe they still have much to do and the remaining third are planning just minimal attempts to keep regulators and clients at bay," according to the bulletin.

"The difficulty most organisations have with MiFID is that it’s so broad, it affects the whole bank and responsibility and ownership is hard to pin on just one person," says PJ Di Giammarino, co-chair of the MiFID working group. “All those products are being touted do different things. True there are some end-to-end solutions, but they’re for a piece of the picture, like financial reporting,” he says.

"Recommended For You"

MiFID: Time for action, not words European companies fail with compliance