What does digitalization mean for Risk Management and Compliance?
You could argue that Risk Management and Compliance are already largely digital domains and digitalized, however it’s worth taking a second look when you consider the following characteristics I’ve encountered in these functions in companies around the world:
Lots of manual interaction
Many Risk Management and Compliance processes in organizations involve multiple separate spreadsheets, feedback and additions being sent back and forth via emails, spreadsheet outcomes pasted into slide decks and probably still some printouts with a busy executive’s hand-written comments.
Labor intensive processes
Compliance reporting and Risk Management requirements have developed so rapidly, that especially highly regulated companies like banks have solved an immediate need by hiring more people. Compliance and Risk Management departments have grown to enormous dimensions.
Generic and outdated toolsets
While digital tools are used in Risk Management and Compliance, these tools are often generic tools, such as spreadsheets or outdated solutions, like many GRC tools currently on the market. Processes are not necessarily streamlined and the quality of the output is highly dependent on the structuring and content of the user, as little guidance or content is provided.
So how can digitalization add value?
I believe there is huge value to be added through digitalizing Risk Management and Compliance processes, and the emergence of RegTech as a trend in late 2015 seems to support this.
If you are a company looking to optimize these domains or you are a RegTech with a solution you think can drive digitalization, try benchmarking them against the following questions:
Does it save money?
Risk Management is an expensive undertaking and measuring return on investment is difficult. Cost of Compliance is always matched against the Cost of Non-Compliance. Your solution needs to significantly tip the scales.
Can it commoditize something you do today?
Many Risk Management and Compliance processes are driven by experts applying knowledge or skills to analyze a specific issue. Digital solutions need to at least commoditize the legwork allowing experts to focus on high value risk analysis and decisions.
Is greater transparency enabled?
Assurance is generally provided on a sample based auditing approach. Highly scalable technology may allow full assurance coverage to increase compliance transparency, allow for better insights and enable more powerful risk analytics.
Are insights delivered faster?
With business moving faster, Risk Management and Compliance is more about detecting and reacting appropriately to a risk event than trying to prevent every possible scenario. The faster risk insights are delivered, the more powerful the GRC solution.
Does it create actionable results?
Most organizations have plenty of risk data, few can derive actionable compliance insights in near time from it. Smart RegTech solutions should streamline the process from capturing risk data to delivering actionable compliance insights to the right stakeholders.
I’m certain we will see some powerful RegTech and FinTech solutions in 2016 that can contribute to digitalizing Risk Management and Compliance successfully. Our vision for Alyne is to support Risk Managers and Compliance Professionals in focussing on developing and executing Risk Management and Compliance strategies. Their core competence should be finding smart ways to effectively comply with laws and regulations and mitigate risks. The heavy lifting of identifying and analyzing risks and compliance requirements should be digitalized and left to Compliance as a Service or Risk Management as a Service such as Alyne.
Image credit: CC-BY 2.0 Matt Jiggins on Flickr