Small and medium financial services organisations are undoubtedly where the most exciting new developments in the financial services are happening. Be it FinTechs or specialised traditional players embracing new digital channels - these companies are often outpacing the established industry leaders. While smaller size and less organisational complexity can be an asset for change, it is also a liability when facing similar regulatory and risk management requirements as much larger organisations with a larger head count to deal with these challenges.
Some typical challenges currently include understanding gaps in meeting GDPR requirements around data privacy, efficiently managing and understanding operational risk, getting the entire organisation involved and aware of cyber threats and smart ways to safeguard data or fully understand the risk that multiple vendors pose when processing critical information on your behalf.
How do you find agile approaches to these challenges?
Make it easy for people to interact
The challenges mentioned before all have in common that they require people interacting to be successful. The foundation for interaction is a system or solution that people in your organisation want to use and has minimal barriers for entry. Most likely, a spreadsheet doesn’t meet these requirements.
Focus on the business problem
Focus on the business problem rather than the underlying administration. Too many risk managers are more focussed on manual risk data processing or manual analysis of compliance information rather than defining and implementing mitigation strategies or assisting the business in adapting to new regulation. This is not necessarily the fault of risk professionals, but rather of tools that currently fail to support assurance teams in data analysis. Make sure your solution can automate, streamline and industrialise as much of your risk processes as possible.
Encourage informed decision making
Provide your business with the right information at the right time to make risk aware and smart decisions. When relevant information is not available and requires reaching out or getting approvals from multiple people in the organisation, risk and compliance is quickly seen as obstacles for business processes. Make required information easily available, enable self service workflows and people will embrace this guidance and make informed decisions.
Iterate and experiment
Iterate, experiment, interact, discuss - compliance and risk management should not be an ivory tower function. This is what regulators intend when they talk about risk culture. That's why at Alyne we have taken social media as our model for interacting with risk and compliance data. Monolithic and rigid systems as well as spreadsheets will work counterproductively to this goal.
Avoid the big bang
As with agile software development, take specific risk and compliance workflows and roll them out quickly to parts of the organisation, test, improve and roll out further. Big bang approaches make corrections after roll out more disruptive and thereby limit your flexibility. A smart tool will be able to dynamically aggregate data later on.
We hold ourselves to enabling these principles at Alyne and this thinking flows into every new feature we design and every upgrade we make to existing functionality. Of course we also apply this to our own risk and compliance processes. Does this match your thinking and experience? Let us know.