When an extremely small Bank in Denmark, Københavns Andelskassehad 183 customers primarily from Ukraine that released 1645 AML alarms without much consequence or terminating the dubious relationships, there has to be something incredibly wrong in the compliance efforts. Many larger banks and organisations have a similar problem, but the blind spots in their GRC efforts do not send the red flags that escalate the issue.
Business struggles to connect the silos
There is a terrible kind of silo management style in the corporate or business world that encourages the prevalent disconnected supervision style. Instead of introducing cloud computing, big data, machine learning, and related functions to avoid that compliance costs continue to increase by leaps and bounds.
When operating in silos where management acts independently and without regard to other functions or departments invite duplication of compliance efforts and inconsistent responses, for decades it has been the most inefficient and less productive way to measure, monitor and manage.
When siloed organisations respond to enterprise-wide risk, a lot can go wrong. For starters, if every department responds in its way to regulatory compliance. At best, it is an inefficient way of doubling or tripling of the work,and at worst, it creates messy data that avoid the segregation of the company’s compliance approach to identify the gaps of non-compliance and transactions falling through the GRC cracks.
To encourage data sharing, accountability, and transparency, the first step is the introduction of an enterprise risk management framework with GRC elements and components.
There are several standard roadmaps and framework that can connect the management silo’s and create a platform designed for centralised data management. Frameworks and standards like the ISO 27000 series, NIST, the Copenhagen Compliance®GRC Capability Model, COSO 2013, COSO ERM 2017, ISO 31000:2019, ISO 19600:2014, PMBOK Guide, PCI DSS that all provide a stable base for managing GRC in their respective areas. Companies can then improve their mature risk management programs by introducing integrated risk management systems (IRMS), Information security management system (ISMS)that is supported by GRC technology.
Artificial Intelligence to categorise doubtful dealings
There is an urgent need to transform GRC efforts that risk-rate customers and third parties, account transactions and behaviour in real-time and review the alert based on network and linkage analysis and risk rating changes. The analytics-based solutions will identify multiple profiles of an individual customer without having to overhaul any of their legacy systems, which hold the siloed structured and unstructured data customer data and identify the enterprise-wide transaction monitoring and management of fraudulent activities.
Some of the above suggestions are achieved by the combined introduction of;
While some organisations need to take strategic measures to future-proof their GRC systems and policies, they must meet energetic regulatory compliance obligations as sophisticated financial and cyber-crimes keep on increasing. At the GRC-F (Foundation) Masterclass, we will leverage digital transformation and innovations to combat financial and cybercrimes by introducing Risk-based approach to GRC. It is about time that organisations throw the rule-based approach in the GRC compliance function, that manipulate, e.g. to launder money or address and be aware of financial and cybercrimes.