BUSINESS

5 Challenges to Overcome in Governance, Risk and Compliance-Magazine

By David Northmore, VP of EMEA, MarkLogic 

David Northmore

David Northmore

There is a saying that trouble comes in threes. When it comes to managing the triumvirate of Governance, Risk and Compliance (GRC), many financial institutions would agree. The Financial Conduct Authority(FCA) imposed fines worth £22.2million on banks and other city firms in 2016 for non-compliance.  Although this total is a shadow of the blockbuster billions of penalties dished out in 2014, there is no sign that the regulator’s approach is softening. And that’s before adding up the eye-watering costs pertaining to litigation or time spent addressing the actual problem or salvaging a financial firm’s reputation.Traditional, long-established financial institutions are paying a heavy price whereas new financial disruptors seem to be better placed.  That’s because, when adopting GRC strategies, financial heavyweights in particular are facing five main challenges:

1: Organisational:The complex business processes supporting financial operations are often linked to a labyrinth of cumbersome IT systems that are manual and paper-driven,which are both expensive and time-intensive to maintain.Several traditional banks are still operating their core banking systems on mainframes and associated CRM, HR, or multi-software vendor solutions. As IT organisations are slow to implement modernisation plans, business sponsors have leveraged cloud-based services to better target their customers and gain a competitive edge.But these shadow IT applications are getting out of control.  For valid historic reasons, banks also frequently have a multitude of individual product lines and trading systems that feed into specific information silos.  The flurry of M&As hasn’t helped either, creating even more trading system fiefdoms and unconnected data silos. New regulatory pressures now dictate that these have to be cobbled together somehow to provide an integrated, consolidated view for reporting purposes.

2: Psychological: There needs to be a change of mindset around GRC strategies. After all, there are two sides to the compliance coin. Rather than viewing regulation simply as an operations constraint, the financial sector has a golden opportunity to profit from getting its data in better shape. By building a single, consistent and persistent 360-degree view of their customers, employees or citizens,financial institutions can gain valuable and potentially revenue-generating insights into their business processes and customers’ preferences.

3: Financial:The cost implication is the third critical element. Compliance alone represents a huge and rising cost to an organization. Compliance professionals from financial services firms across the world took part in the recent Thomson Reuters annual survey,which highlighted an increase in compliance spending by 60% in North America and 75% in Europe over the course of 2016. These numbers look even bigger when the cost of risk management solutions and data governance platforms is added.

4: Technical:Unlike the financial establishment, new fintech players are not burdened with technology conceived in a different era.  The likes of Masthaven and N26.com are the new kids on the financial block. These new modern banks have built flexible technical frameworks, using technology which can nurture their business,as well as keep the regulators happy by coping with an evolving regulatory landscape across multiple jurisdictions. Regulators are also investing in new technology and talent in order to understand this new tech deal ecosystem and to adapt to regulations and their reporting requirements. It’s perfectly feasible that in the near future being compliant will involve integrating a Regulator API directly into the IT organization of the bank.

5: Political:Political and public pressure on regulators are both crucial considerations. Inevitably regulations will be withdrawn from the market and new ones introduced as the political pendulum swings.President Trump’s desire to dismantle the Dodd-Frank Act is a case in point. Likewise, the change of CEO at the FCA last year has implications for the regulator’s approach – to say nothing of the potential impact of the UK’s planned divorce from the European Union.

To succeed with their GRC projects, traditional banks should not see governance, risk, and compliance as three disparate disciplines. If they do, they will continue to create more organizational and data silos, which in turn are more difficult to change over time.

As several financial firms have already discovered, there is an easy way to bring all these silos of data together. Using an operational data hub or Trade Store approach – built on a flexible, enterprise-grade NoSQL database with integrated Google-like search – can pay dividends for data challenges where the data and requests from regulators change over time.

Some banks have tried and failed to use their legacy relational databases to build an operational data hub or Trade Store,only to find that their data becomes stuck.  The changing nature, variety, and complexity of trading data for example does not lend itself to the rigidity of a schema-based relational model.  With each separate trading system comes a new schema, requiring complex interfaces to reconcile the disparate fields.  If anything changes, which of course it always does, at a minimum everything needs to be tested or, more frequently, re-designed.  An additional constraint with traditional relational databases is the need to know what queries you will run in the future when you are still in the decision stage.  Our experience shows that relational databases are simply not agile enough to integrate mission-critical data across many silos.

ABN AMROis using MarkLogic to bring vast amounts of unstructured and structured trade data into one central, easily manageable operational trade data store. With a consistent, transparent record of every order and trade event, ABN AMRO is able to comply with internal and external reporting requirements in a fast and flexible manner now as well as in the future.

Another global investment bank built a Trade Store on the MarkLogic database in just six months even though it connected over 30 trading systems. This Trade Store brings vast amounts of unstructured and structured data into a central repository accessed by many lines of business applications. This approach allows the bank to support various reporting requirements, including regulatory reporting, and helps to protect against regulatory fines.

There is also a saying that good things come in threes – and there is indeed a flipside to the GRC coin. GRC isan enabler to driving business value.Being able to aggregate data from disparate sources is an essential component in today’s regulatory environment. If data can’t be effectively integrated so that it can be easily sourced, searched and analysed, it’s simply not useful to the business. By untangling the knots of data currently segregated in numerous silos throughout their organisations, and applying effective metadata management capabilities to their data lakes, financial institutions can gain valuable and potentially revenue-generating business insights, as well as ensuring relief from the international complexity of ever-changing regulatory compliance requirements.

“Original publication in Finance Digest Issue 1 https://www.financedigest.com/finance-digest-print-magazine/
To Top