John Palmiero, SVP of EMEA at MetricStream
As 2017 nears its end, it has proved itself to be the second consecutive year of regulatory flux. President Trump’s election and the Brexit vote in 2016 shook the US and the European Union, creating a new political landscape which has already – and will continue to – shape future corporate governance requirements and expectations of businesses.
Organisations today need not only to balance the demands of shareholders and regulators, but also monitor public sentiment and pre-empt crises that may affect a business’ image. Reputation is more important than ever and corporate governance failings – which often grace today’s headlines – can be catastrophic. Not only can they greatly impact the business, sometimes fatally, but they can also have effects on the economy surrounding them. For instance, the 2007-2008 subprime mortgage scandal, where banks were selling mortgages to people who couldn’t afford them, led to the bankruptcy of Lehman Brothers Holdings, the bail out of the Royal Bank of Scotland and the global crash, all of which drove rising consumer mistrust.
Since then, strict regulations and overseeing bodies, as well as the financial punishments for non-compliance, have helped to keep sectors in check. Yet, the question now is whether companies have become too dependent on these factors to guide them towards good governance and compliance processes.
Deregulation and “re-regulation” fuelling the rise of self-governance
In the post-election United States and post-Brexit vote United Kingdom, businesses have faced regulatory change as well as increased uncertainty.
Companies in the States have been subjected to a regulation roll back, with President Trump stating, “We’ve cut more regulations than any president in history — by far, it’s not even a contest”. A move claiming to make things less onerous for businesses.
In voting to leave the European Union, Great Britain has left itself vulnerable to massive regulatory change. While the Financial Conduct Authority (FCA), The Information Commissioner’s Office (ICO) and other UK regulators will have their own agenda, it’s unknown how they will operate without the involvement of Brussels, and which of the EU laws will remain once Brexit takes place. When such uncertainty exists, it can be difficult for financial services firms to work within evolving regulatory boundaries. In light of these uncertain changes, businesses must prepare for more responsibility to be passed to themselves.
It’s not only the West that is seeing an increased need for self-governance. In areas where there is less corporate regulation such as in Asia, particularly the Orient, businesses have to work harder to attract investment from organisations in more heavily regulated areas like the West. These businesses are demanding proof, metrics and measurability of a strong corporate compliance culture, which helps to mitigate the risks of investments being lost due to scandals or links to unethical activities.
Furthermore, with oncoming regulations such as the Global Data Protection Regulation (GDPR) set to be implemented across Europe by May 2018, organisations that want to do business in or with Europe will need to adhere to the directive. It stands to reason that organisations with a strong self-governed governance, risk and compliance (GRC) culture will be able to maintain ties with European businesses more effectively, despite having no regulatory requirement.
The social media era and public sentiment
In today’s age of transparency, demand for corporate responsibility and governance isn’t coming exclusively from regulators, the average citizen expects more too; they expect the big technology companies to pay their fair share of taxes, for instance. On top of this, social media and sites such as Change.org have provided new platforms to consumer and given them a louder voice, regardless of whether they’ve actually ever been a customer.
Should businesses ignore appeals from the public and relax alongside regulatory easing, it will be a great risk to their own survival. Take the 2015 Volkswagen scandal, for example. The lack of internal corporate governance encouraged an environment of malpractice and led to cheating the diesel emissions test. On discovery of the scandal, the company suffered an immediate £22 billion fall in company valuation. This amount was generated through the cost of reclaiming the vehicles and clean-up, however, it is the loss of customer respect that cost the company dearest.
How self-governance can drive business value
Organisations are starting to understand the benefits of self-governance from both a preservative and reputational stance, and there’s a few reasons why.
Companies who have acted to establish a self-governing culture are able to streamline internal processes for maximum efficiency. Having every process – internal audit, compliance legal and risk management – working together under the same umbrella towards a common goal enables accurate and fast reporting to the board and other strategic decision makers.
Furthermore, businesses – particularly those in the finance sector where regulators are heavy on the ground – have found that if there is a measurable and consistent culture of compliance, regulators tend to leave them alone to self-discipline. For example, had Uber shown stricter self-governance, responding better to regulations and tweaked internal policies accordingly, the regulators may have had a more favourable attitude in the assessment of its London licence. In the eventuality of regulatory easing, it is those companies used to implementing their own culture that will find it easier to cope in the new environment.
Self-governing organisations also harbour a culture of trust and values throughout employee ranks. This means everyone knows how their role fits into the bigger picture, and they are less likely to act in ways that are self-serving. Companies with strong employee and customer bases are more resilient to changes in the landscape, giving them greater breathing space to react.
Instilling a self-governance culture
Regulation in the financial services is known for its constant fluctuation and as consumers continue to lobby businesses directly, it is time that companies established an internal culture of self-governance. Corporate culture is hard to implement but there are certain actions an organisation can take to begin to forge change.
Centralise the compliance function
Financial services organisations must unify any siloed and disparate GRC operations across multiple geographies and business units. Aligning GRC with the overall business strategy and objectives helps to create an integrated view of the risks and compliance requirements across multiple regulations that are affecting the entire organisation.
Implement holistic and integrated GRCprocesses
The approach to GRC processes should be holistic and integrated to help an organisation to standardise compliance management processes, taxonomy, and operations. This will reduce many of the redundancies created through multiple reporting processes configured for meeting different regulatory requirements. Mapping each regulation to the organisational objectives, business processes, risks, controls, and policies will help identify similar patterns across multiple business units and areas of compliance.
Establish a top-down and bottom-up approach
A successful self-governance culture relies on the message being conveyed and enforced from the top down. Employees should be participating and know how their role helps to achieve the business’ objectives, but their buy-in requires them to also believe that upper management is truly behind the new approach. Management should lead by example and act in ways deemed to be ethical, and held accountable for the times when they don’t.
Employees who spot flaws or potential improvements in the systems can help forge culture and financial firms should offer a recognition scheme to encourage activity. Any self-governed GRC programme should be evaluated at regular intervals and combining a rewards scheme with process evaluation is a win-win. This will include testing to see if potential risks are being identified and mitigated, compliance standards are being met, and appropriate actions are taken when red flags arise.
Establishing a top-down and bottom-up approach will push a culture of self-governance from both ends and as it meets in the middle, pressures directed from each side of the organisational chain will eventually turn into results.
Track regulatory intelligence and consumer sentiment
As regulations and consumer opinions are constantly changing, financial institutions need to refer to a variety of intelligence sources. Sources of regulatory content can come from regulatory agencies and trade associations as well as trade industry publications, and national and specialised media. To stay abreast of social sentiment, businesses should monitor social media feeds, particularly ones belonging to change influencers, as well as relevant sites and media, in order to analyse whether there will be demonstrations or other actions that are likely to impact the business.
Ensure consistent and efficient data flows
On top of various compliance requirements, more business processes are requiring data, which has led to a data overload in some organisations. Financial regulators are constantly demanding for more information to be submitted, which is getting accumulated in data warehouses. Businesses need to streamline collection and analysis to stay on top of self-governance streams and ensure actionable intelligence isn’t being ignored. A centralised and uniform data library connecting to the GRC framework ensures that each employee is seeing relevant data that creates standardised metrics which are comparable across the board.
As millennials – known for their high tech expectations – continue to enter financial services, organisations must adopt technology that encourages employees to actively, or passively, engage with GRC processes and, increasingly, this means turning to tools that have been consumerised. Self-governance requires GRC to be imbedded into all processes, but employees are known to cut corners if new systems are time consuming. Firms that invest in technology that can enhance productivity and simplify ways of working will drive business value, make GRC pervasive and therefore ease total corporate adoption.While self-governance can drive business value, rolling out technology that isn’t completely intuitive can stall, or even kill the initiative.
Technology should play a critical role in strengthening monitoring and management of both internal and external procedures. Integrated solutions should offer a common platform to provide greater visibility into risks and compliance issues. Organisations should also use tools to automate processes, streamlining and reducing costs of admin and data heavy processes as well as storing any important or relevant information in a centralised database for easy access.
Ultimately, it is not enough for financial corporations to simply follow and implement new processes based on regulations. They have to want to adopt ways of working that encourage good governance and ethical responsibility. Whether it’s in response to regulatory change or social movements, self-governance can ensure consistency and resilience in any organisation, no matter what external pressures they face.