Compliance and risk management in financial services: Where the two practices meet
There is no question that compliance and risk management are inextricably connected, both playing a fundamental role in helping to prevent threats to business stability and brand reputation.
However, as global regulations and pressures from stakeholders continue to rise, it is critical that financial organisations understand the key distinctions – and similarities – between the two disciplines, as well as where their activities overlap.
The blurring lines of risk and compliance
Where once firms endeavoured to simply maintain good business practice, today, they must adhere to a plethora of legal requirements to ensure that they behave in a fair and ethical manner. Due to the increase in regulatory pushes in recent years, the lines between risk and compliance have become somewhat blurred.
Take, for example, the Sarbanes-Oxley Act of 2002, which calls for risk management functions to be incorporated into the regulations, consequently making compliance an integral part of the wider ERM strategy. The same goes for the 2010 Dodd-Frank Act, which was brought in to, among other things, address risk management oversight concerns from both a macro and micro perspective.
What is the difference between compliance and risk management?
Risk management, as we know, involves identifying and evaluating all risks faced by an organisation, whilst formulating a response to mitigate those risks. This crucial function not only helps to build greater resilience in a changing business environment but also tackles the very issues that may prevent a company from obtaining its core objectives.
Meanwhile, compliance management relates to following the applicable laws, regulations, codes of conduct, internal policies and best practices to reduce the likelihood of economic loss or damage to reputation.
This means that non-compliance, in itself, is a risk – and it is where the overlap occurs.
Compliance risk management
So, if non-compliance is considered a risk, then surely compliance should be used as a tactic to address certain risks?
The Senior Managers and Certification Regime (SMCR), for instance, requires individuals to be more accountable for their conduct and competence, thus promoting greater governance and strengthening market integrity. Compliance with this regulation may directly reduce human capital risks, such as misconduct or turnover. Likewise, conformity to anti-money laundering (AML) legislation could lessen exposure to fraud risk.
After all, compliance essentially boils down to protecting businesses against the risks born of a disregard (or lack of awareness) to established rules and regulations. This ensures that firms are not compromised and protects the interests of key stakeholders including investors, employees and customers.
Because of this, compliance management practices can play a major part in helping to alleviate risk operations – and vice versa.
Harmonising risk and compliance practices
In many financial firms, risk and compliance activities are often handled by two separate departments. Yet the pitfall to this is that compliance risk may be viewed in isolation from other enterprise risks, leading to a disjointed approach.
Most senior leaders will agree that a clear oversight of compliance regulations is vital to protecting an organisation from risks. For risk professionals, this means understanding the risk of non-compliance in equal depth as any other business risk to help shape the ERM strategy. In the same way, compliance professionals should be educated on the company’s risk appetite to aid better decision making.
Where risk and compliance are segregated within the organisational structure, managers should look to implement lines of reporting that incorporate compliance within risk management planning and execution to bring the two areas together. Risk management technology can help to streamline this process, providing a real-time view of compliance risk, as well as all other risks that institutions face within the financial services sector.
Another considerable benefit of automating risk management processes is the ability to communicate important policies from a central document repository to embed a greater culture of compliance amongst the workforce and to reduce the risk of a breach.
Risk management solutions can also make light work of otherwise tedious administrative tasks, whilst serving as a crucial analytics tool to help businesses focus their attention where it is most needed in a world where the two disciplines are constantly changing.
Granted, risk and compliance require independent approaches – but do they also align where they need to in your organisation?
Discover how Admiral Group have integrated their compliance and risk management practices through our enterprise risk management software, leading to greater assurance that they are meeting the requirements of both the regulators and their executive teams. Download the full case study.
Integrating compliance and risk management practices
Discover how our enterprise risk management software ensures compliance & risk management practices are meeting the requirements of regulators at the Admiral Group.