Governance and Risk Compliance in Banking Sector Report
VerifiedAdded on 2023/06/10
|13
|4699
|102
Report
AI Summary
This report provides an overview of Governance, Risk, and Compliance (GRC) in the context of the banking sector, specifically within the jurisdiction of the United Kingdom. It explores the current risk management process, emphasizing the importance of compliance management and the establishment of anti-money laundering/financial crime prevention teams. The report details the scope and importance of GRC, discussing its role in achieving organizational objectives and mitigating risks. It examines the functions supported by a GRC approach, including vendor management, policy management, and risk and compliance management. The report also discusses the implementation of risk and compliance management programs, including the formation of anti-money laundering teams. Furthermore, it offers recommendations for improving existing processes and concludes with an assessment of the effectiveness of compliance in managing risks within the banking sector.
Governance and Risk Compliance 1
Governance Risk and Compliance
Governance Risk and Compliance
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Governance and Risk Compliance 2
Executive Summary:
This report discusses the present risk management process in context of the compliance
management which also includes the formation of the money laundering/financial crime
prevention teams. Various approaches related to the Governance, Risk, and Compliance (GRC),
and these approaches help in managing the different issues related to the organization. This
report further discusses the implementation of the appropriate accounting policies and disclosure
policies, and also ensures the effectiveness of the internal financial controls.
Executive Summary:
This report discusses the present risk management process in context of the compliance
management which also includes the formation of the money laundering/financial crime
prevention teams. Various approaches related to the Governance, Risk, and Compliance (GRC),
and these approaches help in managing the different issues related to the organization. This
report further discusses the implementation of the appropriate accounting policies and disclosure
policies, and also ensures the effectiveness of the internal financial controls.
Governance and Risk Compliance 3
Contents
Executive Summary:....................................................................................................................................2
Introduction:...............................................................................................................................................3
Discussion:...................................................................................................................................................4
GRC & Its Scope:......................................................................................................................................4
Importance of GRC:.................................................................................................................................5
Risk and Compliance Management:............................................................................................................5
Functions supported by the GRC approach:............................................................................................6
Integrated approach for compliance risk management:.............................................................................8
Risk and compliance management program:..........................................................................................8
Anti-money laundering/ financial risk Team:...........................................................................................9
Implementation of risk and compliance management program:............................................................9
Recommendations:....................................................................................................................................11
Conclusion:................................................................................................................................................11
References:................................................................................................................................................11
Contents
Executive Summary:....................................................................................................................................2
Introduction:...............................................................................................................................................3
Discussion:...................................................................................................................................................4
GRC & Its Scope:......................................................................................................................................4
Importance of GRC:.................................................................................................................................5
Risk and Compliance Management:............................................................................................................5
Functions supported by the GRC approach:............................................................................................6
Integrated approach for compliance risk management:.............................................................................8
Risk and compliance management program:..........................................................................................8
Anti-money laundering/ financial risk Team:...........................................................................................9
Implementation of risk and compliance management program:............................................................9
Recommendations:....................................................................................................................................11
Conclusion:................................................................................................................................................11
References:................................................................................................................................................11
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Governance and Risk Compliance 4
Introduction:
Governance, Risk, and Compliance (GRC) is considered as the coordinated policy of the
company which mainly manage the large number of issues related to the corporate governance,
enterprise risk management (ERM) and corporate compliance in context of the regulatory
requirements. GRC is the combined groups of the capabilities which mainly ensure that company
achieve all the objectives, able to address the uncertainty, and also conduct all its actions with the
integrity (OCEG, n.d.).
GRC is not the concept which is covered under the three words that are Governance, Risk, and
Compliance, which means it is more than these three words. GRC is the concept which focuses
on the critical capabilities of the organization that must work together for the purpose of
achieving the principled performance. These capabilities of the organization include governance,
management, performance, risk, and compliance activities. This concept highlights the working
of different areas such as internal audit, compliance, risk, legal, finance, IT, HR, and also the
lines of business, executive suite and the board itself (Narasimhan, 2017).
This report mainly addresses the present risk management process in context of the compliance
management which also includes the formation of the money laundering/financial crime
prevention teams. This report is prepared in context of the Banking Sector in context of Banks of
International Settlements (BIS) in the jurisdiction of the United Kingdom.
Structure of this report includes the description related to the each stage of the risk management
process, and also the explanation related to the requirement of this process. This report also
includes the recommendations for the improvement of the existing process. Further, it includes
the discussion in context of the effectiveness of the management of risk by the function of
compliance.
Discussion:
GRC & Its Scope:
Governance, Risk, and Compliance is the concept which helps the organization in achieving its
objectives, which is accompanied with the responsibility to run the organization. It includes
number of processes and practices related to the different functions and departments of the
organization.
GRC might be implemented with the help of dedicated platform and other tools, but this is not
the necessary requirement. It is not important for the organization set-up a separate department
for the GRC, as there are number of organizations which establish teams for the purpose of
performing the functions related to the GRC (Lindros, 2017).
As stated in the definition, meaning of the GRC does not end with the three words that are
governance, risk, and compliance management, but it also includes the assurance and
Introduction:
Governance, Risk, and Compliance (GRC) is considered as the coordinated policy of the
company which mainly manage the large number of issues related to the corporate governance,
enterprise risk management (ERM) and corporate compliance in context of the regulatory
requirements. GRC is the combined groups of the capabilities which mainly ensure that company
achieve all the objectives, able to address the uncertainty, and also conduct all its actions with the
integrity (OCEG, n.d.).
GRC is not the concept which is covered under the three words that are Governance, Risk, and
Compliance, which means it is more than these three words. GRC is the concept which focuses
on the critical capabilities of the organization that must work together for the purpose of
achieving the principled performance. These capabilities of the organization include governance,
management, performance, risk, and compliance activities. This concept highlights the working
of different areas such as internal audit, compliance, risk, legal, finance, IT, HR, and also the
lines of business, executive suite and the board itself (Narasimhan, 2017).
This report mainly addresses the present risk management process in context of the compliance
management which also includes the formation of the money laundering/financial crime
prevention teams. This report is prepared in context of the Banking Sector in context of Banks of
International Settlements (BIS) in the jurisdiction of the United Kingdom.
Structure of this report includes the description related to the each stage of the risk management
process, and also the explanation related to the requirement of this process. This report also
includes the recommendations for the improvement of the existing process. Further, it includes
the discussion in context of the effectiveness of the management of risk by the function of
compliance.
Discussion:
GRC & Its Scope:
Governance, Risk, and Compliance is the concept which helps the organization in achieving its
objectives, which is accompanied with the responsibility to run the organization. It includes
number of processes and practices related to the different functions and departments of the
organization.
GRC might be implemented with the help of dedicated platform and other tools, but this is not
the necessary requirement. It is not important for the organization set-up a separate department
for the GRC, as there are number of organizations which establish teams for the purpose of
performing the functions related to the GRC (Lindros, 2017).
As stated in the definition, meaning of the GRC does not end with the three words that are
governance, risk, and compliance management, but it also includes the assurance and
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Governance and Risk Compliance 5
performance management of the organization. Now, scope of the GRC extended to information
security management, quality management, ethics and values management, and business
continuity management (Murari, 2013).
Importance of GRC:
If GRC framework is implemented in effective manner in the organization then it helps in
reducing the risk and improving the control effectiveness, security and compliance through the
combined and united approach which decrease the bad effects of the organization redundancies.
In the present situation, important of the GRC management is highest because of the difficult
nature of the business models and different operations in the organization. Risk is the factor
which is present at each and every stage of the organization, and whenever organization violates
any law and regulation it faces huge risk. In case risk and compliance management is not
adequate, then it exposes the organization towards the number of risks.
It must be noted that, cost paid by organizations for any mistake or non-compliance is very high,
and it also affects the reputation of the organization in adverse manner. This can be understood
through example, Japanese company known as Takata who was engaged in manufacturing the air
bags of car. Takata installed air bags in the car, but these air bags were dangerously faulty,
because of which Takata needs to recall the large number of cars from the market. Takata
becomes responsible for the largest auto recall in the history (Bora, 2018).
Non-compliance of the regulatory provisions not only impacts the reputation of the
organization in adverse manner but also result in the huge financial penalties and revocation
of licenses. Faulty or troublesome business models also make their contributions in context of
the downfall or reduction in the growth level of the organization. Now a day, there is more
complex business models in the organization and because of this organization adopt automatic
tools for managing the risk and compliance, and also ensure implementation of the
governance around it. Automatic tools help the organization in efficient and effective
management.
Above stated facts make it clear that, GRC is the concept which becomes most important
approach in the present business scenario and without this approach it becomes almost
impossible for the business to survive in the present business environment.
Risk and Compliance Management:
Compliance risk is also known as the integrity risk, as there are number of compliance
obligations which are framed for the purpose of ensuring the fair and ethical operations in the
organization. Compliance risk management is the most important area of the GRC framework.
This area of the GRC framework mainly includes the incident management, internal auditing,
operational risk assessment, and compliance with regulations.
performance management of the organization. Now, scope of the GRC extended to information
security management, quality management, ethics and values management, and business
continuity management (Murari, 2013).
Importance of GRC:
If GRC framework is implemented in effective manner in the organization then it helps in
reducing the risk and improving the control effectiveness, security and compliance through the
combined and united approach which decrease the bad effects of the organization redundancies.
In the present situation, important of the GRC management is highest because of the difficult
nature of the business models and different operations in the organization. Risk is the factor
which is present at each and every stage of the organization, and whenever organization violates
any law and regulation it faces huge risk. In case risk and compliance management is not
adequate, then it exposes the organization towards the number of risks.
It must be noted that, cost paid by organizations for any mistake or non-compliance is very high,
and it also affects the reputation of the organization in adverse manner. This can be understood
through example, Japanese company known as Takata who was engaged in manufacturing the air
bags of car. Takata installed air bags in the car, but these air bags were dangerously faulty,
because of which Takata needs to recall the large number of cars from the market. Takata
becomes responsible for the largest auto recall in the history (Bora, 2018).
Non-compliance of the regulatory provisions not only impacts the reputation of the
organization in adverse manner but also result in the huge financial penalties and revocation
of licenses. Faulty or troublesome business models also make their contributions in context of
the downfall or reduction in the growth level of the organization. Now a day, there is more
complex business models in the organization and because of this organization adopt automatic
tools for managing the risk and compliance, and also ensure implementation of the
governance around it. Automatic tools help the organization in efficient and effective
management.
Above stated facts make it clear that, GRC is the concept which becomes most important
approach in the present business scenario and without this approach it becomes almost
impossible for the business to survive in the present business environment.
Risk and Compliance Management:
Compliance risk is also known as the integrity risk, as there are number of compliance
obligations which are framed for the purpose of ensuring the fair and ethical operations in the
organization. Compliance risk management is the most important area of the GRC framework.
This area of the GRC framework mainly includes the incident management, internal auditing,
operational risk assessment, and compliance with regulations.
Governance and Risk Compliance 6
Non-compliance will result in severe consequences for the organization such as penalty and
personal liability such as payments related to the damages, fines, and voided contracts. It also
results in the loss of reputation and also the business opportunity, and devaluation of the
organization franchisee.
Operations conducted in banks play important role in achieving the objectives framed by the
banks and it also ensures the financial strength and freedom. Banks generally conducts customer
related banking activities, and also the activities related to the investment of its equity. All these
activities of the banks result in the risk related to the financial transactions and comprising credit,
and also the market and liquidity risks. However, some other important risks are also there such
as operational risk. In context of this risk framework, it is necessary for the organizations to
establish the risk management policies for the purpose of ensuring the identification, monitoring,
and reporting of these risks. For fulfilling these objectives bank frame the independent and
integrated function of risk management, as this function covers financial, operational, and also
the risk related to the non-compliance.
Risk management units develop the alternative policies and process, and also ensure that banks
complied with the applicable rules and regulations.
Functions supported by the GRC approach:
GRC framework provides support to the number of functions of the organization, and some of
these functions which are supported by the GRC framework in the BIS are stated below:
Vendor management: In this GRC play important role and ensure the effective and efficient
management of this department by relationship management and compliance monitoring. It
also facilitates the risk-based vendor selection approach.
Policy Management: GRC provides support in context of the documentation, workflow, and
policy lifecycle from the creation till the review of the same. It also ensures the amendments
in the policy and also the mapping of the policies with the help of authoritative sources.
Risk and compliance management: GRC provides support to the risk management
professionals in context of the documentation, workflow, valuation and study, reporting and
remediation of risks. It also allowed the organization to understand the risk carriage and it
also manage in context of the cost effective manner. GRC enables the organization in context
of the better management of the compliance position by performing surveys and self-
assessments, attestation, testing and remediation. It also provides support in terms of the ability
to reply to the changes occurred in the regulations (SDS, 2014).
Instead of choosing the different solutions in context of issues related to the compliance,
organizations prefer to choose the single platform of GRC. It must be noted that, whenever it is
required, organizations choose integrated solutions for the purpose of satisfying the particular
needs of GRC in the organization. GRC ensures the compliance in each and every area of the
business and also ensure the compliance with the national and internal laws and regulation, if any
applicable on the organization.
Non-compliance will result in severe consequences for the organization such as penalty and
personal liability such as payments related to the damages, fines, and voided contracts. It also
results in the loss of reputation and also the business opportunity, and devaluation of the
organization franchisee.
Operations conducted in banks play important role in achieving the objectives framed by the
banks and it also ensures the financial strength and freedom. Banks generally conducts customer
related banking activities, and also the activities related to the investment of its equity. All these
activities of the banks result in the risk related to the financial transactions and comprising credit,
and also the market and liquidity risks. However, some other important risks are also there such
as operational risk. In context of this risk framework, it is necessary for the organizations to
establish the risk management policies for the purpose of ensuring the identification, monitoring,
and reporting of these risks. For fulfilling these objectives bank frame the independent and
integrated function of risk management, as this function covers financial, operational, and also
the risk related to the non-compliance.
Risk management units develop the alternative policies and process, and also ensure that banks
complied with the applicable rules and regulations.
Functions supported by the GRC approach:
GRC framework provides support to the number of functions of the organization, and some of
these functions which are supported by the GRC framework in the BIS are stated below:
Vendor management: In this GRC play important role and ensure the effective and efficient
management of this department by relationship management and compliance monitoring. It
also facilitates the risk-based vendor selection approach.
Policy Management: GRC provides support in context of the documentation, workflow, and
policy lifecycle from the creation till the review of the same. It also ensures the amendments
in the policy and also the mapping of the policies with the help of authoritative sources.
Risk and compliance management: GRC provides support to the risk management
professionals in context of the documentation, workflow, valuation and study, reporting and
remediation of risks. It also allowed the organization to understand the risk carriage and it
also manage in context of the cost effective manner. GRC enables the organization in context
of the better management of the compliance position by performing surveys and self-
assessments, attestation, testing and remediation. It also provides support in terms of the ability
to reply to the changes occurred in the regulations (SDS, 2014).
Instead of choosing the different solutions in context of issues related to the compliance,
organizations prefer to choose the single platform of GRC. It must be noted that, whenever it is
required, organizations choose integrated solutions for the purpose of satisfying the particular
needs of GRC in the organization. GRC ensures the compliance in each and every area of the
business and also ensure the compliance with the national and internal laws and regulation, if any
applicable on the organization.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Governance and Risk Compliance 7
Reporting and managing the risk and compliance with the help of single platform generally
provides the all-inclusive opinion of the organization risk and compliance bearings to the both
executives and senior management of the organization. It can be said that, GRC platform
provides the functionality that provides the integrated approach over the wide range of the GRC
business requirements. There are number of sources from which information is taken by the
GRC platform, and all these sources are considered as important tools of the GRC platform. This
can be understood through example, dashboards and data analysis tools allowed the
administrators for the purpose of identifying and organizing the exposure related to the risk,
compliance in context of the external laws and regulations and also the fast quickly administer
vendor or client audits.
The most important role of the GRC is lie in this area, which means, GCR ensures the
compliance with laws and regulations, and also ensures that organization does not face any
penalty and financial obligations because of the non-compliance. Non-compliance also affects
the reputation of the organization in adverse manner. All these issues can be resolved through the
GRC compliance of the organization (Gillis, 2013).
Disaster recovery management: GCR helps in ensuring the business continuity in terms of the
disaster by ensuring the recovery from the disaster and crisis management. It also accesses the
critical position of the business processes, technologies. This framework helps the organization
in developing the plans which ensure business continuity and also the disaster recovery plans by
using the automatic workflow in terms of testing the plans and getting approval. GRC also
allowed the organization to conduct the business impact analysis for the purpose of better
understand the value related to the business processes and the people, application, and system
that provide support to the processes.
Audit services: In this GCR provides support to the internal auditors in context of managing the
work papers and scheduling the tasks related to the audit services, and also the time management
and reporting. Internal audit is considered as the approach which ensures strong relationship with
the compliance in the organization, as both addresses the difficult control factors related to the
structure of the organization. Effective implementation of the GCR framework in the internal
audit not only ensures compliance but also decrease the matters related to the abuse. If GCR is
implemented with proper efficiency and authenticity in the function of the internal audit then it
empowers those who are responsible for the compliance for the purpose of fulfilling their
mission. Internal audit also play important role in the compliance function as it has the unique
opportunity of being independent and also objective in context of its operations because of its
reporting structure. Report of the internal audit directly submitted to the board of directors of the
company (Pick n pay, n.d.). Following are the functions and areas which are addressed by the
GCR in context of internal audit:
Internal audit includes the review of the financial statements, interim report, preliminary
results announcement, and the summarized financial statements. In also ensures the
compliance with the international financial reporting standards and the applicable laws on
the organization.
It ensures the implementation of the appropriate accounting policies and disclosure
policies, and also ensures the effectiveness of the internal financial controls.
Reporting and managing the risk and compliance with the help of single platform generally
provides the all-inclusive opinion of the organization risk and compliance bearings to the both
executives and senior management of the organization. It can be said that, GRC platform
provides the functionality that provides the integrated approach over the wide range of the GRC
business requirements. There are number of sources from which information is taken by the
GRC platform, and all these sources are considered as important tools of the GRC platform. This
can be understood through example, dashboards and data analysis tools allowed the
administrators for the purpose of identifying and organizing the exposure related to the risk,
compliance in context of the external laws and regulations and also the fast quickly administer
vendor or client audits.
The most important role of the GRC is lie in this area, which means, GCR ensures the
compliance with laws and regulations, and also ensures that organization does not face any
penalty and financial obligations because of the non-compliance. Non-compliance also affects
the reputation of the organization in adverse manner. All these issues can be resolved through the
GRC compliance of the organization (Gillis, 2013).
Disaster recovery management: GCR helps in ensuring the business continuity in terms of the
disaster by ensuring the recovery from the disaster and crisis management. It also accesses the
critical position of the business processes, technologies. This framework helps the organization
in developing the plans which ensure business continuity and also the disaster recovery plans by
using the automatic workflow in terms of testing the plans and getting approval. GRC also
allowed the organization to conduct the business impact analysis for the purpose of better
understand the value related to the business processes and the people, application, and system
that provide support to the processes.
Audit services: In this GCR provides support to the internal auditors in context of managing the
work papers and scheduling the tasks related to the audit services, and also the time management
and reporting. Internal audit is considered as the approach which ensures strong relationship with
the compliance in the organization, as both addresses the difficult control factors related to the
structure of the organization. Effective implementation of the GCR framework in the internal
audit not only ensures compliance but also decrease the matters related to the abuse. If GCR is
implemented with proper efficiency and authenticity in the function of the internal audit then it
empowers those who are responsible for the compliance for the purpose of fulfilling their
mission. Internal audit also play important role in the compliance function as it has the unique
opportunity of being independent and also objective in context of its operations because of its
reporting structure. Report of the internal audit directly submitted to the board of directors of the
company (Pick n pay, n.d.). Following are the functions and areas which are addressed by the
GCR in context of internal audit:
Internal audit includes the review of the financial statements, interim report, preliminary
results announcement, and the summarized financial statements. In also ensures the
compliance with the international financial reporting standards and the applicable laws on
the organization.
It ensures the implementation of the appropriate accounting policies and disclosure
policies, and also ensures the effectiveness of the internal financial controls.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Governance and Risk Compliance 8
It conducts review related to the integrated reporting function of the group, and also
considers the factors and risks that mainly could impact on the annual report of the
organization in adverse manner.
It also reviews the sustainability disclosure in context of the annual report, and also
ensures its consistency with the financial information reported.
It also recommends the integrated annual report, annual financial statements and
corporate governance report to the Board for approval.
Asset management: In this GCR manages the difficult relationships and also the dependencies
in the organization by classifying and charting the application systems, databases, infrastructure
assets and facilities, important processes of business for ensuring adequate compliance,
continuity of business, and also the disaster recovery tasks.
Integrated approach for compliance risk management:
Risk and compliance management program:
This program establish the process which is used by the banking organizations for the purpose of
ensuring that organization and all the members of the organization complied with the rules and
regulations, it also ensure that organization and all the members of the organization known
which process needs to be follow in context of identifying and preventing the risks such as
money laundering and terrorist activities. Therefore, it is important that risk management
program is customized in such manner as it match the requirements and other policies and
procedures of the organization. Before developing this program it is necessary to understand the
client portfolio and the activities in which business is engaged. It is important that implemented
program must be understood and implied by all the members either at junior or senior level in the
organization.
Following are the most important elements which must be presented in the compliance and risk
management strategy of the BIS for the purpose of ensuring that BIS properly prevent the risk
related to the financial crime and other risks in the organization:
This program must be implemented in such manner as it is suitable for the client portfolio
of the organization and it also strengthen the business relationship in the organization
with their clients.
Program developed by organization must be able to identified and verified the risks
related to different areas such as financial risk, operational risk, legal risk, etc. risk based
approach in this program must be applied to these processes in more stringent manner in
context of those areas which include higher risk.
Program must ensure the continuous due diligence for the purpose of ensuring fair and
ethical transaction in the organization, and some additional due diligence measures must
be implemented in context of higher areas of risk.
It conducts review related to the integrated reporting function of the group, and also
considers the factors and risks that mainly could impact on the annual report of the
organization in adverse manner.
It also reviews the sustainability disclosure in context of the annual report, and also
ensures its consistency with the financial information reported.
It also recommends the integrated annual report, annual financial statements and
corporate governance report to the Board for approval.
Asset management: In this GCR manages the difficult relationships and also the dependencies
in the organization by classifying and charting the application systems, databases, infrastructure
assets and facilities, important processes of business for ensuring adequate compliance,
continuity of business, and also the disaster recovery tasks.
Integrated approach for compliance risk management:
Risk and compliance management program:
This program establish the process which is used by the banking organizations for the purpose of
ensuring that organization and all the members of the organization complied with the rules and
regulations, it also ensure that organization and all the members of the organization known
which process needs to be follow in context of identifying and preventing the risks such as
money laundering and terrorist activities. Therefore, it is important that risk management
program is customized in such manner as it match the requirements and other policies and
procedures of the organization. Before developing this program it is necessary to understand the
client portfolio and the activities in which business is engaged. It is important that implemented
program must be understood and implied by all the members either at junior or senior level in the
organization.
Following are the most important elements which must be presented in the compliance and risk
management strategy of the BIS for the purpose of ensuring that BIS properly prevent the risk
related to the financial crime and other risks in the organization:
This program must be implemented in such manner as it is suitable for the client portfolio
of the organization and it also strengthen the business relationship in the organization
with their clients.
Program developed by organization must be able to identified and verified the risks
related to different areas such as financial risk, operational risk, legal risk, etc. risk based
approach in this program must be applied to these processes in more stringent manner in
context of those areas which include higher risk.
Program must ensure the continuous due diligence for the purpose of ensuring fair and
ethical transaction in the organization, and some additional due diligence measures must
be implemented in context of higher areas of risk.
Governance and Risk Compliance 9
Program must set out the manner which ensures the compliance of the internal rules also,
because non-compliance of internal rules is considered as the biggest reason of non-
compliance of the laws and regulations applicable on the banking sector.
Program must include the training sessions for the senior and junior management of the
organization on continuous basis, for the effective implementation.
Current Risk Management Process:
Corporate Risk management strategy: Organization must frame the strategy in context of
managing its risk at each and every stage. This strategy must be connected with the main strategy
and goal of the organization.
Risk Assessment: Assessment of risk and compliance management program includes different
stages and all these stages are defined below:
Identification of the risk
Generation of the risk management context
Formulation in context of the risk criteria.
Analysis of relevant risk: Risk which is identified must be analyzed in proper manner, and for
this purpose organizations can adopt different strategies which evaluate the risk and suggest
treatments in context of identified and assessed risk. Assessment of risk is considered as the most
important stage of the risk process, as this is the only stage through which degree of the risk is
analyzed.
Risk Treatment: following is the process which is required in the risk treatment process:
Assessment of options.
Development of the action plan
Approval in context of the action plan
Implement the action plan
Compliance requirements related to the federal and state laws and regulations have been
increased in surprised manner and also impose its effect on almost each and every operational
area of the organization. In present business environment, compliance requirement is very
expensive and difficult process because of the complex new regulations, information sources,
operational impacts, etc. Banking industry usually manages the compliance workflow in manual
way, and this creates the difficulty in different branches or interstate operations and in different
lines of operations (JSER, n.d.). Because of all these it is necessary to implement the effective
risk and compliance management program at each and every stage of the organization.
Discussion in this context is stated below:
Identification of the risky areas: compliance required the assessments of the risk at the first
stage by using the defined criteria. At this stage, program also provides the score for quantifying
Program must set out the manner which ensures the compliance of the internal rules also,
because non-compliance of internal rules is considered as the biggest reason of non-
compliance of the laws and regulations applicable on the banking sector.
Program must include the training sessions for the senior and junior management of the
organization on continuous basis, for the effective implementation.
Current Risk Management Process:
Corporate Risk management strategy: Organization must frame the strategy in context of
managing its risk at each and every stage. This strategy must be connected with the main strategy
and goal of the organization.
Risk Assessment: Assessment of risk and compliance management program includes different
stages and all these stages are defined below:
Identification of the risk
Generation of the risk management context
Formulation in context of the risk criteria.
Analysis of relevant risk: Risk which is identified must be analyzed in proper manner, and for
this purpose organizations can adopt different strategies which evaluate the risk and suggest
treatments in context of identified and assessed risk. Assessment of risk is considered as the most
important stage of the risk process, as this is the only stage through which degree of the risk is
analyzed.
Risk Treatment: following is the process which is required in the risk treatment process:
Assessment of options.
Development of the action plan
Approval in context of the action plan
Implement the action plan
Compliance requirements related to the federal and state laws and regulations have been
increased in surprised manner and also impose its effect on almost each and every operational
area of the organization. In present business environment, compliance requirement is very
expensive and difficult process because of the complex new regulations, information sources,
operational impacts, etc. Banking industry usually manages the compliance workflow in manual
way, and this creates the difficulty in different branches or interstate operations and in different
lines of operations (JSER, n.d.). Because of all these it is necessary to implement the effective
risk and compliance management program at each and every stage of the organization.
Discussion in this context is stated below:
Identification of the risky areas: compliance required the assessments of the risk at the first
stage by using the defined criteria. At this stage, program also provides the score for quantifying
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
Governance and Risk Compliance 10
the vulnerability and business impact of non-compliance for the purpose of prioritize the
business activities. It is necessary to identify the risk because it makes all other processes easier
and reliable such as compliance, monitoring, reporting, etc. It is important to keep the board and
regulators informed in context of risks that might be result in the non-compliance of the risk.
Organization can modernize the work which is involved in the risk assessments because these
regulations have meeting and redundant risks, for preventing these risks with the help of the
consolidate assessment framework. For identifying the risks, common risk registry and risk
policies can be used by the organization, and organization can use different tools which already
done the mapping exercises such as software. With the help of the consolidated risk assessment
framework, organization separates all the silos and then conducts the risk assessments which are
required by the compliance mandates (ERM, n.d.).
Regulatory alerts: instead of holding the large number of technical and other regulatory
documents, it is necessary for the organization to work towards the clear executive summary that
mainly interprets the important matters only such as deadlines related to the actions, those areas
which are directly impacted, and also identify those who are accountable in the organization. It
also determines whether any approval is required for making any changes in the policies and
procedures. Through this stage, it becomes easier to link the compliance with the internal
structure of the organization, roles and responsibilities, and it also promotes the understanding of
the obligations in context of the key stakeholders. As risk in terms of the organization different
activities are already assessed, then it becomes easy for the organizations to prioritize those
activities which require more attention and resources in the organization. It must be noted that,
instead of having the critical information such as dates, forms , impacts, etc., it is easier for the
organizations to store all these information’s in relevant software’s, so that organizations get the
updates and relevant information on time to time. This stage also ensures the interaction which is
accompanied with the monitoring and response, and it is considered as rationalizes exercise
which decreases the burden of compliance on business areas (DPTI, 2016).
Impact on business: internal control procedures connected with the internal policies of the
business, and by assimilating the regulatory changes with the internal policies. This stage makes
the things clear what areas of the business are impacted and what actions required to be taken.
Tasks related to the workflow are automatically generated to the right people at the right time.
Now, internal policies are not required by the internal organizations for each and every area of
the business, but they can maintain the consolidated set of internal policies that can be related to
the multiple regulations, and ensure compliance of each and every regulation. Those
organizations which are not able to quickly determine the impact on business areas in quick
manner in context of the regulatory compliance changes will not able to survive in long run
(University of Adelaide, n.d.).
All the above stated stages are necessary to ensure the effective risk and compliance
management program in the organization.
the vulnerability and business impact of non-compliance for the purpose of prioritize the
business activities. It is necessary to identify the risk because it makes all other processes easier
and reliable such as compliance, monitoring, reporting, etc. It is important to keep the board and
regulators informed in context of risks that might be result in the non-compliance of the risk.
Organization can modernize the work which is involved in the risk assessments because these
regulations have meeting and redundant risks, for preventing these risks with the help of the
consolidate assessment framework. For identifying the risks, common risk registry and risk
policies can be used by the organization, and organization can use different tools which already
done the mapping exercises such as software. With the help of the consolidated risk assessment
framework, organization separates all the silos and then conducts the risk assessments which are
required by the compliance mandates (ERM, n.d.).
Regulatory alerts: instead of holding the large number of technical and other regulatory
documents, it is necessary for the organization to work towards the clear executive summary that
mainly interprets the important matters only such as deadlines related to the actions, those areas
which are directly impacted, and also identify those who are accountable in the organization. It
also determines whether any approval is required for making any changes in the policies and
procedures. Through this stage, it becomes easier to link the compliance with the internal
structure of the organization, roles and responsibilities, and it also promotes the understanding of
the obligations in context of the key stakeholders. As risk in terms of the organization different
activities are already assessed, then it becomes easy for the organizations to prioritize those
activities which require more attention and resources in the organization. It must be noted that,
instead of having the critical information such as dates, forms , impacts, etc., it is easier for the
organizations to store all these information’s in relevant software’s, so that organizations get the
updates and relevant information on time to time. This stage also ensures the interaction which is
accompanied with the monitoring and response, and it is considered as rationalizes exercise
which decreases the burden of compliance on business areas (DPTI, 2016).
Impact on business: internal control procedures connected with the internal policies of the
business, and by assimilating the regulatory changes with the internal policies. This stage makes
the things clear what areas of the business are impacted and what actions required to be taken.
Tasks related to the workflow are automatically generated to the right people at the right time.
Now, internal policies are not required by the internal organizations for each and every area of
the business, but they can maintain the consolidated set of internal policies that can be related to
the multiple regulations, and ensure compliance of each and every regulation. Those
organizations which are not able to quickly determine the impact on business areas in quick
manner in context of the regulatory compliance changes will not able to survive in long run
(University of Adelaide, n.d.).
All the above stated stages are necessary to ensure the effective risk and compliance
management program in the organization.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Governance and Risk Compliance 11
Anti-money laundering/ financial risk Team:
Recent changes occurred in the regulatory environment, drag the attention of the regulators,
authorities, and media on the issues related to the anti-money laundering. Now, financial
institutions are immense pressure to monitor and identified the suspected illegal activity. As the
result, there are number of organizations which are re-evaluating their programs related to the
anti-money laundering.
It is necessary for the organization to ensure the teams which mainly deals with the issues related
to the anti-money laundering, and this team includes number of persons such as compliance
officers, attorneys, bankers, former regulators, prosecutors, law enforcement officers,
accountants and information technology professionals. These professionals mainly possess
expertise in their respective fields and also ensure the required resources for the purpose of
helping their clients, assess, and manage the risks related to the money laundering and also the
terrorist financing.
Organizations can adopt different solutions in this context, and some of these solutions are stated
below:
Compliance Program and Policy and Procedure Reviews
Transaction Reviews
AML Consulting
Customer Reviews
Investigative and Operational Services
Technological Services
Training and Quality Assurance
Outsourced Money Laundering Officer Services
Recommendations:
Following recommendations are stated below in context of the risk and compliance management
in the organization:
BIS can outsource its number of activities for the purpose of reducing the cost of those
activities which required expert supervision and large number of documentation.
Outsourcing is the option which is used by the organization in different situations such as
in those situations in which expert advice is required by the organization, and in those
also in which organization wants to spend less amount.
Compliance risk management program of the organization fails to consider those internal
risks which can also cause huge damage to the organization such as quality of the
services provided to the clients, client satisfaction, internal corruption, etc. It is necessary
for the organization to address the internal issues also in the organization.
Anti-money laundering/ financial risk Team:
Recent changes occurred in the regulatory environment, drag the attention of the regulators,
authorities, and media on the issues related to the anti-money laundering. Now, financial
institutions are immense pressure to monitor and identified the suspected illegal activity. As the
result, there are number of organizations which are re-evaluating their programs related to the
anti-money laundering.
It is necessary for the organization to ensure the teams which mainly deals with the issues related
to the anti-money laundering, and this team includes number of persons such as compliance
officers, attorneys, bankers, former regulators, prosecutors, law enforcement officers,
accountants and information technology professionals. These professionals mainly possess
expertise in their respective fields and also ensure the required resources for the purpose of
helping their clients, assess, and manage the risks related to the money laundering and also the
terrorist financing.
Organizations can adopt different solutions in this context, and some of these solutions are stated
below:
Compliance Program and Policy and Procedure Reviews
Transaction Reviews
AML Consulting
Customer Reviews
Investigative and Operational Services
Technological Services
Training and Quality Assurance
Outsourced Money Laundering Officer Services
Recommendations:
Following recommendations are stated below in context of the risk and compliance management
in the organization:
BIS can outsource its number of activities for the purpose of reducing the cost of those
activities which required expert supervision and large number of documentation.
Outsourcing is the option which is used by the organization in different situations such as
in those situations in which expert advice is required by the organization, and in those
also in which organization wants to spend less amount.
Compliance risk management program of the organization fails to consider those internal
risks which can also cause huge damage to the organization such as quality of the
services provided to the clients, client satisfaction, internal corruption, etc. It is necessary
for the organization to address the internal issues also in the organization.
Governance and Risk Compliance 12
BIS fails to consider the standards defined by the number of Acts which define different
standards which must be adopted by the organizations for the purpose of getting the
regulatory alerts.
Conclusion:
After considering the above facts, it can be said that GRC framework paly most important role in
the organization, as this framework ensures effective compliance management in the
organization. GRC provides support to the risk management professionals in context of the
documentation, workflow, valuation, etc. Instead of choosing the different solutions in context
of issues related to the compliance, organizations prefer to choose the single platform of GRC.
There are number of sources from which information is taken by the GRC platform, and all these
sources are considered as important tools of the GRC platform. The most important role of the
GRC is lie in this area, which means, GCR ensures the compliance with laws and regulations,
and also ensures that organization does not face any penalty and financial obligations because of
the non-compliance. Non-compliance also affects the reputation of the organization in adverse
manner. All these issues can be resolved through the GRC compliance of the organization.
References:
Bora, S. (2018). Importance of Governance, Risk and Compliance (GRC). Available at:
http://www.eccinternational.com/blog/index.php/2018/03/06/importance-governance-risk-
compliance-grc/. Accessed on 29th June 2018.
DPTI, (2016). Risk Management Process. Available at:
https://www.dpti.sa.gov.au/__data/assets/pdf_file/0016/255310/Risk_Management_Process.pdf.
Accessed on 29th June 2018.
ERM. Introduction to Risk Management. Available at:
http://extensionrme.org/pubs/introductiontoriskmanagement.pdf. Accessed on 29th June 2018.
Gillis, A. (2013). Internal Audit vs. Compliance. Available at:
https://www.schneiderdowns.com/our-thoughts-on/risk-advisory-Internal/internal-audit-vs-
compliance. Accessed on 29th June 2018.
JSER. Governance, risk and compliance. Available at:
http://www.jsereporting.co.za/ar2016/pdfs/Segmented/governance-risk-and-compliance.pdf.
Accessed on 29th June 2018.
Lindros, K. (2017). What is GRC and why do you need it?. Available at:
https://www.cio.com/article/3206607/compliance/what-is-grc-and-why-do-you-need-it.html.
Accessed on 29th June 2018.
BIS fails to consider the standards defined by the number of Acts which define different
standards which must be adopted by the organizations for the purpose of getting the
regulatory alerts.
Conclusion:
After considering the above facts, it can be said that GRC framework paly most important role in
the organization, as this framework ensures effective compliance management in the
organization. GRC provides support to the risk management professionals in context of the
documentation, workflow, valuation, etc. Instead of choosing the different solutions in context
of issues related to the compliance, organizations prefer to choose the single platform of GRC.
There are number of sources from which information is taken by the GRC platform, and all these
sources are considered as important tools of the GRC platform. The most important role of the
GRC is lie in this area, which means, GCR ensures the compliance with laws and regulations,
and also ensures that organization does not face any penalty and financial obligations because of
the non-compliance. Non-compliance also affects the reputation of the organization in adverse
manner. All these issues can be resolved through the GRC compliance of the organization.
References:
Bora, S. (2018). Importance of Governance, Risk and Compliance (GRC). Available at:
http://www.eccinternational.com/blog/index.php/2018/03/06/importance-governance-risk-
compliance-grc/. Accessed on 29th June 2018.
DPTI, (2016). Risk Management Process. Available at:
https://www.dpti.sa.gov.au/__data/assets/pdf_file/0016/255310/Risk_Management_Process.pdf.
Accessed on 29th June 2018.
ERM. Introduction to Risk Management. Available at:
http://extensionrme.org/pubs/introductiontoriskmanagement.pdf. Accessed on 29th June 2018.
Gillis, A. (2013). Internal Audit vs. Compliance. Available at:
https://www.schneiderdowns.com/our-thoughts-on/risk-advisory-Internal/internal-audit-vs-
compliance. Accessed on 29th June 2018.
JSER. Governance, risk and compliance. Available at:
http://www.jsereporting.co.za/ar2016/pdfs/Segmented/governance-risk-and-compliance.pdf.
Accessed on 29th June 2018.
Lindros, K. (2017). What is GRC and why do you need it?. Available at:
https://www.cio.com/article/3206607/compliance/what-is-grc-and-why-do-you-need-it.html.
Accessed on 29th June 2018.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.