By Ryan Swann, Chief Legal and Risk Officer, Think Money
Pioneering scientist Marian Diamond famously said: “If you always do what you did, you'll always get what you got.”
The same ethos applies for Risk Management and Compliance, which has not really evolved in many businesses for some years. While businesses have progressed their customer facing services and introduced new and innovative ways to support customers, the Risk and Compliance functions have often stood still. The same ways of working, the same reports and the same barriers to progressing.
Risk teams are keen to change though, while striving to become more pioneering and data driven. However, when speaking with Risk and Compliance professionals, I often hear similar stories and challenges:
We want to become more analytical but do not have the time
Our data is not structured appropriately for use and we find ourselves at the back of the queue for MI and reports
We report to management months in arrears and so the story has usually moved on by the time our report goes out
We don’t have the budget or skills in our team to analyse the data, even if we could get hold of it
So against a backdrop of increased digitisation and greater pressures to reduce costs and do more with less, how does the CRO lead the evolution of the Risk team?
1. Keep it simple.
Don’t over complicate matters. Small changes can make a big difference.
2. Review your reporting.
Can it go out earlier? Does it include information that nobody discusses but takes ages to produce? Does it look like a business pack or is it “created by Risk people for Risk people”? Use the ‘so what?’ test. If the information doesn’t tell the reader everything clearly then remove or revise how it’s presented and make it more visual.
3. Get closer to your data and tech teams.
Chat to them on what you want to achieve. Is there a quick way to create something in a collaborative platform such as SharePoint which could help? Could they train one of your team to extract the data? Although the vision may be to create your own Risk Analytics team, start with the basics.
4. Speak to your colleagues.
Are they getting what they need from Risk? Do they see it as value adding? If not, why not? Do they understand the team’s role and the information they send out? Again, keeping it simple is key here. Far too often, I’ve seen risk teams sit behind desks and phones. Risk by spreadsheet is never good. Get out and talk to people, even if it’s remotely for now! A 10-minute chat over a coffee can often prove far more insightful and uncover several risks in areas that both you and the business have not thought about.
5. Explore technology.
Whether it is simplifying the reporting process to streamline the data input or looking into a platform to record your risks, manage the controls and report and track issues. Technology will be able to help here to great advantage. Having the information all in one place saves lots of time and helps with reporting, data extraction and consistency. Not all systems are useful for smaller Risk and Compliance teams though. Make sure it does the basics and doesn’t require significant tech support to implement and an army to run the system in the first place.
As more and more businesses stride ahead with forward thinking customer solutions and an increasing number turn from bricks and mortar premises to online operations, the CRO must keep up. Their focus, for 2021 and beyond, should be to grow their teams’ skills with data driven analytics, provide visual and timely reporting and keep interacting with all areas of the business to understand the true risks being faced now.
But more importantly, they need to be aware about what’s coming down the line. Never forget though to keep it simple and you will ultimately reap the rewards in the form of a successful Risk Management and Compliance division.
Many thanks to Ryan for partnering with us on this piece. If you would like to join forces with MERJE in the name of our MERJE Meets or MERJE Insights series, please do get in touch