Guest Contributor: Alberto Corvo, Managing Principal, Financial Services, eClerx
The financial services industry has a history of inadequate controls, which is evidenced by the occasional scandals, rogue traders and meltdowns. The constant change may be one of the reasons the control environment of these organizations doesn’t keep up. Whichever way it is analyzed, the conclusion is that what has been “business-as-usual” so far does not provide the mechanisms necessary to properly optimize management of internal risks. A new approach is needed – that much is clear.
Optimizing the risk control culture and practices within an organization reaps many far-reaching benefits across multiple facets. Providing tactical quick fixes on a project basis, engaging consultants to have “another set of eyes” look internal processes, or providing a full/partial outsourced solution are all pieces of the puzzle that can and should be put together to address the challenges at hand. Risk is pervasive throughout an organization and can arise from multiple events or conditions, external and internal factors, and decisions and choices made by many diverse groups within the company. As an example, particularly risky are situations where individual choices are not dangerous, while the combination of a few of those is. A strong risk management process – that goes both broad and deep – is now a necessity.
Tightening and strengthening internal controls are an obvious reaction to the issue, but the reality is that a wider and deeper approach is mandated in order to make the necessary root and branch reforms. By predicting undesirable activity early through the use of multiple measures across the trade lifecycle, a financial services organization can maintain solid footing without the fear of a catastrophe. Full trade lifecycle monitoring encourages spotting issues early and ensures that the contamination does not spread. Organizations must implement lifecycle aligned workflow tools, processes and training to enable their people to execute a more well-rounded control framework. Furthermore, it is important to separate the data analysis function from the “data-crunching” function. Outsourcing the latter will provide more resources for the former.
A vital weapon in the arsenal of a finance professional should be real-time control dashboards that assist in the identification of potential upcoming risk. The key objective of these must be to ensure that red flags are escalated up the chain of command quickly. Policy makers, regulators, financial institutions and stockholders all demand safety and compliance, and hence organizations must work to ensure that an end-to-end holistic approach is implemented – whether in control design and execution, or in issue identification and resolution. All too often complying with these multiple parties demands is performed in silos resulting in the lack of “joined-up” thinking and wasteful use of resources to achieve similar and related goals. It’s important to develop a matrix view of controls that map requirements, stakeholders and responsibilities, with the aim of designing a single control structure that can meet multiple needs.
Currently, financial services organizations overlap siloed organization structures with overarching risk committees that are tasked with managing risk holistically. However, such control committees are often tasked with overly onerous workload given the allocated resources. Given the importance of getting this absolutely right, financial services firms should leverage outside help to design the controls and carry out the production of the reports, while maximizing the ROI on internal activities by utilizing them in analytic and predictive tasks.