Controlling Risks Without Breaking the Bank
Control should add value… not cost
In response to corporate scandals such as Enron, the Sarbanes Oxley Act 2002 (SOX) was enacted. Since the introduction of SOX and the financial crisis in 2007, regulators have sought to ensure that banks are operating safely on both an individual and systemic basis. Senior executives are becoming increasingly aware that improving and demonstrating control of non-financial risk has a direct and substantial impact on their bottom line. This ranges from reducing running costs, losses, regulatory penalties and capital requirements to enabling them to accurately evaluate risks and opportunities to manage them within appetite.
This is a complicated challenge because nonfinancial risk permeates every banking activity, making it difficult to apply the same quantitative approaches and techniques that are used to manage financial risk. In response to this, regulators are placing even greater importance on the use of control frameworks to mitigate non-financial risk.
To date, the implementation of control frameworks has been an expensive endeavour that has transpired more by regulatory necessity rather than by design and has resulted in a multitude of inconsistent control frameworks that are neither aligned nor efficient. Despite this investment, financial institutions are still unable to present a coherent account of their control environment and regulators can justifiably claim that they are too complex and too big to operate safely.
However, this presents a significant opportunity to those organisations that recognise and respond to these challenges as they can develop a substantial and lasting competitive advantage over their peers. Organisations can, for the first time, converge existing control structures into a single cohesive non-financial risk control framework that can be calibrated with traditional financial risk management to create an Enterprise-wide control framework.