Staying on top of governance is an increasingly steep uphill struggle. Enterprise governance solutions provider ACL offers a life line.
If anything in the world of risk management is beyond argument, it is that the administrative burden upon the 1LOD – including both business managers and supervisory teams – is getting greater and greater. One is tempted to wonder if the breaking point is at hand.
Regulators have not grown less zealous in their oversight. In 2016, for example, Thomson Reuters captured no less than 52,506 updates from 75 global regulators, averaging more than 200 for every single day. This was almost double the alerts seen in 2013. So, far from slackening the pace as memories of the global recession recede, regulators appear to be doubling their efforts.
In the face of this onslaught, the front office control function has had to develop more and more controls and tools. Managing them all effectively and efficiently has become a major headache for firms, and provides a significant challenge for governance. This is where ACL, global provider of enterprise governance solutions, comes in.
Gain a panoramic view
“There is a proliferation of disparate tools and technological solutions that the 1LOD implements. The challenge is to make sure that they are effective, and working together effectively, consistently and continuously. Tools like ACL are no longer a nice-to-have, they’re a necessity in order to get a handle on governance,” explains Tom Faraday, senior product manager, ACL.
The answer is to streamline the entire governance process using a tool like ACL, a fully integrated risk management platform. By standardizing and unifying all 3LOD processes in a single platform, confusion and the burdensome complexity of governance activities are significantly reduced.
The standalone platform combines an organisation’s critical risk and control frameworks in one place, allowing any supervisor a single shot of a breadth of controls under his or her purview, but also uses robotic process automation (RPA) to independently and automatically test each control for effectiveness.
It can, for example, monitor and test AML alerts, KYC on-boarding, internal and external reporting, limit management, reconciliations, stress testing and a whole range of surveillance functions. But it also monitors what people are doing as well – an increasingly important point as the limitations of relying only on machines to perform controls becomes abundantly clear to more and more banks.
“We monitor whether people are completing what they should, with questionnaires, surveys, reminders and alerts,” Faraday says. “We make sure on a daily or weekly basis that control procedures are being completed. The people side is critical in conduct risk and areas that are more qualitative than quantitative. Effectively, we blend human data with systems data to obtain a more complete solution and greater risk coverage.”
The risk management platform combines the necessary tools for effective governance and the monitoring of those tools in one place and one place only, making overall supervision significantly more straightforward and freeing up business managers for the job they’d rather be doing.
It is also highly flexible, capable of interfacing with existing systems without heavy investment in new, compatible technology. Faraday explains: “We can effectively integrate with any enterprise data source or standalone DOS or Excel files, for example, to bring all the data together, merge it, and identify exceptions with great precision using our proprietary scripting and analytics language. For example, ACL will highlight a situation where two systems should be reporting the same information and they’re not.”
This also obviates a great deal of the unnecessary and wasteful duplication of testing that currently occurs in most firms. The tests that are done by the 1LOD are then often done again by the 2LOD, and sometimes even by the 3LOD. It’s like a number of doctors each running their own rounds of blood tests looking for the same thing. A risk and control assessment might require a series of steps, then audit might run a similar if not identical series of tests, followed by an internal control function or compliance doing the same thing. This, says Faraday, leaves the patient rather “anaemic”, adding to rather than curing the problem of organizational burden.
Indeed, a recent research paper by the Boston Consulting Group found that the average bank spends between 40% to 60% of its change budget on regulatory compliance – but squanders a lot of this through inefficiencies. The platform offered by ACL removes the possibility of duplication as the 2LOD and the 3LOD can see what the 1LOD has been doing and potentially therefore don’t have to repeat it. It’s all in the same place.
Not only does the risk and control monitoring platform test the full range of financial and operational risk and compliance controls, it can also monitor IT and information security controls.
“It doesn’t matter what the controls are, whether it is a system or a person, or a group of people completing a procedure, the platform aggregates it into one view,” explains Faraday.
Doing it right
He adds that in addition to the data automation capabilities, best practice is the fabric of ACL – from building the platform to include industry-standard workflows to embedding ready-to-use regulatory updates, frameworks, and standards. “Everything we do is based on expertise and customer feedback. ACL’s methods are tried and tested, backed by more than 30 years of experience.”
Currently, ACL has around 7,000 clients globally, which include about 60% of the Fortune 1000 companies and 72% of firms in the S&P 500.
The platform is used by a variety of business lines, like health care and government organisations for example, and is not simply restricted to those in financial services.