Five Challenges Facing Governance, Risk, Compliance
Media and management consultants have been suggesting new approaches for Governance, Risk and Compliance (GRC) programs for a few years now. And yet from 2015 to 2016 litigation costs related to regulation came to $70 billion. With financial institutions continuing to pay hefty fines for non-compliance, some are left to wonder whether the current approaches simply don’t work. And interestingly, those hit by the regulators seem to be traditional, long-established institutions and not the new fintech entrants.
We decided to demystify this problem and look at what the heavyweights of the financial industry are grappling with and why disruptive players are in a better position.
Five Different Areas That Are Creating Friction
- Organizational: The complex business processes supporting financial operations are often linked to complex IT systems that are still manual and paper-driven. Banks have several disparate activities – each requiring its specific set of technology – creating a myriad of glued (but not integrated) silos. Many traditional banks are still operating their core banking systems on mainframes, CRM, HR, on multi-software vendor solutions. As IT organizations are slow to implement modernization plans, business sponsors have leveraged Cloud-based services to better target their customers in an attempt to drive value in a competing environment. These shadow applications are getting out of IT control. Organization silos have been existing for years and in some of the largest financial institutions, there is simply no interdepartmental view.
- Psychological: Most decision makers look at regulation as extra constraints to their operations. European banks specifically tend to see new regulations as competitive disadvantages compared to organizations operating worldwide. Is it possible that there could be a business advantage? A change in perspective may help.
- Financial: The third critical element is the cost implication. Compliance alone represents a huge and rising cost to an organization. According to a recent Thomson Reuters survey, in 2015 -2016 compliance spend would increase by 60% in North America and 75% in Europe. These numbers look even bigger if you add up the cost of risk management solutions and data governance platforms.
- Technical: Your fintech competitors are running faster than you because they have built a flexible framework. They are not burdened by mainframes that can only have six characters, and they aren’t big enough to worry about silos of information. Having a flexible framework that can nurture a business can serve you well with the regulators. Just as business opportunity changes, regulations change over time. It is important to establish a flexible technical framework that can handle an evolving regulatory landscape across multiple jurisdictions. For instance, N26.com is a new modern retail bank which has just gained full accreditation from the CEB for both payment and credit. So a group of thirty people has been able to get a full operating bank with European ambitions in less than three years of existence. Regulators are also investing in new technology and talent in order to understand this new tech deal ecosystem and to adapt to regulations as well as their requirements in terms of reporting. No one can guarantee that at some point in time being compliant will mean to integrate a Regulator API directly into the IT organization of the bank.
- Political: Finally, political and public pressure on Regulators are certainly other factors. A new political regime may mean some regulations will be withdrawn from the market and new ones can be introduced.
To succeed with their GRC projects, traditional banks should not see governance, risk, and compliance as three disparate disciplines. If they do, they will continue to create more data and organizational silos which in turn are more complex to change over time — an inevitable scenario if you depend on only relational technology.
These organizations have to reorganize themselves with adaptability in mind from both the human organization and processes point of views as well as the crucial Information Technology perspective.
We are not advocating a complete revamp of your GRC infrastructure – we believe there is another solution. And it can comfort those who are struggling to change and challenge the status quo.
A multi-model technology can integrate your data silos and is flexible enough to adapt to an evolving regulatory landscape. Most database management systems are organized around a single data model that determines how data can be organized, stored, and manipulated. In contrast, a multi-model database is designed to support multiple data models against a single, integrated backend. Document, graph, relational, and key-value models are examples of data models that may be supported by a multi-model database. True multi-model is a single API that allows query of all the data in their native query language regardless of data model.
MarkLogic can certainly do that.
Our system’s consolidation capacities absorb yesterday’s legacy and switch to modern, agile and lighter infrastructure with a shorter time to value.
The time aspect has been the usual kickstarter for a majority of our customers. When other technologies do not bring a pragmatic solution and time has gone away, MarkLogic is selected as an emergency last chance. Deployments are successful, not without stress – but deadlines are met.
With new deployment patterns such as Operational Data Hub and trade store, a majority of our customers in the financial sector are looking serenely at the new GRC challenges. How about you?