This is Part II of a two-part blog series. To read Part I, click here.
Connecting the dots – digital maturity and AML
We observe a pattern for a high number of penalties given due to the lack of satisfactory AML program governance, including knowledge management, risk management, and data governance. We see rapid changes in geopolitical risks, regulations, and sanctions. We discern a general inability to demonstrate compliance with regulators/auditors, and top management is seeking the appropriate tools to make timely and high-quality decisions.
In my role at Corporater’s Global Program Management team for GRC & Performance, I meet companies around the globe that want to move into a holistic/integrated approach for their GRC and Performance program to achieve a data-driven approach to decision making. Particularly at this AML & ABC Forum, we were focusing on how to holistically govern, manage, and assure an organization’s AML program. During my presentation, I focused on the different elements of an AML program to illustrate the digital maturity for each element.
The illustration above shows that the majority of the elements of a holistic AML program are in its digital infancy and can be matured digitally to level 3 or level 4. The business benefits of doing this include, e.g., reduced fines, higher efficiency, effectiveness, reduced risk of reputational loss, and reduced personal liability for managers in charge.
Decision environment, man vs. machine
At digital level 3, digitalization has an “enabling” role for humans to make timely and right decisions. In digital level 4, digitalization has an “automating” and even a “cognitive” function that, governed and applied correctly, can have beneficial business outcomes with regards to efficiency, effectiveness, cost, data availability, and data integrity. However, leaving the wrong decisions to the machines would be “crazy.”
The CDO to the rescue
With the introduction of the CDO role (Chief Data/Digital Officer), many organizations have established initiatives to establish an enterprise-wide data and information strategy, governance, control, policy development, and effective exploitation of data assets. The CDO often sees the value of “integrated” and “holistic” GRC and Performance-related data, and they possess the ability to bring the C-level together to bridge the organizational silos, bridging the information gap between strategy and operations, and enable a modern decision-making environment. There is a clear trend that the CDO is equipping its GRC professionals with proper software tools for integrated and holistic GPRC(iii), and at the same time, providing its C-level with high-quality decision-making information.
“By moving to ‘Digitalization’ and applying information governance to your GRC data, you can achieve a more efficient and effective, holistic GRC program across the enterprise, breaking down silos.”
While I do not see any indications for my upcoming personal mid-life crisis, I do see clear evidence of a GRC mid-life crisis in many organizations around the world. We live in a “Digitized” siloed GRC and Performance (GPRC) information Chaos where the indications of a mid-life crisis are many; lack of oversight, lack of collaboration, lack of awareness, and highly inefficient programs.
By moving to “Digitalization” and applying information governance to your GRC data, you can achieve a more efficient and effective, holistic GRC program across the enterprise, breaking down silos – vertically and horizontally. In practice this will look like, e.g., a shared risk register, consolidation, and aggregation of risks across the enterprise, collaborating on shared controls, learning from each other’s risks, shared and aggregated KPIs, KRIs, and additional metrics, integrated audit, incidents, automation of reports, the correlation between performance and risk, and much more.
The same principles discussed above apply to many areas within the GRC space, such as:
- Enterprise Risk Management
- Information, Data Privacy & Cyber Security Program
- Business Continuity Management / Resilience
- Financial Crime – AML & ABC Program
- Operational Risk and BASEL / Solvency compliance
- Individual Accountability & Conduct
- Environmental Sustainability Management (ESG)
Contact us for more information.