DIGITAL mid-life crisis - ARTICLE - Corporater
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
D I G I TA L
mid-life crisis
An article about GRC, AML and Digital Maturity
Owe Lie-Bjelland,
Director - Program Management GPRC, Corporater
ARTICLE
INTRODUCTION collaborate across the AML and CULTURE EATS STRATEGY
I just read an article which states ABC compliance domain?”. FOR BREAKFAST
researchers now have concluded Nobody raised their hands.
In my presentation, “Utilizing
that the mid-life crisis actually My presentation abstract digital tools for effective AML
exists – and it peaks - or reaches governance,” I decided to
rock bottom, at the age of 47,2. Utilizing digital tools for
discuss the root cause of the
According to this research, my effective AML governance
mid-life crisis we’re observing
mid-life crisis will fall on Monday, While paying attention to AML in the governance, risk &
May 25th, this year. However, penalties over the recent years compliance (GRC) domain.
there’s not a single indication in in a global context, we’ve seen I have been a technology
my life that this scenario will a pattern for a high number of professional and devotee for
impact me, besides some grey penalties given due to the lack 20+ years. Keeping in mind the
hair, teenage kids, and a dog. of satisfactory AML program mid-life crisis mentioned above,
A few weeks back (mid-March governance. Given today’s “20+” is a professional way of
2020), I was speaking at the AML rapid changes in geopolitical saying, “I’m getting old.” GRC
& ABC Forum in London hosted risks, regulations, and is also getting old. It was
by Informa. Attending the sanctions, the need to take introduced in 2002 by
different sessions listening to an increasingly integrated OCEG.org – and “Digital” is
the other speakers and panel and coherent approach to getting old; Did you know that
discussions, it struck me that global risk and compliance the first version of Microsoft
everybody is seeking a “holistic” governance is paramount. Word was released in
software platform that could 1983 – 37 years ago?
provide a “one view” for all their This means that the
risk and compliance data. They components of a financial It is a well-known saying that
discussed the vision of how to institution’s AML program, culture eats strategy for
“jointly” collaborate on sanctions, and ABC compliance breakfast. It illustrates how hard
operational risks, compliance must be integrated and it is to introduce new methods
risks, controls, investigations, collaborative to proactively in a set environment. The poor
and reporting. On the question identify and mitigate risk. It people working within the GRC
from one of the panel also means that institutions domain face this challenge every
moderators, “How many of you must take a global view, single day, driven by continuous
have a software in place that understanding how regulatory updates. How can we
allows you to have one view different components change the culture to achieve
for all your risk and compliance of their organization(s) our business objectives within
information and will let you interact with each other. the GRC space? A significant
“Eventually, the
digital culture
will aid in
driving the
inherent
corporate
culture in the
right direction.”
1stake in GRC is “the tone at the available, the jungle of for our customers. This is,
top” that sets the foundation LegalTech and RegTech is hard of course, a very simplified
for cultural change. We are to navigate. Not to mention explanation; however, it serves
trying to improve the risk all the focus on Artificial its purpose to illustrate how
culture, culture of behavior, Intelligence and Machine digital can help us improve
accountability, conduct to Learning – digital evolution can our governance, risk, and
comply with regulations such be scary. To illustrate my point, compliance challenges. It is, all
as Basel, Solvency, IAC, AML, let us simplify how we’re looking in essence, about building and
ABC, and more. I will jump the at digital maturity by splitting maintaining an enabling GRC
conclusion for now and break it into three main phases; information and technology
to you my suggestion, which is Digitization, Digitalization, architecture in your
to improve the organizational and Digital Transformationi. organization.
digital culture. Eventually, the Digital infancy is more common
digital culture will aid in driving DIGITAL MATURITY than we think. Based on this
the inherent corporate culture model, if you, e.g., are doing
in the right direction. Let us start with a success story.
Core banking has gone through your risk assessments and
MAN VS. MACHINE a transformation the recent
decades – a digital
Through 20+ years, I have transformation. What banks
observed hesitance among did with their core banking is
GRC professionals to embrace an excellent example of how
technology. GRC professionals organizations/industries can
are risk-averse by nature, utilize “Digital” to transform “Many of the
which also makes them brilliant their business models and
at what they do. The typical provide customers with an
challenges we
question is, “Is your software improved experience and observe – not
approved by lawyers?”. I added value.
wonder; do lawyers approve only in the GRC
First, the phase of “Digitization”
Microsoft Word? If the
software makes decisions for (level 1 and 2) means to make domain but in
you, then that’s a relevant something digital. In essence, in general, can be
this stage, we focus on the data,
question. And, yes, we have
seen ugly examples of GRC unstructured (e.g., like Word and traced to the
professionals and lawyers PowerPoint) and structured
(e.g., like databases, structured
fact that
being burned in the past by
bad software. Can we expect file/exchange formats (e.g., organizations
XML, JSON) and Excel, if used
GRC professionals to embrace
correctly). In this stage, it is of
are still basing
technology in their risk-based
work? How can technology the essence to apply proper their business-
data governance for the data
companies expect GRC
that should be structured. Next, critical decisions
professionals to be experts on
both GRC and “Digital.” Digital by “Digitalization,” we build on on unstructured
the digitized data and focus on
infancy is probably us
processes and automation. and even
“technical people’s” fault – we
have not been able to speak Ultimately, we have the ungoverned
fundament to achieve “Digital
the language of GRC
Transformation,” where we data.”
professionals, lawyers, and
other disciplines for that sake. focus on improving/changing
There are thousands of the business model and
software components for GRC improving the experience
2treatment in Word or Many organizations are trying to program governance, including
PowerPoint, you are on maturity solve their unstructured data knowledge management, risk
1. If you are using Excel, you related challenges through the management, and data
have started your journey use of AI. AI is an umbrella term governance. We see rapid
towards maturity level 2 and, involving technologies such as changes in geopolitical risks,
depending on your organization, Machine Learning, Natural regulations, and sanctions. We
have probably experienced the Language Processing, and more. discern a general inability to
limitations of using these tools These techniques can solve demonstrate compliance with
in the GRC context. many challenges across both regulators/auditors, and top
unstructured and structured management is seeking the
Many of the challenges we data and are essential appropriate tools to make
observe – not only in the GRC components of Cognitive GRC timely and high-quality
domain but in general, can be (or GRC 5.0)ii. However, AI is decisions.
traced to the fact that not an alternative to Data
organizations are still basing Governance. So, where do we In my role at Corporater’s
their business-critical decisions draw the line between humans Global Program Management
on unstructured and even and computers for decision team for GRC & Performance,
ungoverned data. making? I meet companies around the
globe that want to move into
CONNECTING THE DOTS a holistic/integrated approach
The benefits of structured for their GRC and
data vs. unstructured data
– DIGITAL MATURITY
Performance program
AND AML to achieve a data-driven
“Structured data is
highly-organized and We observe a pattern for a high approach to decision making.
formatted in a way so it’s number of penalties given due Particularly at this AML & ABC
easily searchable in, e.g., to the lack of satisfactory AML Forum, we were focusing on
relational databases.
Unstructured data has
5
no pre-defined format or DI GI TAL T RANSF ORM ATIO N
organization, making it - CHANGE OF BUSINESS MODEL/
much more difficult to CUSTOMER FOCUS
collect, process, and
analyze”.
DIGITALIZATION
- AUTOMATION FOCUS 4
DIGITIZATION
- STRUCTURED DATA 2 3 DI GI TAL I Z AT I ON
- PROCESS FOCUS
1 DI GI T I Z AT I ON
- UNSTRUCTURED DATA
3AML Program Management Digital
Maturity
AML Governance 1
Risk Context & Citeria, ERM alignment, Policies, Processes, multi-jurisdictional compliance framework
AML Knowledge Management 1
Policy Enforcement, Procedures, Processes, Training, External conext, Monitoring Framework
AML Risk Assessments 1
Risk Identification, Risk Assessment, Risk Treatment, Risk Reporting, Risk Control Self Assessment
3 lines of defense
AML DQIM & Analytics 2 AML
Customer Risk data, KYC, PEP/External Data, Data validation, Technology review, Data trends, DD, EDD
Program
AML Assurance & Monitoring 2
Control Environment, Control Inventory, Effectiveness, Internal Audit, Quality Assurance
AML Alert Management 3
SAI, SAR Decision Process, Escalation, Metrics, Seperation of Duties, Document Retention
AML Program Reporting 3
SAR Filing, Board Reporting, Line of Business Reporting, Subpoena
AML Transaction Monitoring
Transaction Detection, Machine Learning, Validation, Patern Detection 4
how to holistically govern, doing this include, e.g., reduced level 4, digitalization has
manage, and assure an fines, higher efficiency, an “automating” and even
organization’s AML program. effectiveness, reduced risk of a “cognitive” function that,
During my presentation, reputational loss, and reduced governed and applied correctly,
I focused on the different personal liability for managers can have beneficial business
elements of an AML program in charge. outcomes with regards to
to illustrate the digital efficiency, effectiveness,
maturity for each element. DECISION cost, data availability, and data
integrity. However, leaving the
ENVIRONMENT, wrong decisions to the
The illustration above shows
that the majority of the elements
MAN VS. MACHINE machines would be “crazy.”
of a holistic AML program are in At digital level 3, digitalization
its digital infancy and can be has an “enabling” role for
matured digitally to level 3 or humans to make timely and
level 4. The business benefits of right decisions. In digital
4Sound Decisions Crazy
AML Governance
AML Knowledge Management
Strategic
AML Risk Assessments
AML DQIM & Anal
Operational
AML Assurance & Monitoring
AML Alert Management
Transactional AML Program Reporting
AML Transaction Monitoring
Inefficient & Ineffective Efficient & Effective
Digital level 3 Digital level 4
Process Automation
THE CDO TO THE RESCUE CONCLUSION
With the introduction of the CDO role While I do not see any indications for my upcoming
(Chief Data/Digital Officer), many personal mid-life crisis, I do see clear evidence of a
organizations have established initiatives GRC mid-life crisis in many organizations around the
to establish an enterprise-wide data and world. We live in a “Digitized” siloed GRC and
information strategy, governance, control, Performance (GPRC) information Chaos where
policy development, and effective the indications of a mid-life crisis are many; lack of
exploitation of data assets. The CDO often oversight, lack of collaboration, lack of awareness,
sees the value of “integrated” and “holistic” and highly inefficient programs.
GRC and Performance-related data, and
they possess the ability to bring the C-level By moving to “Digitalization” and applying information
together to bridge the organizational silos, governance to your GRC data, you can achieve a more
bridging the information gap between efficient and effective, holistic GRC program across
strategy and operations, and enable a the enterprise, breaking down silos – vertically and
modern decision-making environment. horizontally. In practice this will look like, e.g., a shared
There is a clear trend that the CDO is risk register, consolidation, and aggregation of risks
equipping its GRC professionals with across the enterprise, collaborating on shared controls,
proper software tools for integrated learning from each other’s risks, shared and aggregated
and holistic GPRCiii, and at the same KPIs, KRIs, and additional metrics, integrated audit,
time, providing its C-level with incidents, automation of reports, the correlation
high-quality decision-making between performance and risk, and much more.
information.
References:
[i] https://www.forbes.com/sites/jasonbloomberg/2018/04/29/digitization-digitalization-and-digital-transformation -
confuse-them-at-your-peril/#e52a6da2f2c7
[ii] https://grc2020.com/2019/10/29/from-grc-1-0-to-grc-5-0-a-history-of-technology-for-grc/
[iii] GPRC is the GRC 4.0 platform provided by Corporater that enables integrated, holistic GRC and Performance.
5Author
Owe Lie-Bjelland is a certified senior risk manager, a technology enthusiast,
and an information security professional. He has more than 18 years of
international GRC experience in business management, software innovation,
cyber & information security, legal & financial compliance, and data &
information governance from working as a management advisor and
consultant for several fortune 500 companies across different industries
in Europe, USA and Latin America.
NORWAY BRAZIL UNITED STATES
Headquarters Corporater Inc. Corporater, Inc.
Corporater AS Rua Vicente Ferreira, 57 – C15 3001 Knox St Suite 285
Hillevågsveien 24 Jaguaré – São Paulo – SP Box #29
4016 Stavanger CEP.: 05330-050 Dallas, Texas 75205
Norway Brazil USA
+47 481 54 000 +55 11 983553690 +1 800 670 8942
GERMANY INDIA
Corporater GmbH Corporater Asia Technologies
Berliner Allee 47 Purva primus No. 236
64295 Darmstadt 5th. Floor Left Wing, OMR
Germany Thoraipakkam,
+49 6151 277 6060 Chennai, India
+91 44 6653 1033
Corporater empowers medium and large organizations
to manage Governance, Performance, Risk, and
ROMANIA SOUTH AFRICA
Compliance by providing them with a business
Corporater Perf Mgmt SRL Corporater (Pty) Ltd management platform that is highly configurable
Riverside Tower - 11th Floor Autoparks House, Ground Floor and adaptable to their unique business model.
Splaiul independentei 291-293 Cnr Cross Road and Park Crescent
060042 Bucharest Glenhazel, 2193 Corporater AML solution is a digital tool that
Romania Gauteng 2193 empowers organizations to facilitate, manage, and
demonstrate compliance for their AML/CTF Program.
+40 752 027 780 South Africa
+27 846 454 718
Contact us for demo at
www.corporater.com/requestdemo
info@corporater.com
UNITED ARAB EMIRATES UNITED KINGDOM
Corporater (Branch) Corporater UK Ltd.
Office 1901, Indigo Icon 6 Bevis Marks Corporater AS. All rights reserved.
Cluster F.Jumeirah Lakes Towers London
P. O. Box: 309083 EC3A 7BA
Dubai, UAE United Kingdom
+971 425 0298 +44 741 913 9071You can also read
