pic-01

NEED EXTRA HELP?

Do you need extra expertise on an ad-hoc basis to assist with unexpected challenges and problems?

pic-03

OPERATIONAL RESILIENCE HEALTH CHECK

When did you last check that your operational resilience processes are fit for purpose?

INSIGHT BLOG

Effective compliance is much more than words

Effective compliance is much more than words: it’s a way of doing business that embraces what legislation has failed to deliver.

 

From Robert J Toogood, Senior Partner – Chaordic Solutions

In an earlier blog posting, we mentioned a paper by Bill Sharon that discusses the apparent confusion between compliance and risk management.  In this paper, Bill looks at the associated implications of such confusion, which quite often results in organisations adopting a more defensive posture in dealing with uncertainty.

Real-life experience confirms this view that in an increasing number of organisations there is a muddled converging of term usage and understanding.  This means confusion often exists as to what is needed to actually achieve compliance.  The importance of clear, effective communication in such circumstances/situations is therefore essential.  This has to extend beyond the frequently quoted “tone from the top” management mantra to very tangible day-to-day actions and consistent, reinforcing commitments by everyone in the organisation.  This by its very nature involves people and organisations, so represents another dangerous facet of risk which must be recognised and addressed.  In this article, we will use a case study to explore this area in a little more detail.

Recent years have been dominated by the global finance crisis and the subsequent economic and other impacts that this has had on the world’s economic systems.  In the UK, there were several significant events that have been associated with these problems including the failure of the Royal Bank of Scotland (RBS), one of the largest banks in the world, during October 2008.   From 7 October 2008, RBS had to seek support from the Bank of England Emergency Liquidity Assistance (ELA) to fund itself; and on 13 October, the government announced that it would provide up to £20bn of new equity to recapitalise RBS ie it became partly nationalised.  Over the coming months, further capital injections were needed and these amounted to over £25.5bn.

RBS’s failure therefore imposed significant costs on British taxpayers and it was partly the failure of this major institution that played an important role within an overall financial crisis which produced a major recession from which we are still trying to recover.  Risk management processes within RBS, the Financial Services Authority (FSA) and elsewhere should have stopped this from happening but did not.  However, when looking at whether risk management has been successful in an organisation, there are many dimensions that must be examined … one of these relates to people and their interaction within the organisation.

Using RBS as a case study to explore this area of people-risk has highlighted the complexity with undertaking such an analysis; it is a powerful example of the importance of effective risk management and the need to ensure that the whole organisation is aligned culturally as well as strategically.  People present a significant and possibly the biggest risk to any endeavour.  This in itself emphasises the importance and value of looking at risk management in an integrated, non-siloed, holistic way to ensure a much more comprehensive and realistic view of the associated risk landscape is available for everyone in the organisation to effectively manage.

Another area of risk that must be included relates to the organisation itself.  Organisational risk can be regarded as being any risk that interferes with achieving the purpose of an organisation, and can be generated from Type (ie organisational sector, size and industrial sector, and their objectives), Components (such as people, assets, information, structure and purpose), and Interactions between these internally (within the organisation) and externally (within the business environment).  There are special challenges/issues that apply to all of these areas so organisational risk is therefore very complex.  It is clear from this discussion that because organisational risk is directly related to the way people behave, it is complex, challenging …. and very exciting!

In conclusion, real life experience shows that effective compliance is much more that words can adequately convey … it is a way of doing business that embraces the true spirit of what much legislation has attempted to address but invariably has failed to deliver.  Directors have an important role to play in compliance – as the Murthy Report stated back in 2003 “Corporate Governance is beyond the realm of law:  it stems from the culture and mindset and cannot be regulated by legislation alone”.

References:

FSA (2011), FSA Board Report – The failure of the Royal Bank of Scotland.  http://www.fsa.gov.uk/pages/Library/Other_publications/Miscellaneous/2011/rbs.shtml

FSA (2010), Effective corporate governance (Significant influence controlled functions and the Walker review)http://www.fsa.gov.uk/pubs/cp/cp10_03.pdf

UK Parliament (2011), Evidence to the Treasury Select Committee by Bill Knight and
Sir David Walker, specialist advisers to the Committee in relation to the report by the Financial Services Authority into the failure of The Royal Bank of Scotland.
http://www.parliament.uk/documents/commons-committees/treasury/RBS%20Evidence%20to%20TSC%20from%20BK%20and%20SDW.pdf

SEBI (2003), Report of the SEBI Committee on Corporate Governance.  http://www.sebi.gov.in/commreport/corpgov.pdf

 

Related Services from Chaordic Solutions:

Compliance Implementation and Maintenance Support
Business Continuity and Pandemic Planning Support
Business Transformation Support
Portfolio Management and Strategy Implementation Support
Change Management Support
Mergers & Acquisitions Support
Programme and Project Management Support

Sep 20 2012

Risk Management

Leave a Reply