back to the main page
Overcoming Uncertainty in Governance, Risk, and Compliance
Stephen M. Epstein
Vice President, Head of Product Management
Mantas (an i-flex business)
Regardless of whether you recognize corporate names such as Parmalat, Enron, or WorldCom or regulations such as Sarbanes-Oxley (SOX), the Patriot Act, or the Markets in Financial Instruments Directive (MiFID), you will notice one common theme—who’s in control, where the accountability lies, who you trust, and what the true state of your business is.
These are all hard questions. Unfortunately, they often can’t be answered with the level of certainty that the average CEO, CFO, CCO, or CRO would like.
The Challenge of Enterprisewide Oversight
That reason is simple. Over the past several decades, financial institutions have invested in systems, processes, and people that are largely focused on specific areas of their business. Accurate oversight, supervision, and reporting on a corporate level became difficult to achieve, and process and data difficult to uncover and leverage, because of this business-by-business focus.
SOX pushed for the consolidation of reporting and audit at a corporate level, but had an impact only in areas of financial reporting, with minimal success in breaking down the data and process obstacles between operating units.
Much More Than Governance, Risk, and Compliance Alone
To further complicate the landscape, many industry analysts, and, therefore, software vendors, have interpreted the governance, risk, and compliance (GRC) section of SOX, especially Sections 403 and 404 of this regulation, as the cornerstone of their GRC solutions. But within the financial services industry (FSI), GRC means far more, with areas such as risk management and compliance playing a far-larger role.
Here are some examples of these FSI GRC requirements:
- Operational risk
- Risk control self-assessment
- Loss database
- Economic capital (allocation)
- Compliance
- Antimoney laundering
- Broker and trader compliance
- Know Your Customer (KYC)
- Client risk and suitability
- Regulations (for example, Patriot Act, Bank Secrecy Act, Third Money Laundering Directive, Regulation National Market System, MiFID, Rule 92, Regulation SHO)
Additionally, GRC for FSI solutions needs to comply with all the demands of the Patriot Act, especially Sections 312, 314, and 326, which focus on KYC, antimoney laundering surveillance, and reporting to the federal authorities (suspicious activity reports).
Add to this risk, requirements around operational risk management, capital adequacy and allocation, risk control self-assessment, loss databases, key risk indicators, and fraud mitigation, and it starts to become clear how complex and challenging GRC for FSI truly is.
The Oracle GRC Framework for the Financial Services Industry: The Only Industry-Ready GRC Solution
Based on solutions from Reveleus and Mantas that provide for the reuse of process and data throughout the GRC offering, Oracle’s GRC framework for the FSI is the industry’s only GRC solution that is ready now to meet the complex and demanding needs of the financial services industry—with all the benefits of an integrated, open, and reusable system.
FSI firms can now see their risk across all businesses; automate how they access risk around their policies and procedures; and monitor customers, processes, transactions, trades, and payments. This enables them to ensure that they are compliant with all local and global regulations, while mitigating and reporting on risk across the entire corporate hierarchy of businesses.
Find out more about Oracle’s GRC solution for the financial services industry.
|
