Compliance from the cloud: improving risk management with technology

Adam Woozeer

Risk management can be a powerful growth driver for a company. In fact, research by Accenture found that risk management ‘is already making a significant contribution to facilitate long-term profitable growth’ in 44 percent of North American banks. And ‘more than seven in ten North American banks believe risk is making a contribution to product development and innovation to some extent.’

But risk management practices in many companies are still not up to scratch. Many risk managers don’t have the capabilities to deal with evolving exposures and regulatory requirements, such as the Dodd-Frank Wall Street Reform and Consumer Protection Act which, though introduced several years ago, is still being finalized in fine print.

The 9th edition of the Global Risk Management Survey released by Deloitte found that the biggest pain points for businesses and risk management includes:

  • Lack of flexibility. Developing the flexibility needed to respond quickly to evolving exposure and regulatory requirements is a key area of focus for many businesses.
  • Conduct risk. Improving conduct risk and risk culture is a priority for most company boards, but more work needs to be done.
  • Approximately 48 percent of respondents were very concerned about the ability of their technology stems to respond flexibility to ongoing regulatory change.

Keeping up with the changing regulatory environment is difficult, evidently. But the new generation of cloud technology and unified communications makes risk management a more effective, growth-driven function than a reactive and expensive one.

Cloud technology: what’s the big deal?

Cloud technology and unified communications platforms can make every risk managers life easier. But how? Why?

  • It’s Cloud platforms can run seamlessly across your business, your areas of operation and your IT systems. They’re single platforms that you can deploy quickly and use to control, capture and analyze data sets as you need them.
  • It’s Cloud technologies are held to very high standards of security, and Continuous Business Process design approach ensures services scale automatically across servers and data centers. Most platforms, like Smarsh, are certified to ISO27001 and operate to exceed PCI DSS requirements.
  • It’s global. Unlike traditional on-premises systems, cloud technologies aren’t bound by geography. They work across regions, allowing you to view and control your data to ensure compliance with local, national and international regulation.

The technology is impressive, yes. But the real brilliance of cloud technology is in its ability to simplify and improve business functions, like risk management.

No capex, smarter resource allocation

The capex vs. opex debate has been raging on for years, and with good reason: the economics of cloud technology and IT spending are complicated, to say the least.

But what most IT managers and CFOs don’t realize is that one of the major benefits of cloud technology is not just that it requires little to no upfront capital expenditure. Rather, cloud technology’s biggest advantage is that it enables businesses to invest in services, projects and assets that actually drive growth.

“Don’t get caught up in OpEx vs CapEx. The shift to the cloud is actually the buyer shifting the responsibility for actual results to the provider. It’s a combination of pay-as-you-go, the reduction or elimination of capital equipment, and shorter-term commitments.”

Traditionally, IT departments would have to estimate the business’s technology needs for the upcoming year and budget for the software and hardware required. This translated into hard costs and a protracted budgeting process, and the business would be tied to whatever static technology they purchase – regardless of whether business needs change or the technology advances.

The world with cloud technology is different. Cloud technology is not static. It deploys in less time, and the costs of hosting and maintaining the technology is absorbed by specialist service providers, to whom you pay a subscription fee. This means no capex, and more freedom to spend budgets on technology and projects that meet evolving business needs and regulatory requirements.

What does this mean for risk managers? It means that:

  • Your businesses can afford to have the latest, most secure technology on the market without having to estimate (and approve) budget for huge investments in hardware or software.
  • Resources can be used in a more efficient and strategic manner, giving priority to projects that improve compliance and reduce operational or systemic risk.
  • You can move faster, deploy new technology on a trial basis and scale up or down as the needs of the business evolve without the risk of expensive over-provisioning or lengthy procurement processes.

More capability to do things the right way

In addition to facilitating better resource allocation, the insights, cost savings and process efficiencies that can be achieved with cloud technology means risk managers can spend more time focused on embedding compliance within business processes – not just achieving compliance.

Keeping up with the sheer pace and scope of regulatory change, particularly in the financial services industry, is difficult for many businesses who rely on reactive risk management processes and technologies. But cloud technology and unified communications platforms like Smarsh make it easier for risk managers to:

  • Simplify data capture, analysis and reporting processes
  • Automate some functions – like notifications of events that trigger automatic risk responses
  • Model a more diverse set of risk scenarios
  • Improve coordination and effectiveness of compliance activities across the business
  • Develop holistic view of global operations by capturing and analyzing data on one platform across various locations
  • Implement location-specific policy controls to maintain global oversight of operations and compliance
  • View and define access parameters, data retention settings, data storage locations and more.

These capabilities mean risk managers can spend less time wrangling with numerous software programs and manually compiling reports, and more time on activities that actually embed compliance culturewithin an organization. It makes risk management more efficient, more strategic and less reactive.

Get actionable insights and analytics, not data

Having the ability to capture and save every piece of data that flows in and out of your organization is great, but it’s useless if you don’t have the tools or capabilities to analyze that data.

Technology and data are only as valuable as the actionable insights they’re able to generate. This is where cloud technology comes in: with cloud technology, it’s easier to collect and analyze data that supports the business decisions you have to make by producing actionable insights.

Christer Johnson, Advanced Analytics Leader of Enterprise Intelligence, EY, explains:

“To use an explorer analogy, there is a reason why explorers who set out with a clear goal or destination in mind tended to be the ones we remember in history. Columbus didn’t set out to ‘get value out of the ocean.’ He sought an ocean route to China and ran ashore in the Americas on the way, ultimately gaining the insight that there was a large land mass between Europe and China to the west.”

Cloud technologies like Smarsh give you a holistic view of risk, not just ‘more structured data.’ You can:

  • Set goals and benchmark compliance efforts
  • Facilitate communication between different business functions, improving collaboration and compliance efforts
  • Get a holistic view of complex supply chains and logistics across global operations
  • Expose risks that may exist within your company, or the markets and geographies in which you operate
  • Get insight into the risks that are inherent to your organization and operations, something you may not have with traditional technologies that focus on external risk factors.

All of this information helps to make decisions about how to continually meet regulatory and compliance requirements – and how to make these processes part of ‘business as usual’ activity.

But why invest in the cloud for risk management?

It’s simple: what’s good for risk management is good for business. Research by EY found that financial performance is highly correlated with the level of integration and coordination across risk, control and compliance efforts.

The best companies embed risk management into business planning, performance management and everyday operations. Clearly, the impact of risk management goes beyond pure compliance – especially with the right technology.

Trusted by top organisations for electronic communications capture and archiving with innovative industry solutions for compliance, e-discovery and risk management.