Kevin Malicki keeps financial institutions up-to-date on Governance, Risk, and Compliance (GRC) as Director of Product Management at Harland Clarke.
We all like the idea of collaboration in the workplace, but what’s so great about collaboration anyway? What does collaboration really do for your organization?
Lots of business gurus have addressed this topic, and the bottom line is that collaboration requires sharing information and then acting on it collectively.
This sharing and acting as a team fosters creative thinking and accountability, and often results in more effective problem solving.
In the case of financial institutions, collaboration can result in a much more orderly and disciplined approach to governance, risk and compliance.
For example, when your risk, legal and compliance teams all have access and visibility into the same, updated picture of your risk and compliance activities, everyone knows exactly what’s going on. They can then act together to solve problems.
A GRC technology solution takes this one step further by forcing collaboration: the three teams can see reminders, reviewers and approvers.
- They can see documents, policies and reports.
- They know exactly where things stand on all fronts, and who’s doing what.
- They are free to think strategically about big issues the financial institution is facing because the technology holds everyone accountable for addressing governance, risk and compliance concerns.
We’ve all heard of the situations that have made recent headlines – they’re great illustrations of why this type of collaboration is necessary. Imagine the OCC finds issues with your bank’s compliance process and in that moment, you can easily identify the policies and procedures that need to be fixed, but without communication and collaboration, no one makes the corrections. Then everyone forgets. Fast forward a few years and failure to correct the issues means millions of dollars in fines because the updates fell through the cracks.
A GRC solution, specifically an incident management module, would have prioritized and assigned workflows, managed authorizations, and tracked evidence that the problem was addressed. If a regulator came in to check, all of the documentation would have been there, ready for inspection.
A GRC solution greatly reduces the likelihood for something like this to slip through the cracks.
So, no matter how big you are, or how confident you are about addressing risk, you still need a solution that compels collaboration and accountability.
>>Ready to improve your institutions’ risk and compliance efforts? Click here to get the 40 question checklist, “Questions Institutions Should Ask When Assessing Data Breach Risk.