Risk and compliance professionals are tired of being glorified admins – here’s how to set them free 

Gayle Woodbury, Jay Fogelson
11/30/2020
Make progress

Too many risk and compliance teams get forced to spend their time running around doing administrative work because of inefficiencies in the risk management program. The team is stuck using clunky spreadsheets, chasing down information from the business, manually creating reports – the list goes on.

The best indicator of a more mature, integrated approach to risk management is that risk and compliance professionals spend less time managing the process and instead spend their time doing what they’re supposed to do: advising the business and managing risks.

So, how do we get there?

Throwing more people and technology at your problems won’t solve them.

One of the biggest mistakes I see banks and credit unions making is to try and overcome the common obstacles by hiring more people or buying additional technology without asking why. Simply adding more people or tools won’t fix an underlying problem. You end up moving the burden from one group to another or from one tool to another without really addressing what’s broken, which is often the process itself.

One of the biggest mistakes I see banks and credit unions making is to try and overcome the common obstacles by hiring more people or buying additional technology without asking why. Simply adding more people or tools won’t fix an underlying problem.

This statement is especially true if your bank or credit union has purchased one-size-fits-all technology that was never designed for our industry. As bankers, we know we’re special – we have regulatory guidance that tells us so! We need to do things differently than other industries. So, when you select a tool that doesn’t align with our industry’s regulatory guidance, you immediately put yourself at a disadvantage. You’ll either need to bend your process to fit the tool (which your regulators may not like) or spend additional money and time bending the tool to fit your process.

Technology is only as good as the content you put in it.

I like to think of a technology platform as a new house: It starts out empty, and without anything inside, it’s not ready for you to live in (unless you like sleeping on the floor). You won’t start to feel at home until you figure out how to furnish the house and make it livable.

You have decisions to make as you fill the house, too. If you take shortcuts – first buy a futon, then upgrade to a cheap couch, then finally upgrade to a nice leather sofa – you end up spending much more than if you had just bought furniture that’s built to last.

So, how do you avoid spending more than you need to? The best way is to prepare. Before you invest in new risk and compliance technology, ask yourself the following about the state of your content:

  • Do we have a consistent way to look at the business across our risk and compliance programs?
  • Do we know all the applicable laws, regulations, rules, and standards?
  • Do we have a library of relevant risks and expected controls, and have we documented our control activities?
  • Do we know how we want to categorize, assess, rate, and report on risk and compliance? 

Making progress toward integrated risk management involves breaking down silo walls.

I’ve worked with risk leaders at banks and credit unions of all sizes, advising them on how to mature their risk management programs. I help them figure out:

  • Where to invest
  • How to best leverage technology
  • How to redesign risk and compliance programs to be practical yet defensible against regulatory expectations

The key to overcoming the common obstacles we mentioned earlier is for risk and compliance to stop operating in independent silos that each have their own tools, workflows, documentation, data gathering, and reporting. This siloed landscape creates overlap and duplicated efforts. Uniting the silos will require investment, but that investment will result in efficiency and effectiveness gains that will provide the greatest chance at turning risk data into actionable insight for the business. 

The key to defending your “profit-shrinking” budget requests: Use them wisely.

I know from my previous life running a risk department at a large bank that defending budget requests is tough. Your requests get evaluated against requests from the revenue-producing lines of business, and next to theirs, yours look like profit-shrinking requests.

Not only that, but if you do your job well, it becomes easier for others to think risk and compliance spend isn’t worth it. Meanwhile, the health and viability of the business literally depends on you. If risk and compliance is lacking and there are significant issues, the bank or credit union could be forced to shrink or get shut down completely.

Spend smarter and invest in technology that can both meet your needs today and scale with you as you grow. If you can get the right platform with the right content in place now, you’ll see the benefits in a matter of months.

The key to getting traction with your budget requests is to make them count. Spend smarter and invest in technology that can both meet your needs today and scale with you as you grow. If you can get the right platform with the right content in place now, you’ll see the benefits in a matter of months. You can free up resources, break down silo walls, and automate administrative work so you can get back to your real job. That’s the formula for winning risk and compliance in today’s landscape. 

Let's talk

I’m happy to connect one-on-one to learn about your specific needs and talk about how to mature risk and compliance.
Gayle Woodbury
Gayle Woodbury
Principal, Financial Services Consulting
people
Jay Fogelson