Most of us are familiar with the term ‘compliance and risk managers’ however we may not fully understand the role they play in the day to day operation of a business.
The role of compliance and risk managers is to support business development and growth while insuring that the organisation is adhering to relevant laws, regulations, globally recognised best practices and standards, and finally the boards’ directives.
Compliance and risk managers should propose to the board the organisation’s risk appetite. Once agreed, this forms the policies, programs and processes that the business follows and takes into consideration the organisation strategy, business risks, line of communications, pertinent regulations, etc.
One of the main challenges of compliance and risk managers is to properly manage the implementation of different updated regulations, and understand their impact on the different line of business within the organisation. The challenge here is the adequate implementation of these regulations, while thriving to minimise their negative impact on the business. Strategy cannot be achieved unless all its inherent risks are identified, assessed, and controlled.
Therefore, the role of compliance and risk managers is to ensure that there is an alignment between the strategies and policies, programs and processes. Moreover, there should be an alignment between risk metrics and performance evaluation.
A message should be communicated to business people that taking not so well-controlled risks could affect their performance evaluation.
The organisation’s profitability is impacted by both the business development and inherent risks. Matters such as products pricing, new products, better utilisation of resources, etc. should be discussed with business along with risk and compliance.
Emerging technology is imposing additional challenges on both compliance and risk managers. The digitisation of an organisation’s different products and services could increase the possibility of data being compromised; hence, the organisation should assess the resilience of its systems against any cyber-attacks. This task should involve both the compliance and risk team, in addition to IT. Compliance has a role in fighting cybercrimes by creating databases that include “bad actors” and ensuring that these databases are kept up to date. Moreover, compliance should assess certain tools and websites in the “dark web” that could trigger cyber-attacks in the future.
In summary, compliance and risk professionals are challenged to protect the organisation’s data integrity against bad players, by identifying them and preventing their destructive actions. Finally, compliance and risk managers should effectively manage the relationship with their regulators.
This article is powered by Hassan Nasser, DMCC Compliance Advisor and Managing Director of Global Compliance DMCC.