You are currently browsing the category archive for the ‘Governance Risk & Compliance (GRC)’ category.

The topic of corporate governance received renewed attention recently after the publication of an open letter signed by 13 prominent business leaders, including Warren Buffett of Berkshire Hathaway and Jamie Dimon of JPMorgan Chase. The first principle the group advocated in the letter is the need for a truly independent board of directors. To achieve that aim, the letter suggests having the board meet regularly without the CEO and that the members of the board should have “active and direct engagement with executives below the CEO level.” From my perspective, translating this idea into reality would be helped by a change in the dynamics of most board meetings. I would eliminate the standard presentation of results and begin the meeting with questions and observations from the board members directed to company executives related to its financial and operating results and any other matters on the agenda. This could take place with or without the CEO.

In the best of cases, a company provides board members with information about the topics to be discussed at the meeting, along with supporting data, charts and narratives. Board members are expected to have familiarized themselves with this information ahead of the meeting. But in almost all cases, in order to be sure that everyone is on the same page, there is a presentation of this information by those in charge of preparing the data and analyses. Eliminating the standard presentations would change the tone and dynamics of the board meeting, leading to more active engagement.

There may be a number of companies that dispense with the routine recital of results at board meetings, but I first heard about it from Godfrey Sullivan, chairman of Splunk, a software vendor that provides operational intelligence through analysis of machine data. He described his company’s approach to board meetings at the Adaptive Insights CFO Symposium last spring, which was part of the company’s Adaptive Live user group conference. The management discussion and analysis as well as the accompanying data are sent to Splunk’s board members far enough in advance of the meeting to ensure that they have time to study it. Members are expected to have reviewed the information and formulated their questions and thoughts ahead of time. Those in charge of preparing the analysis are present at the board meeting to answer questions, not to present the data and analysis.

The reason for structuring the process this way, Sullivan said, is that eliminating the traditional briefing saved time at the meeting that could be better spent discussing issues and opportunities as well as ways to address them. I suggest that this sort of active engagement encourages greater participation and orients review and planning more toward action. Eliminating the standard presentation portion of a board meeting is hardly a panacea. However, implementing a format that requires board members to be prepared for the meeting does set a better tone at the top that is necessary to support or develop a more actively engaged board of directors.

Technology also can play a role in such process change, even if it is not immediately obvious. Of course, using their current resources any company can provide board books (documents prepared for the board of directors that present data in graphical and tabular formats as well as the related narratives) to directors far enough in advance to eliminate the need for a performance review at the board meeting. It’s also fair to say that for some companies changing how the board operates is likely to be a far more daunting task than any addressing any technology issues. On those boards, members comfortable with the routine and those who believe they are too busy to devote enough time to corporate matters ahead of the meeting will need to be convinced or replaced.

But technology can facilitate a fundamental shifte in how directors engage if it makes the necessary information available sooner and in a more easily digestible format. For example, reporting packages that automate the creation of board books can shorten the preparation time, enabling companies to get this information to the board members sooner for review. Having these books available on mobile devices (tablets or smartphones) would also streamline access to the information. Reports that enable data exploration – drilling down and around to see the numbers behind the numbers – provides readers with deeper understanding of the business.

Accelerating the accounting close also would also be helpful in getting information to the board sooner. More than half (60%) of companies in our Office of Finance benchmark research reported that it takes them more than six business days to close their books; 26 percent take 11 or more days. Almost all companies that want to accelerate their close said the main reason for doing it is to have more time for analysis of the numbers before having to prepare reports and to make financial and managerial data available. Technology can play an important role in speeding the completion of the close. Our Fast, Clean Close vr_fcc_automation_speeds_the_closeresearch shows a correlation between the degree to which companies automate their close processes – especially handling minutiae such as reconciliations – and how soon they can close their books.

All organizations can benefit from a knowledgeable and engaged board of directors. Almost every company has the capacity to provide its directors with sufficient information before a board meeting, and it’s not unreasonable to expect all directors to come prepared to discuss the agenda so there is no need to present that same information. Chairmen and CEOs ought to consider taking this approach. They should also examine whether they can improve the effectiveness of their communications to board members by making it easier for them to consume the information they provide them and – if the company takes more than a business week to close its books – to accelerate their close. The role of the board of directors is too important to be undermined by sluggish business processes.

Regards,

Robert Kugel

Senior Vice President Research

Follow Me on Twitter @rdkugelVR and

Connect with me on LinkedIn.

Today’s proponents of artificial intelligence (AI) tend to focus on its spectacular uses such as self-driving cars and uplifting ones such as medical treatment. AI also has the potential to aid humanity in more modest ways such as eliminating the need for individuals to do tedious repetitive work in white-collar areas. Along these lines, at its recent Vision users conference, IBM displayed an application of its Watson cognitive computing technology designed to automate important aspects of regulatory and legal compliance. Should it prove workable, the application of cognitive computing to compliance could be the first step in achieving what various “Paperwork Reduction Act” legislation has failed to do: substantially cutting the time needed to comply with rules imposed by government entities.

Regulatory compliance requires plenty of effort, especially in heavily regulated industries and especially during periods of rapid change in rules. Regulatory burdens on business in the United States have been increasing and growing more complex. For example, the number of pages added to the U.S. Federal Register, a rough measure of rule-making, grew 38 percent, from 529,223 pages in the 1980s to 730,176 in the 2000s, and that growth is on pace to reach 800,000 for the decade ending in 2019. Not all of these additions apply to a specific company’s business, and not all changes are relevant. But poring through pages of laws, rules and judicial rulings to identify relevant new requirements or changes to existing ones requires expertise and often considerable effort. Determining how to address regulatory changes and ensuring that these requirements are being met also entails knowledge and experience and consumes time. While necessary virtually none of all this work adds to the bottom line (except to the extent that it avoids fines or penalties) or improves a company’s competitiveness.

vr_grc_reasons_for_GRC_initiativesIn concept, cognitive computing is well suited to help manage compliance because it has the ability to continuously scan all sources of rule-making, identify those that may be relevant to an organization, and provide suggestions on how best to comply with rules and oversee the compliance program. It can improve the effectiveness of the compliance process by reducing the risk that a company will overlook regulations that apply to it or will implement a compliance program that does not adequately address requirements. In short, by using automation, cognitive computing can increase the efficiency with which a company addresses its compliance requirements. Our benchmark research on governance, risk and compliance (GRC) finds that this is important: Companies most often focus on GRC to contain overall risk and the risk of failure to comply with regulations (77% and 74%, respectively) and much less often to cut costs (31%).

The primary steps any company faces in addressing regulatory compliance are identifying and understanding regulations that apply to it; determining how to address each of them; creating the appropriate measures and governance to achieve compliance; ensuring that the necessary documentation is created to confirm conformance; and guaranteeing that issues that arise are handled properly. Companies face challenges in doing this correctly and in a timely fashion. The process of interpreting the regulations and linking them to the appropriate controls is difficult and costly. Expertise is necessary, on the part of internal staff, external consultants or legal counsel. Historically companies have devolved responsibility for regulatory compliance to the individual business units most closely affected because it was the practical approach. However, decentralized approaches make it difficult to gauge overall compliance, and as the scope of regulation increases over time they lead to duplicate controls and increased costs of compliance.

IBM Watson is potentially a good fit for managing regulatory compliance because it pools knowledge of a topic. As in the case of medicine, the collective efforts of all companies using Watson to assist in managing regulation help all of the participants. Because their combined learning processes are cumulative, Watson can build a knowledge base fast and absorb new facts and conditions quickly. It’s to all participants’ advantage to expand the capabilities of the system cooperatively. In both disciplines, learning involves mastering a technical language and syntax and being able to link their meaning to specific recommended actions.

Watson’s approach to cognitive compliance starts by parsing the body of regulations in a fashion similar to the work it has done in consuming the scientific literature in the field of medicine. It then would identify all compliance requirements that may be relevant to a specific financial institution. The company would vet the list it produces to arrive at a list of validated compliance requirements. The cognitive compliance system would then use Watson to generate a recommended set of controls and procedures based on accepted practices (which may be rooted in anything from black-letter law to actions taken by similar companies). The user company would select those that it deems appropriate. These decisions would be made by trained individuals – for example, those with compliance responsibilities in a particular area, internal counsel or attorneys specializing in a relevant practice area. Once established, a cognitive compliance system could automate the process of monitoring regulatory actions and rule-making that is relevant to the company and flagging anything that requires review.

IBM intends to focus Watson’s cognitive compliance efforts initially on the financial services sector. In part this is because the company already has a significant presence in this market segment, but the main reason is because in the United States the complexity of the rules governing this industry has mushroomed since the financial crisis of the past decade. For example, the so-called Volcker Rule, intended to prevent banks from engaging in speculations that put government deposit insurance and the financial system at risk, was spelled out in just 165 words in the 2010 Dodd-Frank Act. However, translating that concept into practice required the collaboration of five regulatory agencies: The Federal Reserve, the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission (CFTC), the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC). It took about five years for this group to assemble a 71-page rule (not written in plain English) that has an 891-page preamble. As to cost of dealing with this complexity, in 2015, the OCC estimated that the cost of complying with Dodd-Frank for the seven largest U.S. banks in 2014 was US$400 million. In another example, 13 Europe-based banks spent between $100 million and $500 million each to achieve compliance with a rule requiring them to create umbrella legal structures for their local operations and take part in the Fed’s annual stress tests. To be sure, the current regulatory conditions affecting banks is an extreme example. However, for that reason it’s an attractive potential market.

If applying cognitive computing to regulatory compliance works for financial services, there are likely to be many other industries in which the regulatory requirements are demanding enough to track and implement to make its use worthwhile. One intriguing possibility for the longer term is Watson’s potential to identify duplicate or conflicting regulations and laws and enable legislators and regulatory bodies to streamline or rationalize them. We recommend that financial services organizations and perhaps others look into this intriguing possibility.

Regards,

Robert Kugel

Senior Vice President Research

Follow Me on Twitter @rdkugelVR and

Connect with me on LinkedIn.

Twitter Updates

Stats

  • 126,535 hits
%d bloggers like this: