Governance, Risk and Compliance continues to be complex business challenge. With an ever changing and complex regulatory landscape, it can be hard to stay up to date. Regulatory requirements challenge boards to greater levels of transparency, objectivity and professionalism with governance, culture and reporting increasingly an area of focus.

The Senior Managers and Certification Regime (SM&CR) has put corporate governance and culture firmly in the regulatory spotlight with increased accountability and potential exposure to liability means directors need to ensure that corporate governance standards are adhered to and robust compliance management systems are in place.

Conduct Risk

In addition to good corporate governance, regulators throughout Europe are increasingly keen for firms to change culture, moving away from commission-based sales structures towards models that operate in the customer’s best interests for the long term.

Conduct Risk builds on the ‘Treating Customers Fairly’ regime and looks to not only provide protections at the point of sale, but on a long-term basis throughout the client’s relationship with the company. As a firm you are expected to:

• Have a strategy that puts the customer first and which produces long term sustainable profitability;
• Develop products that operate in the interests of customers, ensuring they are understood by the target audience;
• Have a culture throughout the firm that supports good, long term consumer outcomes, driven at board level and disseminated throughout the organisation; and
• Ensure products and services are appropriate, with regular stress testing taking place.

What are the dangers of poor GRC practices?

Poor GRC practices are dangerous for all business, whether large or small.

Failure to meet legal and regulatory obligations can often lead to public censure, fines or even to imprisonment in the worst cases. It is likely to cause reputational damage to the business and endanger the viability of businesses.

There are myriad warning signs of poor GRC practices, but they can include repeated errors, poor productivity, lack of risk appetite, lack of information (MI), poor service Legal or regulatory breaches and lack of risk management.

Do you have a problem with GRC in your business?

Many businesses don’t recognise they have a GRC problem until it’s too late. Fire-fighting can be very disruptive and expensive and many businesses do not survive such a catastrophe – whether self-inflicted or caused by external risk.

So, what business issues keep you awake at night?