Governance, Risk and Compliance

Governance, Risk and Compliance (“GRC”) is often referred to as the business issues that ought to keep directors and senior managers awake at night as it involves risks to the very essence of the firm.

Governance is concerned with the structure, direction and management oversight of the business. It involves establishing the culture of the business, the business plan (strategy and tactics) as well as making sure the business has the resources and expertise to execute the plan.

Risk is concerned with establishing the risk appetite of the business, ensuring adequate risk assessment, mitigating risks identified and monitoring risks.

Compliance is concerned with ensuring that the business complies with its legal and regulatory obligations, as well as the behaviour standards it has adopted to differentiate itself from competitors.

Conduct Risk

In addition to good corporate governance, regulators throughout Europe are increasingly keen for firms to change culture, moving away from commission-based sales structures towards models that operate in the customer’s best interests for the long term.

Conduct Risk builds on the ‘Treating Customers Fairly’ regime and looks to not only provide protections at the point of sale, but on a long-term basis throughout the client’s relationship with the company. As a firm you are expected to:

  • Have a strategy that puts the customer first and which produces long term sustainable profitability;
  • Develop products that operate in the interests of customers, ensuring they are understood by the target audience;
  • Have a culture throughout the firm that supports good, long term consumer outcomes, driven at board level and disseminated throughout the organisation; and
  • Ensure products and services are appropriate, with regular stress testing taking place.

What are the dangers of poor GRC practices?

Poor GRC practices are dangerous for all business, whether large or small.

Failure to meet legal and regulatory obligations can often lead to public censure, fines or even to imprisonment in the worst cases. It is likely to cause reputational damage to the business and endanger the viability of businesses.

There are myriad warning signs of poor GRC practices, but they can include repeated errors, poor productivity, lack of risk appetite, lack of information (MI), poor service Legal or regulatory breaches and lack of risk management.

Do you have a problem with GRC in your business?

Many businesses don’t recognise they have a GRC problem until it’s too late. Fire-fighting can be very disruptive and expensive and many businesses do not survive such a catastrophe – whether self-inflicted or caused by external risk.

So, what business issues keep you awake at night?

How can we help?

Businesses that proactively review their GRC standards and call in external expertise to review GRC practices and resilience are the firms that are most likely to survive or avoid catastrophe and to prosper.

We have extensive experience of assessing GRC standards across a wide range of firms from IFAs Wealth Managers, consumer credit firms and insurance and mortgage intermediaries to Private and Retail Banking, Collective Investments, Broker Dealers, Private Equity, Venture Capital, Wrap Platforms and Life and Pension providers.

Our team of highly experienced and knowledgeable practitioners will carry out investigation work to determine your level of compliance with expected GRC standards and can assist you to implement practical solutions to any problems that are identified. We can provide you with assurance on the standards achieved to support senior managers under the Senior Managers and Certification Regime.

GRC Case Studies