With all the regulatory change in the financial services industry, new risk, compliance, and control requirements are often simply overlaid on top of existing processes. The result is a patchwork of band-aid fixes that are bureaucratic, cumbersome, and not necessarily effective. The additional complexity dilutes accountability and often lengthens cycle times, reduces agility, increases cost, and degrades the customer experience. When this happens, the risk management and compliance departments are actually working at cross-purposes to the operating units that are tightly staffed and have a job to do. And, they don't get the improved compliance and risk management results they are seeking.

What if you could get your risk and compliance needs met while enhancing the business by giving it more efficient processes that improve agility and customer service? What if the risk and compliance teams were viewed as valued partners to the business rather than as a necessary evil that interferes with the day-to-day business?

Think that's not possible given the nature of your responsibilities and the seemingly never-ending changes to laws and regulations you must manage and implement? Think again. Even though there have been more new laws and regulations in the financial industry initiated over the last 5 years than have been initiated over the last 25 years (meaning there are more internal processes to follow than ever before), you can implement the myriad of changes in a way that actually improves efficiency and performance.

The key is to understand the impact of new risk and compliance requirements on the myriad of accountabilities that comprise the work end-to-end. By integrating new requirements within updated and optimized processes, rather than simply overlaying them on top, you can ensure that the changes enhance risk management / compliance and support other business goals such as growth, increased profitability, and improved customer service.

Here is a proven process for making this happen.
1. Examine how work is done currently, end-to-end, from an accountability perspective.

When you try to improve compliance and risk management by adding new steps into an existing process, the overall process can become less efficient. To avoid this, examine the work from end-to-end, to uncover unclear or missing accountabilities and identify obstacles to delivering on those accountabilities. A great time to do this is when you are performing a Risk and Control Self Assessments (RCSA) in the business line. Based on a holistic business view, you can see major issues broadly across the processes and determine the potential impact of the new requirements on the overall flow of the work - the core of the business. And, it will allow you to take a "big-picture" view of risks in the business at the same time.

For example, if you look at how a loan is processed, examine each accountability within the process from the point the customer receives the application to fill out all way to the disbursement of approved funds. Give each accountability equal attention so you can understand how the process is really working. By doing this, you can better see where risk is, where your efficiency opportunities are, where your compliance opportunities are, and where your control points need to be. With this big picture view, you have a starting point from which to create processes that meet your needs for risk management / compliance and meet the business line's needs for high quality customer service and operational efficiency.

2. Engage those who do the work day-to-day to understand their issues and challenges.

Remember, the workers in the trenches are the ones who understand how the work really flows. So if you create mandates from the top without getting the perspective of the people who have to do the work, you may impose a process that hinders performance. A better approach is to engage the people who do the work directly. The obstacles to delivering on their accountabilities may be very different than what leadership believes and may not be visible through established risk and compliance assessment approaches. When you take the time to learn from those doing the work, you may find unexpected opportunities and approaches to the needed change that meet your risk needs and also improve efficiency.

The key here is to really listen. Traditionally, risk and compliance professionals look only at how the compliance requirements are functioning. The kind of listening needed now is to listen for clues on how the overall process works and what opportunities exist to improve the process, both from a compliance and a business perspective. So it's listening for different things in the conversation-things you've probably never listened for in the past.

As an added benefit, when you engage the workers to help improve processes rather than just add more steps, they will internalize the risk / compliance requirements as part of their day-to-day work. In other words, they'll work with you as a team, which will make your job easier. That's when compliance / risk management becomes an ongoing, sustainable activity versus a one-time exercise.

3. Use the knowledge gained to redesign the work, integrating risk / compliance accountability and control in a way that also supports other business goals.

With your new knowledge and outlook on the business and its processes, you can work with the business lines directly to create new workflows and processes that support both your goals as a risk / compliance professional, as well as their goals. It's about embedding the new requirements into an updated process rather than just overlaying a quick fix. In addition to better managing risk, your work is helping to streamline operations, simplify approvals, reduce costs, and build strong accountability across the processes. As a result, you'll get better risk / compliance results, make change management easier, provide support for the other business capabilities, and make the risk / compliance function a valued business partner. It's truly a win-win for all.

New Rewards for Risk Management

Of course, this three-step process is not a one-time deal. New laws and regulations will continually come your way. That means you have to make this an ongoing discipline that's a natural part of your daily activity. It's really about a new way for risk / compliance professionals to work in order to bring the most value to the organization. The more you integrate this approach into your work, the sooner your organization will view compliance / risk management as a welcomed and vital business function.