Banks and financial institutions are faced with critical challenges in their current governance, risk, and compliance (GRC) approaches, which often times involve inefficient and cumbersome processes requiring an excessive amount of manual work with disconnected and varied results.
This challenge is further exacerbated with the constant addition of new guidelines to adhere to and new initiatives being pushed forth in order to mitigate risk, making it ever-so daunting for risk and compliance teams to keep up.
In this fast-evolving risk and regulatory landscape, banks are increasingly turning to so-called electronic-GRC (eGRC) platforms to address the inefficiencies and limitations related to current GRC processes.
In the third issue of the Hong Kong Monetary Authority (HKMA)’s Regtech Adoption Practice Guide series, experts from KPMG provide an overview of current GRC challenges, outlining how early regtech adopters have successfully implemented GRC regtech solutions in their organizations.
According to the paper, so called electronic-GRC (eGRC) platforms and GRC regtech solutions are emerging as effective solutions to current GRC challenges such as organizational silos, ineffective risk reporting and the lack of business and risk transparency.
By capturing a holistic view of regulatory obligations, compliance, events and controls, eGRC platforms offer a single source of truth, driving thus consistency, transparency and efficiency to maximize the effectiveness of an organization’s control framework.
These solutions help organizations coordinate GRC-related activities across diverse business operations and multiple geographies and ensure compliance with evolving regulations.
Key benefits of using an eGRC platform outlined in the paper include enhanced visibility across the business through the integration of data into one single platform, the promotion of risk ownership through electronic tagging, for example, reduced costs through automation and data integration, as well as improved data and analytics to provide insights.
Examples of GRC regtech solutions implemented
The guide shares two GRC regtech solutions that have been implemented.
The first use case is a cloud-based regulatory tracking and obligations management tool to keep up with regulatory changes.
For this project, the bank engaged with a regtech solution provider and a regulatory horizon scanning data provider, which provided it with access to the latest regulatory changes issued by governments, regulators and other third parties across different jurisdictions. Regulatory summaries were compiled by a team of compliance and legal professionals, and then ingested into eGRC platforms through APIs.
Regulations, risk events, and other information could then be categorized by product, business function, jurisdiction, and publish date, allowing for customized daily email alerts for subscribed users to facilitate regulation monitoring.
The second GRC regtech solution outlined in the guide is the implementation of a global GRC platform, a project that involved a complete organization-wide GRC transformation with hopes for a unified, more holistic tech solution across the entire organization to avoid silos and duplicated work.
After an initial preparation phase that involved reviewing the company vision, mapping current processes, defining key drivers of a GRC platform, setting out budget plans, formulating a communications plan, and so on, the team proceeded with the selection and appointment of a GRC platform vendor.
A prototype was then built by the vendor for the pilot jurisdiction, which was then applied to the full implementation.
The project required all business units to follow the centralized guideline on risk management and governance framework. Each business unit also had to identify relevant data sources and transform them to the standardized format for migration.
Streamlining and standardization of processes were also required due to the varying levels of maturity across all the business units and operating jurisdictions. Finally, customization requirements were managed to meet all requirements covering all operating jurisdictions.
Boosting regtech adoption in Hong Kong
The Regtech Adoption Practice Guide series was launched in July by HKMA in a bid to encourage Hong Kong banks to adopt regtech by providing them with detailed practical guidance on the implementation of such solutions.
Each of these guides focuses on a specific technology or application area identified in the HKMA’s white paper titled Transforming Risk Management and Compliance: Harnessing the Power of Regtech.
The white paper, released in November 2020, identified 16 recommendations across five core areas to accelerate the further adoption of regtech in Hong Kong, and laid out a two-year roadmap to promote regtech that included initiatives such as the Global Regtech challenge, and a flagship regtech event called Unlocking the Power of Regtech.
The first two issues of the guide focused on cloud-based regtech solutions, and anti-money laundering/counter-financing of terrorism.