TOSMS Boardroom Solutions
Pillar 6: Boardroom Risk and Compliance Monitoring Solution
This pillar is where the wheels have come off in a big way for enterprises. Have a look at some of the larger bank fines over the past 5 years for control weaknesses. In each case the money wasted on fines could easily have set up a fully-fledged Enterprise Mission Control Centre for boards and executive teams that would have prevented such failures and given shareholders, staff, suppliers and customers peace of mind over the governance of their enterprises:
-
Standard Chartered Bank - £102m fine (2019)
-
Goldman Sachs International - £97m fine (2020)
-
Lloyd's Bank General Insurance - £90.7m (2021)
-
Credit Suisse - £147.2m fine (2021)
-
Santander UK plc - £107.8m (2022)
Some of the US banking fines for AML weaknesses are eye-watering and amount to over a billion dollars in some cases. There is just too much that needs proper scrutiny and judgement at a detailed level, especially in the highly regulated industries. Notwithstanding this, it is staggering how many large enterprises still rely on spreadsheets for processing across the many practices that cover this pillar. Without proper change and configuration control of all source documents that hold the details of the risks the enterprise is under, it is not possible to manage these risks in an effective and efficient manner.
These risk details have to be mapped to the areas of the business - the operating models - that are impacted. This entails details of the mitigating controls put in place that comprise the processes, records, systems and roles within these operating models. When changes happen to the operating models, for example, because of internal interventions that drive strategies for change by the board and executive team, or external interventions by regulators bringing in new, or changes to existing, legislation, it is crucial for the board and executive team to quickly be able to understand the impacts to their operations and make informed decisions using this information.
Knowing the finite details of which organisation design elements are impacted by risk-based requirements can be a time-consuming and costly exercise each time new requirements surface - think solvency for banks or the introduction of GDPR requirements. Doing this manually is something large, complex organisations repeat each time new legislation is enacted. This is at great cost and highly resource intensive, something that could be avoided.
Given that some of these requirements are highly complex in nature, it places a costly reliance on scarce expertise internally, a risk in its own right. So a brains trust of expertise is essential when setting these solutions up for the first time - an expert system - and this is an area where artificial intelligence can overcome these challenges in the future.
The above are just a few insights that are part of a much broader compelling business case TOSMS makes for its clients to tackle the need to digitise, integrate and automate the many practices and standards that make up this pillar.
An overview of the solution that automates the Risk and Compliance Monitoring Solution is provided in the diagram below.
