Enterprise Risk Management: The key to surviving and thriving in today’s uncertain business environment
By Gary Lynam, Director of ERM Advisory, Protecht
In today’s hyper connected, yet highly uncertain business world, effective risk management is becoming critical to long term survival and prosperity for organisations of all sizes.
For mid-size companies in particular, the first challenge is often moving from a basic Excel-oriented approach to a more unified risk management system. However basic risk management tools that work in silos can not properly connect the dots across a wide range of key business areas, including regulatory obligations, audit findings, and important business services.
With an Enterprise Risk Management (ERM) system in place, companies are much better positioned to spot dangers or potential eventualities on the horizon and take the steps needed to mitigate them before they can derail future operations.
But what exactly is ERM, and how can companies go about implementing it effectively? This article will take a detailed look at ERM, explore some of the main internal barriers to implementing it and discuss how businesses can overcome these as effectively as possible to gain a return on investment through efficiencies and savings in risk event reduction.
ERM for Risk in Motion
Mid-size companies around the world today face an incredibly challenging business environment. New risks are constantly emerging, existing ones are changing, and regulatory requirements around audit, risk, resilience, and compliance are evolving at a rapid pace, making it harder than ever to spot potential threats.
In the past, many smaller companies traditionally managed their data and processes manually, using spreadsheets, emails, and sometimes messaging platforms such as Slack or even Teams. However, in such uncertain times, it’s increasingly clear that these siloed approaches simply don’t cut it anymore. In some cases, they even create risks of their own at an operational level.
Companies should now see risk is continuously ‘In Motion’. What we learnt from the rapidly changing Covid-19 landscape is that a dynamic review of risk has never been more important. This requires a well embedded and well operated ERM framework and processes to be lent upon. It is time to bring risk management into action with the ability to continuously and proactively monitor and assess changing information, including identification of evolving threats.
With this in mind, it’s no surprise that there’s been a widespread shift towards ERM amongst mid-size companies in recent years.
ERM solutions support the management of risk in both a holistic and an actionable way, using technology to analyse enterprise and operational risks at all levels within the same platform, in real time. Leading ERM solutions also support best practice risk analytics – such as bow tie analysis – dashboards and reporting, to enhance communication about risk across the entire workforce.
Such solutions not only improve data quality and help manage regulatory change, but they also enhance the quality and timeliness of reporting to decision-makers, meaning good decisions can be made faster at all levels of the business.
Overcoming barriers to realise the benefits
Despite the undeniable benefits of adopting ERM today, many companies run into a number of barriers when attempting to implement it effectively. These generally fall within three main categories:
- Risk culture – How people act and behave when it comes to risk management. Factors associated with risk culture may include a lack of budget for technology investment, a conservative unwillingness to engage in major transformations, or a lack of perceived importance when it comes to risk management as a business priority.
Successfully addressing these factors requires a focus on identifying key stakeholders and convincing them both of the business efficiency benefits ERM solutions offer and of the risks of continuing business as usual.
- People – Individuals and teams can sometimes be against investment in ERM solutions because they fear job loss from automation, control loss from wider use and access, or increased scrutiny.
Addressing these factors requires a focus on the positive benefits of the ERM solution both to risk management and general business teams. Doing so shows the impact will be to free up time to generate business benefits and provide managers with better, more actionable insights.
- Advisory – The organisation does not have confidence that it has the expertise to evaluate, implement, mature, and evolve an ERM program, even if key stakeholders believe that one would be desirable.
Addressing these factors requires an understanding of the options available for help with generating business cases, working with risk experts to specify the solution required, and implementing the software and associated process changes to the organisation.
Now is the time to reap the rewards and thrive
The time to consider implementing an ERM technology platform is now. With so many risk, compliance and audit challenges out there today, attempting to manage them all manually, in silos, is no longer a safe or effective way to achieve organisational objectives, and continuously monitor risk and evolving threats.
Implementing an ERM approach, supported by technology and the right implementation team, enables mid-size companies to manage these challenges in an automated, interconnected way at both a strategic and a tactical level. Doing so will lead to a host of positive outcomes including better decision-making data, improved risk, and compliance management, and enhanced regulatory relationships.
Adapting a ‘Risk in Motion’ approach is about embracing risk as an opportunity to reap the potential return of investment a ERM platform can deliver through efficiencies and savings in risk management processes.
Looking further ahead, it is those with a robust ERM approach in place who will be best positioned to adapt and thrive, regardless of what the future holds. So don’t be left behind.
Unlocking the Power of Data: Revolutionising Business Success in the Financial Services Sector
Source: Finance Derivative
Suki Dhuphar, Head of EMEA, Tamr
The financial services (FS) sector operates within an immensely data-abundant landscape. But it’s well-known that many organisations in the sector struggle to make data-driven decisions because they lack access to the right data to make decisions at the right time.
As the sector strives for a data-driven approach, companies focus on democratising data, granting non-technical users the ability to work with and leverage data for informed decision-making. However, dirty data, riddled with errors and inconsistencies, can lead to flawed analytics and decision-making. Siloed data across departments like Marketing, Sales, Operations, or R&D exacerbates this issue. Breaking down these barriers is essential for effective data democratisation and achieving accurate insights for decision-making.
An antidote to dirty, disconnected data
Overcoming the challenges presented by dirty, disconnected data is not a new problem. But, there are new solutions – such as shifting strategies to focus on data products – which are proven to deliver great results. But, what is a data product?
Data products are high-quality, accessible datasets that organisations use to solve business challenges. Data products are comprehensive, clean, and continuously updated. They make data tangible to serve specific purposes defined by consumers and provide value because they are easy to find and use. For example, an investment firm can benefit from data products to gain insights into market trends and attract more capital. These offer a scalable solution for connecting alternative data sources, providing accurate and continuously updated views of portfolio companies. Using machine learning (ML) based technology enables the data product to adapt to new data sources, giving a firm’s partners confidence in their investment decisions.
But, before companies can reap the benefits of data products, the development of a robust data product strategy is a must.
Where to begin?
Prior to embarking on a data product strategy, it is imperative to establish clear-cut objectives that align with your organisation’s overarching business goals. Taking an incremental approach enables you to make a real impact against a specific objective – such as streamlining operations to enhance cost efficiency or reshaping business portfolios to drive growth – by starting with a more manageable goal and then building upon it as the use case is proved. For companies that find themselves uncertain about where to begin their move to data products, tackling your customer data is a good place to start for some quick wins to increase the success of the customer experience programmes.
Getting a good grasp on data
Once an objective is in place, it’s time for an organisation to assess its capabilities for executing the data product strategy. To do this, you need to dig into the nitty-gritty details like where the data is, how accurate and complete it is, how often it gets updated, and how well it’s integrated across different departments. This will give a solid grasp of the actual quality of the data and help allocate resources more efficiently. At this stage, you should also think about which stakeholders from across the business from leadership to IT will need to be involved in the process and how.
Once that’s covered, you can start putting together a skilled team and assigning responsibilities to kick-off the creation and management of a comprehensive data platform that spans all relevant departments. This process also helps spot any gaps early on, so you can focus on targeted initiatives.
Identifying the problem you will solve
Now let’s move on to the next step in our data product strategy. Here we need to identify a specific problem or challenge that is commonly faced in your organisation. It’s likely that leaders in different departments, like R&D or procurement, encounter obstacles that hinder their objectives that could be overcome with better insight and information. By defining a clear use case, you will build a real solution to a challenge they are facing rather than a data product for the sake of having data. This will be an impactful case study for your entire organisation to understand the potential benefits of data products and increase appetite for future projects.
Getting buy-in from the business
Once you have identified the problem you want to solve, you need to secure the funding, support, and resources to move the project ahead. To do that, you must present a practical roadmap that shows how you will quickly deliver value. You should also showcase how to improve it over time once the initial use case is proven.
The plan should map how you will measure success effectively with specific indicators (such as KPIs) that are closely tied to business goals. These indicators will give you a benchmark of what success looks like so you can clearly show when you’ve delivered it.
Getting the most out of your data product
Once you’ve got the green light – and the funds – it’s time to put your plan into action by creating a basic version of your data product, also known as a minimum viable data product (MVDP). By starting small and gradually enhancing with each new release you are putting yourself in the best stead to encourage adoption and also (coming back to our iterative approach) help you secure more resources and funding down the line.
To make the most of your data product, it’s essential to tap into the knowledge and experience of business partners as they know how to make the most of the data product and integrate it into existing workflows. Additionally, collecting feedback and using it to improve future releases will bring even more value to end users in the business and, in turn, your customers.
Unlocking the power of data (products)
It’s crucial for companies in FS to make the most of the huge amount of data they have at their disposal. It simply doesn’t make sense to leave this data tapped and not use it to solve real challenges for end users in the business and, in turn, improve the customer experience! By adopting effective strategies for data products, FS organisations can start to maximise the incredible value of their data.
HOW SMALL BUSINESSES CAN FIGHT BACK AGAINST POOR PAYMENT PRACTICES
Source: Finance Derivative
SMEs across the UK are facing a challenging economic environment and late payments pose a severe challenge to maintaining cash flow. Here, Andrea Dunlop, managing director at Access PaySuite, explores the challenges facing small and medium sized businesses, the risks that late payments carry, and what can be done to secure timely payments, in full.
It’s estimated that UK businesses are currently owed more than £23.4bn in outstanding invoices. For all businesses, managing the outward flow of products and services with a steady incoming cash flow is a fine balance – with unexpected disruptions and complications capable of causing catastrophic problems.
Late and delayed payments have been identified as a significant challenge for SMEs – an issue that has scaled over recent years. In fact, in its latest report, the Federation for Small Businesses (FSB) stated that the UK is “almost unique in being a place where it is acceptable to pay small businesses late”.
The FSB also states that this “will remain the case without further action” and, as such, has called for government action to put a stop to these damaging trends.
Small businesses form a vital part of the economic ecosystem – in 2022, it was estimated that 99% of UK businesses were SMEs – so poor payment systems not only present a very real threat for individual businesses, but for the UK economy as a whole.
Despite this strong case for urgent action to be taken, changes to legislation can be a slow process and, in the face of ongoing economic pressure, small businesses need more immediate solutions.
Although businesses are at the liberty of their customers and clients, there are a number of actionable steps SMEs can take to increase the rate of prompt and complete payments.
The impact of late payments for SMEs
Published in Q4 2022, research published by the ICAEW demonstrates that around half of invoices issued by small businesses are paid late.
More often than not, small businesses operate within a chain of regular suppliers and customers. These chains can include multiple business links, stretching across sectors and regions. As a heavily interwoven ecosystem, if one ‘link’ in the chain is damaged by late payments and unreliable cash flow, the delays can quickly escalate and create a domino effect of complications across the whole system.
With a lack of consistent income, SMEs are more likely to be prevented from paying their overheads and suppliers on time.
As late payments add up and push multiple businesses into a negative cash flow, the problem can continue to snowball.
Simply put, extended periods of unreliable and heavily reduced payments put whole supply chains of companies in very dangerous financial positions – especially as running costs remain high.
Combined, the complexities arising from late payments and the vast scale of the issue, demonstrates a clear need for systemic change.
Current government action
At the end of January, the government published a review of the reporting of payment practices first introduced in 2017 .
This review stated that the government is committed to “stamp[ing] out the worst kind of poor payment practices within the business community”.
The 2017 Payment Practices and Performance Regulations require all large UK companies to report publicly on their payment policies, practices and performance, to ensure accountability.
Following its review, a new consultation has been launched, seeking the opinion of business owners on current regulations – asking whether this existing policy should extend beyond its current expiry date, 6 April 2024. This consultation is part of a wider examination of payments in the UK.
Delving into issues including the emotional and psychological impact of late payments on small business owners – as well as analysing how banks and technology can help – the government’s review is a welcome development, but SMEs need to take more immediate action to strengthen their payment processes.
What can SMEs do?
With the government consultation finalising at the end of April, the future of the payment landscape in the UK will soon be made clearer – but what actions can SMEs take to immediately strengthen their payment processes?
For many SMEs, payment systems are low down the list of priorities, and the fear of disruption or additional costs can lead many to turning a blind eye to problems with their existing systems. But, with challenges around cash flow increasing, investing in a flexible and comprehensive payment system could be an incredibly worthwhile investment.
Issuing regular invoices takes a lot of time, and when working across different clients with different payment frequencies invoicing can lead to unnecessary complexities.
Instead, systems that enable customers to set up direct debits ensure payments are completed on a set date, reduce additional paperwork and still allow bespoke schedules for each client or customer to be arranged.
In many SMEs, missed payments can easily get lost in piles of paperwork and human-error can result in problems down the line. When using digital payment systems, should a missed payment occur, automated capabilities ensure the issue is flagged, and any outstanding challenges can be resolved in a timely manner.
With payments and invoicing automatically managed in a centralised database, countless hours that would otherwise be spent on repetitive and laborious administrative work are saved.
As well as reducing the amount of staff time spent managing processes and tracking financial activity, a reliable payment system delivers benefits for customers too, and contributes towards greater service and boosting brand loyalty.
In the coming weeks and months, new government guidance should clarify legislative expectations for businesses regarding payments. But, with smart investment in specialist software solutions, our country’s vital SMEs can take the necessary safeguarding steps to boost payment security and thrive through this tough financial time.
Less than a year until EMIR Refit: how can firms prepare?
Source: Finance Derivative
Leo Labeis, CEO at REGnosys, discusses everything that financial institutions need to know about EMIR Refit and how they can prepare with Digital Regulatory Reporting (DRR).
There is now less than a year until the implementation date for the much-anticipated changes to the European Markets Infrastructure Regulation (EMIR). The amendments, which are set to go live on 29 April 2024, represent an important landmark in establishing a more globally harmonised approach to trade reporting.
Despite the fast-approaching deadline, concerns are growing around the industry’s preparedness, with a recent survey from Novatus Advisory finding that 40% of UK firms have no plans in place for the changes, for instance.
Much of the focus in 2022 was on implementation efforts for the rewrite of the Commodity Futures Trading Commission’s swaps reporting requirements (CFTC Rewrite), which went live on 5 December. Both the CFTC Rewrite and EMIR Refit are part of the same drive to standardise trade reporting globally. While EMIR Refit was originally anticipated to roll out first, implementation suffered from repeated delays to its technical specifications, in particular the new ISO 20022 format. The ISO 20022 mandate was eventually excluded from the first phase of the CFTC Rewrite, hence the earlier go-live date.
In parallel, the Digital Regulatory Reporting (DRR) programme has emerged as a key driving force in helping firms adapt to continually evolving reporting requirements. Having participated in the DRR build-up for their CFTC Rewrite preparations, how can firms leverage these efforts to comply with EMIR Refit in 2024?
The drive to standardise post-trade
To understand the new EMIR requirements, it is important to first look at the two main pillars in the global push to greater reporting harmonisation.
The first is the Committee on Payments & Market Infrastructures and International Organization of Securities Commission’s (CPMI-IOSCO) Critical Data Elements (CDE), which were first published in 2018 to work alongside other common standards including the Unique Product Identifier (UPI) and Unique Trade Identifier (UTI). These provide harmonised definitions of data elements for authorities to use when monitoring over the counter (OTC) derivative transactions, allowing for improved transparency on the contents of the transaction and greater scope for the interchange of data across jurisdictions.
The second is the mandating of ISO 20022 as the internationally recognised format for reporting transaction data. Historically, trade repositories required firms to submit data in a specific format that they determined, before applying their own data transformation for consumption by the regulators. The adoption of ISO 20022 under the new EMIR requirements changes that process by shifting the responsibility from trade repositories to the reporting firm, with the aim of enhancing data quality and consistency by reducing the need for data processing.
Preparing for the new requirements with DRR
DRR is an industry-wide initiative to enable firms to interpret and implement reporting rules consistently and cost-effectively. Under the current process, reporting firms create their own reporting solution, inevitably resulting in inconsistencies and duplication of costs. DRR changes this by allowing market participants to work together to develop a standardised interpretation of the regulation and store it in a digital, openly accessible format.
Importantly, firms which are using the rewritten CFTC rules which have been encoded in DRR will not have to build EMIR Refit from scratch. ISDA estimates that 70% of the requirements are identical across both regulations, meaning firms can leverage their work in each area and adopt a truly global strategy. DRR has already developed a library of CDE rules for the CFTC Rewrite, which can be directly re-applied to EMIR Refit. Even when those rules are applied differently between regimes, the jurisdiction-specific requirements can be encoded as variations on top of the existing CDE rule rather than in silo.
Notably the UPI, having been excluded from the first phase of the CFTC Rewrite roll-out, is mandated for the second phase due in January 2024. DRR will integrate this requirement, as well as others such as ISO 20022, and develop a common solution that can be applied across the CFTC Rewrite and EMIR Refit.
As firms begin their own build, the industry should work together in reviewing, testing and implementing the DRR model. Maintaining the commitment of all DRR participants will strengthen the community-driven approach to building this reporting ‘best practice’ and serve as a template for future collaborative efforts.
Planning for the long-term
Although the recent CFTC Rewrite and next year’s EMIR Refit are centre of focus for many firms, several more G20 regulatory reporting reforms are expected over the next few years. These include rewrites to the Australian Securities and Investments Commission (ASIC), Monetary Authority of Singapore (MAS) and Hong Kong Monetary Authority (HKMA) derivatives reporting regimes, amongst others.
Firms should therefore plan for the entire global regulatory reform agenda rather than prepare for each reform separately. Every dollar invested in reporting and data management will go further precisely because it is going to be spread across jurisdictions, easing budget constraints.
Looking ahead, financial institutions should establish a broad and long-term plan is to learn from their CFTC Rewrite preparation and how DRR can be positioned in their implementation. For example, firms should ask themselves which approach to testing and implementing DRR works best: via their own internal systems or through a third-party? Firms should review what worked well in their CFTC Rewrite implementation and apply successful methods to EMIR Refit. Doing so will enable firms to have a strong foundation for future updates in the years to come.