Professional postgraduate diploma in GRC Masterclass Evaluation Template for Executive Summary
Preamble
Generali Worldwide Insurance Company (hereinafter called Generali Group) recognizes the need for efficient and secure application of Information Technology (IT) to enhance the company’s governance, risk and regulatory (GRC) tasks. The GRC specialists of the company GRC employees take a broad perspective of the principles that govern IT’s security when making decisions regarding the technology’s GRC functions. They are also aware of the importance of being able to align IT solutions to the goals, mission and goals. In order to ensure agility and advancement of the GRC practices Generali’s GRC support experts have opted for a custom IT security system (Generali Group, 2016).
The company’s central IT structure allows GRC employees to control and access many of the company’s processes and operations without putting at risk the information assets. These IT security rules allow you to ensure that every IT GRC tasks are conducted in a safe manner: individual responsibility in the usage of IT assets as well as identification of information availability, maintenance of reliability as well as the safety of the design and its implementation, prudential and separation of tasks (Generali Group 2016,).
This journal of reflection aims to investigate the application in IT in GRC to perform management revising, compliance, and retraining tasks. The subject is of particular significance to me as through understanding the compliance technology and its implications, you can make sure the GRC software solutions from Generali Group are aligned with the goals, vision and goals, thus making security more secure and increasing the competitiveness of the company.
The key principles and topics discussed during the Master class
Decision Making, Oversight, and Control
The most important lesson of this Masterclass can be that IT can be utilized to give GRC experts with the data needed for making decisions as well as oversight and control. There are many different companies with their own regulatory frameworks that require the use of technology for compliance which could simplify GRC processes, which can reduce the overall cost (ICT 2015.). In the case of Customer Due Diligence (CDD), GRC software solutions are crucial to creating profiles of customers at the time of application. This is just one way of ensuring compliance within the constantly evolving regulatory environment which financial institutions like Generali Group have to operate.
In reality, just 60% of decision-making within large corporations is based on reliable data (PWC 2016, 2016). This implies that the decision-making culture of many organizations aren’t centered around the use of the latest algorithms. Additionally, companies that are data-driven tend to use the available information for “support the conclusions they want” (PWC 2016, page. 2.). Refusing to use IT GRC solutions is a dangerous trend that could expose a business to a variety of risk of compliance and decrease its competitive edge.
Contemporary IT GRC solutions have management, execution and monitoring capabilities. However, the successful implementation of such software applications is contingent on whether they align to a company’s mission, goals, and vision and GRC details that could significantly differ across different branches. So, in order to make sure that IT GRC solutions necessary for monitoring and gathering of data compliance concerns, give adequate assurance of security and resilience from an operating model, it’s important to take into consideration the use of custom-designed solutions. You can also think of utilizing a third-party to provide IT GRC services (FCA 2014).
But, after having analyzed crucial legal and technical areas of concern, Generali Group has decided not to outsource its most critical technological services (Generali Group, 2016).
To allow the IT GRC solution to deliver the benefit of giving GRC practitioners with data that aids their decision-making process, the enterprise technology for compliance must be centralized, structured , and well-organized. There is ample evidence that businesses with above-average IT GRC performance, which is made possible by the aid by core structure integration are “more than 20 percent higher profitability than firms with poor governance” (PWC 2017 para. 7).
One of the most important aspects to achieve the highest quality IT GRC performance is to centralize the storage of data. It is not only helpful in meeting regulatory requirements, but also from a practical point standpoint. In particular, a financial services company that is able to use a uniform IT platform that has central data storage could prove “traceability and liability of information in financial reports” (ICT 2015, page. 7.). Furthermore localized data centers provide more effective control of corrective measures that need to be implemented by the company.
Compliance Analytics
The other key lesson from the Masterclass which must be kept in mind is that compliance analytics can be a powerful tool to analyze data from various data sources in order to enhance an organization’s GRC capabilities (Zitting 2015.).
Based on Spanaki and Papazafeiropoulou (2013) The Sarbanes-Oxley Act of 2002 necessitated innovative approaches to the company’s GRC strategy. Many businesses built their GRC operations around forensic measures that take forms of retro-reporting. In the end, however, post-fact IT Forensics significantly reduces the period for remediation of controls deficiencies, which can undermine the effectiveness of compliance programs (Abdullah Indulska, Sadiq, and Abdullah 2012). Automated detection of compliance issues using analytics is a different approach to the traditional methods of detecting.
It is believed that using compliance analytics is a successful method of removing compliance gaps and for predicting breaches to policies. Society for Worldwide Interbank Financial Telecommunication (SWIFT) Compliance Analytics is a platform for data mining that is used by financial service organizations to detect financial crimes and compliance (FCC) dangers (ICT 2015.). The platform permits its customers to “identify behavioral anomalies, unusual patterns, and trends, hidden relationships, and high levels of activity with high-risk countries and entities” (SWIFT 2014, page. 1.).
This point of learning is linked to the first one by ensuring the centralization of all data is essential for conducting pertinent analysis using a compliance analytics program. Afficient risk management analysis for risk management are only feasible when the data is standardized and collected from a single source within an organization.
Use of IT in Know Your Customer (KYC)
The third lesson is the fact that IT can be used effectively for KYC actions that are crucial for CDD. Despite the overwhelming evidence that the effective collection and exchange of KYC information among banks reduces the risk of compliance Many organizations remain dependent on outdated systems that hinder circulation of KYC information (ICT 2015.). Not just these outdated methods, typically built on manual processes and increase error rates and pose regulatory risks as well as reducing general quality the client experience.
KYC automation is a particular area of IT that has been successfully investigated by SWIFT to give banks accessibility to standardized client information via a secure web-based portal (ICT 2015.). It is important to note that there are several firms that specialize in providing these services and with KYC Exchange Net AG being the most prominent. A method for due diligence permits the classification of customers based on their primary attributes that include but aren’t limited to, size, industry as well as risk and entity. It is worth noting that recent advancements in mobile banking technology have forced the providers of KYC automation to accept customers from non-traditional markets who were previously exempt by financial institutions (ICT 2015.).
GRC experts need to understand that the majority of KYC actions must be viewed from a Risk-Based Approach (RBA) from a risk-based perspective. The selection of any KYC policy is based on the possibility of a trade-off, and it is essential to find the best equilibrium among “false acceptance of an invalid identity claim” and “false rejection of a valid identity claim” (Gelb 2016 (p. 3.). With the aid of the latest KYC utility software It is now possible to swiftly process KYC documentation, and thus fill in any information gaps quickly. Additionally, KYC technological solutions that are designed around RBA can help improve the customer experience by avoiding the needless negatives (ICT 2015.).
Utilization and Recommendations
In terms of practical implementation of the learning points GRC specialists from Generali Group have to use GRC functions of IT to improve the efficiency of their decision-making process as well as compliance and control. In this regard it is suggested to ensure that the technology used for compliance is in line with the company’s vision as well as its mission, strategy and objectives. Thus, only bespoke IT solutions should be utilized to manage particular GRC tasks and to achieve the highest degree alignedness (ICT 2015.).
To decrease GRC risks within Generali Group, its compliance professionals must make use of SWIFT compliance Analytics (SWIFT 2014.). This service provides continuously monitored and auditing functions that are extremely effective in identifying all types of FCC risk. Real-time application of predictive analytics will allow companies to implement effective prevention strategies, which will help avoid negative future developments.
The effective implementation of IT GRC processes within the corporate control environment isn’t possible without the use of advanced KYC technology.
Conclusion
The research conducted on the Masterclass issue has enabled me better comprehend the significance of effective utilization of IT in the GRC processes of a financial institution. Now , I understand it is imperative that Generali Group should try to reduce its manual processing in order in order to gain a more efficient and risk-based analysis of KYC information and enhance the client experience.