Thursday, February 25, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

The Organizational Risk of Ineffective Compliance Plans

CROs’ Unique Role in Responding to the Pandemic

by Guy Underwood
October 22, 2020
in Featured, Risk
man standing at bridge crossing, concept of business opportunity and decision

Historically, the Chief Risk Officer’s role has been to ensure that companies meet their regulatory and compliance obligations. Guy Underwood, CRO at Vital4, discusses how that is changing in the context of a global pandemic.

Nearly five years ago, I was awarded the Certified Chief Risk Officer (CCRO) certification by the Risk Management Institution of Australasia. As part of the application process, I was asked to answer a number of questions relating to elements of a Chief Risk Officer’s role. I was also interviewed by a panel as they sought to ascertain whether I had the necessary skills and experience to gain the CCRO accreditation.

My answers then have caused me to reflect on what they would be now in the context of the COVID pandemic and where the world is in 2020, as opposed to circa 2016 when I gained this certification.

Times are Changing, and Risk is Increasing

There are substantial penalties for organizations as well as individuals that don’t manage risk. Most businesses have programs and policies in place that are meant to ensure that they are compliant with relevant regulations.

Internal auditors go through the prescribed process and check off the items in the program, but checking off the boxes on an in-place program is not the same as effectively managing risk. Every check may “pass,” but if the program has not been implemented properly, has not been updated to reflect recent regulatory changes or has critical failings in data or process, the organizational risk may still be substantial.

Data and how you use it is key to any compliance program. Many organizations are “data rich” but “information poor.” Combing through mountains of data can lead to missing key information, and outdated data or poorly curated datasets can lead to false positives or other forms of risk.

Risk is not limited to substantial fines by regulators. Organizational risk also encompasses the reputation loss that can dramatically impact the ability of the business to operate normally, acquire new customers or retain existing accounts. It is critical that organizations ensure they are not engaging in operations with sanctioned countries or facilitating bad actors after ample information is available of their criminal actions.

Viewing risk only through the lens of accounting losses misses the larger picture of opportunity costs that surround a loss of trust or respect; these can be even more devastating for an entity than the fines themselves.

Historically, the role of the CRO was limited to ensuring that the organization met its regulatory and compliance obligations – a sort of failsafe to protect the business in the event of adverse scenarios. However, the modern CRO now appears to have more influence across organizations, although there is still some way to go in terms of getting the right seat at the table to ensure compliance processes are more than just ticking boxes.

Having been involved in the risk management industry for over 25 years, I have seen many changes, including a move away from the dominance of insurance professionals at risk-related events and a younger and more diverse number of risk professionals in the marketplace.

The rapid digitization of many industries during the COVID pandemic is only accelerating this trend. Yet as risk professionals, quite often we still have to justify our existence to the organization and demonstrate that we add value and are not just a cost center.

A Few Key Takeaways

The pandemic has provided an opportunity for companies to review their risk framework to ascertain whether they have captured the risks presented by the pandemic (e.g., teams working remotely, interruption of supply chain, dealing with clients remotely).

In my opinion, now is the perfect time to recast the role of risk management and the CRO in particular. With events such as the worldwide financial crisis, terrorism, political uncertainty and a global pandemic impacting society and changing how business is conducted, CROs have a crucial role in helping guide organizations in the right direction.

CROs have the opportunity to shape the future strategic direction of their organization through identifying new risks that have presented during the pandemic and designing strategies to ensure that the business takes advantage of the new risk environment.

Whether you are a not-for-profit seeking to remain relevant and financially viable or a fintech company seeking to become the next “unicorn” company, your organization will benefit from engaging closely with your CRO and members of the risk management team.

Compliance Innovation

As a CRO, you must have a role in helping set the strategic direction for your organization. No entity can embark on a course of action without understanding the underlying risk exposure and rewards that the changes entail. Additionally, executives and senior management require your wise and knowledgeable counsel when making decisions that can impact the company and its key stakeholders, including staff and shareholders.

The post-pandemic world will favor organizations collaborating in a range of areas; therefore, it is important that any new collaborations are approached with an understanding of not only the opportunities that are present, but risks that may arise due to this new relationship.

It is important that, as CROs, we seek to continue to increase our profiles and demonstrate the value we can add to our employers and all their constituents. We must not only protect the organization and its management (including, sometimes, from itself), but also provide the expertise and skills required to deliver value for the business and the broader community.

I believe the way the world responds to the current pandemic – and the role we as Chief Risk Officers play in helping businesses in this response – will be a watershed for our profession. I look forward to seeing what the next generation of risk professionals can do for a post-pandemic society.


Tags: Coronavirus/COVID-19reputation risk
Previous Post

ACA Aponix® Launches New Cybersecurity Offering, Aponix Protect™

Next Post

Using AI and ML to Detect Corruption and Fraud Schemes

Guy Underwood

Guy Underwood is the Chief Risk Officer and Board Advisor for Vital4, which specializes in AI-based global risk management screening and due diligence for a variety of compliance functions. In this capacity, he helps to ensure that the company meets its regulatory and compliance obligations, as well as helping establish the strategic direction for the organization. Guy has been in the compliance and risk management field for more than 20 years and possesses a unique understanding of the roles that data and technology can play in managing organizations’ risk environments. He is often sought out by senior management when addressing potentially serious compliance breaches or acts of fraud or corruption. Guy has held a number of risk and advisor positions for a range of companies, including as founder of Complitech, as well as developing the Enterprise Risk Management Framework for an Australian government body and a not-for-profit organization. He was also appointed to the Audit and Risk Committees of Rugby Victoria and Cycling Victoria. In his spare time, Guy is an avid runner and cyclist, participating in races across the world and fundraising for worthy causes along the way.

Related Posts

woman looking at horizon from mountain top

What’s on the Horizon for Anti-Corruption Enforcement?

February 25, 2021
cannabis leaf on $100 bill

The Intersection of EDD and Banking Cannabis

February 24, 2021
gold cup award on red background with stars

Ethisphere Announces the 2021 World’s Most Ethical Companies

February 23, 2021
illustration of hand holding flashlight illuminating hidden stairs

The Corporate Transparency Act: Pulling Back the Veil

February 23, 2021
Next Post
artificial intelligence

Using AI and ML to Detect Corruption and Fraud Schemes

Access realtime data
Addressing systemic racism in the workplace SAI Global
Dynamic Risk Assessments with Workiva
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk supply chain technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights