Compliance as Risk Management element
Why Compliance is just another part of the Risk Management
Compliance as Risk Management Key Point
For last years, we are assisting an increasing number of National and International new laws, norms, and regulations in the corporate arena, and many of them, are connected with the Compliance as a new tool focused reduction and ideally, elimination of liability deviated of bad corporate practices.
We are attending to an international and permanent change in the regulatory rules, new government bodies are created, including supranational level, and the organizations are focused in addressing those new standards, thinking in follow the law to avoid penalties, and additionally watching this new paradigm, as a money cost, more than a benefit for the organisation and improvement in their business practices.
It’s the compliance part of the Corporate Risk Management?
Most specialist would agree about the real importance of the good governance and compliance programs for the prevention of reputation, financial, legal and operational risk, so we are talking about detection of threats and the right management of the risk, including the resilience plans for the worst-case scenarios, so we are talking about Risk Management when we talk about Compliance.
A very usual description of Compliance goal is the Avoiding of legal penalties, material loss, and damages to reputation and financial capabilities in the organization. Those risks are a consequence of a clear failure in the planning, training, and monitoring of the internal policies dedicated to applying the best practices according to the industry law ad regulations.
Yes, the Compliance must be part of any Corporate Risk program, interacting with all the other traditional and non-traditional elements, with or without presence of software to support and perform the task in the best ad easier way.
What is the connection between Compliance and Intelligence?
If we agree about Compliance as another element of Risk Management planning, obviously we have to understand the threats in advance, the working environment, potential risk and the adversaries (human, corporate and regulatory bodies).
The Intelligence unit fo the organization is in charge of those tasks, directly or in case of smaller companies and institutions, through externalization of services with experts of specialized firms.
The use of Artificial Intelligence (AI) in support of Intelligent Analysis to improve the Compliance programs, is experiencing a surge, because in a world with extraordinary number on data circulating through the fiber optic, it’s necessary the real-time analysis of data to reduce false positives, especially in specific industries, such banking, energy or big retail firms.
The use of non-AI could be dedicated to investigating “flagged” issues, with intensive use of HUMINT and OSINT techniques, but the initial detection will be based on AI in a very short period of time.
The software will help to categorize suspect activities and Human Resources will launch the Analysis and Counter-Measures in his case, especially talking about Money Laundering, Illegal Trade, Terrorism, and Illicit activities in general terms, but not limited to.
Some of the most common risk
- Massive Cyberattacks
- Workplace Health & Safety, including Fail in the Duty of Care for the workers
- Financial fraud via Credit card or mobile payment systems
- International regulations about consumer protection
- Attacks to the National Health Systems and Healthcare industry in general terms
- Theft Identity
- Environmental Risk
- Social Responsibility
- Quality standards failures
Compliance is Security, compliance is Risk management
Compliance, is part of the collective governance, risk management and, compliance (GRC) discipline, nothing to discuss about, those areas overlap frequently, especially in Operational Risk, Intelligence, Resilience, and Crisis Management, many organizations still needing a mentality change, adopting the modern concept of Risk Management for the better protection of their companies and institutions.
We need more action and less talk about changes, more movement forward and less anchorage in what we were doing for years, in the same ways the companies are adopting new management programs, changing from “business as usual” to “Project management” (whatever you use Prince2, PMP, Agile and so on), the organization will change from Security, GRC and Resilience to a unified Head of Risk supervising any kind of potential damage.