With the onslaught of post-crisis financial regulation showing no sign of abating – and many new rules only now developing real momentum – it can be difficult to keep abreast of the continual updates, amendments and cross-border clarifications, let alone act on them.
Brian Gregory, regional vice-president for non-financial risk and GRC (governance, risk and compliance) at Wolters Kluwer Financial Services, says firms need a quick way of understanding the impact of changes to regulation: "They want to know that if [the Basel Committee on Banking Supervision] changed the rules on the capital adequacy tests, which of their business units will be impacted and which controls do they currently have in place or need to implement that ensures they meet those requirements."
Minneapolis-based Wolters Kluwer Financial Services, the winner of Operational Risk's op risk product award, has had a busy year with the launch of its OneSumX brand – a suite that comprises four solutions: finance, risk and reporting; financial crime control; audit management; and GRC.
The financial services provider decided to do away with existing brand solutions – including ARC Logics, CRN, Wiz Sentri, Examiner, Summix, RiskPro, RegPro, Financial Studio, Svenson, BankReg and IS2 – and combine them into a single planning system, which clients say gives them a more consolidated view across all business units of a firm. Such an approach should increase organisational profitability, efficiency and growth, according to the company.
OneSumX GRC helps clients understand how regulatory change – both current and expected – will affect them, and the workflow tools allow them to manage those changes. "The idea is that from a single platform we're providing board members and senior managers with a view of the governance that surrounds how they address risk," says Gregory.
Automated intensive review and assessment processes capture and report on losses, breaches and control failures, and the service also aggregates risks and ensures all issues are managed to closure.
The product started life with a strong focus on operational risk, explains Gregory. "But this has evolved as our customers start breaking down their risk siloes and seek an appropriate governance solution."
As banks and other financial institutions grew in size and market activity throughout the boom years of the early 2000s, their business lines developed progressively without any "looking over the fence", says Gregory. "If op risk is about ensuring you have the right policies and procedures in place, it was surprising to see operational risk teams independent from the team looking after IT governance or a team looking after Sarbanes-Oxley compliance," he says. "The fact that operational risk is highly connected with other parts of the business has really started to come through in the last 12-18 months."
Over the last few years, GRC programmes have put managers in a position where they can step back and assess the interconnectedness of risk types across business activities, he says. Wolters Kluwer's new GRC offering will also help firms assign risk management responsibility and accountability within the business, which will alleviate regulatory pressure points such as the UK Senior Managers Regime.
Under the new regime, due to come into force on March 7, 2016, firms will need to draw up responsibility maps, enforce certification and conduct rules, and maintain evidence of all actions. The rules caused alarm at many firms when first introduced as they put senior managers under a reverse burden of proof in the event of suspected wrongdoing or system failure. That part of the legislation has now been diluted by the UK Treasury, which announced on October 15 that senior managers would be subject instead to a "duty of responsibility" clause. The change – an example of a policy U-turn that companies need to keep on top of – means it will be back to the regulator to prove reasonable steps to prevent regulatory breaches were not taken.
Gregory says that Wolters Kluwer, which has an almost exclusive focus on the financial sector and over 160 years' experience in the information services and publishing industry, has with OneSumX responded to clients' need for a solution that helps them take a "forward looking approach" to managing their compliance and risk culture.
New elements in Wolters Kluwer's offering include adding structure to the collection of data and regulatory guidance. Curators find content published by regulators or legislators – such as announcements of changes, policy statements, consultation papers or speeches – as well as other industry commentary and articles which are tagged and loaded into the GRC solution.
It is up to the bank to ensure appropriate capture mechanisms are in place for that information, including who will receive the alert and push the information through the business accordingly, using the workflow engine. "They then have evidence of what changes have happened on the legislative or regulatory side, and what they've done as a result of that. OneSumX ensures firms have control over those changes, and identifies if no action has been taken," says Gregory.
Another add-on to previous incarnations is the "visualiser", which lets users choose from a whole range of key determinants – such as a new regulation or a risk failure – and generates a graphic that displays how that risk relates to other aspects of the clients' business. "It's a quick way of understanding the impact of those risk failures and changes to regulations."