How to overcome the Business vs. Compliance Risk Management Argument?

In this article, Jed Grant, the CEO of KYC3 shares a short thought about getting over the business versus compliance argument.

 

He also discusses managing business risk in a way that enhances the customer experience—after all, a business is nothing without its customers. By improving risk management, you can attract more business while maintaining or lowering the level of risk. Additionally, optimizing the risk assessment process leads to cost savings, which can directly benefit the bottom line.

 

Jed says,“If we look at the traditional view of risk management that we’re all familiar with, its inherent risk plus minus controls leaves you with a residual risk and that’s your risk appetite, ideally if your controls are designed properly.

 

If we look at how those things stack up according to the Wolfsberg Group and how they decide that you should or recommend that you should do this, you look at the inherent risk sources coming from clients, products, countries, channels, other aspects and you look at the controls that you can put in place in terms of governance policies, due diligence, reporting, record keeping, et cetera. 

 

And then you’re left with your residual risk which you can decide to take certain actions against or you can accept it as part of your risk appetite. But if we take a different view, the business view of risk which is the way I prefer to look at it, we have the products and services, times the markets and channels, times the customers and that equals our business.

 

If we go back, to this stack, inherent risk is the business. So when we look at that, if you look at what business is and what it is doing, business is risk for reward. And the business aims to increase these variables as much and as quickly as possible.

 

Unfortunately, if we increase these without restraint and any controls and without abandon, with total abandon, we’ll end up with too much risk potentially, which leads to accidents, unintended consequences, and possibly disaster.

 

I mean, regulatory agencies were created because businesses had taken too much risk. Initially, it was the case that customer assets held in custody would disappear because the business took too much risk.

 

And then later on in the late 80s, as we saw the Colombian drug lords move into the cocaine business and become a real problem for law enforcement, the anti-money laundering risk, and even after that, the counter-terrorist financing efforts became more and more important. So these are the types of risks that can impact the business. We’re not talking about stubbing a toe.”

 

Jed’s experience as the Former Global Head of Financial Crimes at Stripe and a senior civilian officer at NATO gives him a deep understanding of money laundering risks, ensuring that any company he works with approaches these challenges with the utmost seriousness.

 In his opinion, ”Dealing with organized crime and terrorists is something no business should want to do. So if you look at it from that perspective of the business, the products and services times the markets and channels times the customers, and the business is at risk, well, then you have this issue of how do we apply some risk management so that we can reduce the risk and keep the same amount of business? 

 

So by adopting risk management, we lower the risk of the business, but we keep the same or more amounts of products, services, markets, channels, and customers giving us the same amount of business. So how much do we have to pay the denominator in order to do that, to deliver? Where is that balance that’s gonna work to deliver the right risk management for the business? So the aim is to maximize the denominator of the equation and do that as efficiently as possible.

 

So the internal controls and external controls times the automation is how I like to look at the denominator in this updated risk equation. And one that I think is easier for business to understand, because it’s very clear that the business is on top and the risk management is on bottom as a factor to minimize the total amount of risk. 

It’s not minimizing the business.

 

The goal is to minimize the risk for the business you get out. So your internal and external controls should be as efficient as possible. 

In this regard, throwing people at those and creating manual processes is about the least efficient thing you can do.

Digital automation is what’s known in the military as a force multiplier. So force multiplier means you get to multiply your forces using automation. 

So this is really where everybody needs to strive for.

 

If you look at it, risk managers doing manual risk controls and audits using checklists, procedures, excels, filing documents, manually writing reports, this is not where you wanna go. 

 

You wanna leverage digital automation. You wanna implement and supervise an automated risk management system.

You want risk managers who know their job, who understand technology, and who can deliver an automated risk management system that requires obvious supervision and testing to have empirical proof that it is working.

 

You can automate and multiply your forces to deliver much more efficient risk management so that the denominator becomes the most cost-efficient one you can get to reduce your risk and your business can grow as much as possible for a minimum amount of risk. 

 

So if you look at that, there has to be a better way to do this, and it is possible to do that, to have a great investor experience, avoid fines, and boost the bottom line. 

 

Most companies fail because the business on top fails to take that holistic approach of the whole equation and the relationship between the denominator and the denominator in there, and the compliance and risk teams are overwhelmed with complicated assessments, manual processes, and so forth.

 

They don’t have time, and oftentimes they also lack the know-how to do a digitization effort and to automate the processes.

 

As the CEO of KYC3, Jed says, “ So who are we, and are we a good fit? 

KYC3 is a specialist in digital compliance automation, and we’re focused on alternative finance that’s looking to digitize the entire compliance process but may be struggling with the complexity and technical challenges of integrating everything in a reasonable timeframe and within budget constraints.

 

 We’re focused on the specificities of alternative investment, private equity, wealth management, and virtual asset service providers.

 

If you want to learn more about the solutions KYC3 offers and how we can help you, take our assessment quiz to see if you’re a good fit and get a price or book a call with us.

 

We look forward to talking to you soon!

Tags: No tags

Comments are closed.