The COVID-19 pandemic is disrupting global financial markets and is creating panic, uncertainty and distraction in many operations of global corporations. The severity and global scale of the crisis have impacted business resilience to a large extent, leading to businesses rushing to validate their preparedness and effectiveness during this time of crisis. The reliability and integrity of financial and operational information very much depends on strict compliance with new regulations, policy-based guidelines, and processes protecting the assets, workforce, workplace and resources necessary to conduct and sustain business. The viewpoint expressed in this document re-examines and suggests improvements to a corporate resilience framework and how to proactively take adequate measures to restore business functions in times of crisis.
The Corporate Compliance function is associated with ensuring compliance policies and coordination of organizations’ business functions based on robust integrated policy-based standard operating procedures and audit management functions, which depend on people, process and technology.
A strong Corporate Compliance framework and principles that govern risk controls are essential to report observations and manage/recommend actions related to potential non-compliance, negligence or impropriety during uncertain times.
The severity of the current COVID-19 crisis has been very profound and has led to a slowing global economy. The dollars to recover from losses for most corporations has already eclipsed the Great Recession of 2007-2009 and the dot com crash at the beginning of the 21st century. Unlike the Great Recession, that was financially centered in its origin and resolution, the COVID-19 crisis is operationally centered. This means that economic impacts from this crisis are driven by a breakdown in business operations due to health-related closures. The financial stimulus provided by governments around the globe is merely a bridge to the other side of the crisis – which is business operations recovery. Once recovery begins, GRC/IRM will provide visibility of interconnected risks (i.e. third party, digital, business continuity, health and safety, legal and ethics and compliance risks) that businesses must navigate to succeed
A Chief Compliance officer is responsible for supporting Compliance Policy management which includes sourcing/analysis of raw data and information from various regulators, legal experts, industry bodies and corporate best practices. This is to sustain organizations operational efficiency, business continuity, loss recovery and overall responsiveness to rebound from the impact of COVID–19 outbreak.
The role of Corporate Compliance Officers is increasingly important to manage the crisis, and the consequences, through a data-driven approach that identifies specific causes and executes historical review simulation to prevent risks from accelerating into high-impact levels. Below are some of the critical compliance management preparedness aspects in terms of people, process and technology.
Compliance Preparedness: Pillars of Corporate Resilience
Moving Toward Corporate Resilience: Vertical Risk Visibility – IRM
In order to be more resilient, enterprises will have to revisit their entire GRC framework as they go through this forced transformation to address the new evolving business model. What’s also important for businesses to restart, and regain, lost ground is the need to look at risks both vertically and horizontally. They will need a common risk view across operations, strategy and technology; hence, the forced shift toward Integrated Risk Management (IRM) – aided by principals such as risk-informed strategy, digital risk management and rapidly changing global ecosystems
a. Information Technology Risk and Compliance Management
The survival of an organization during this challenging time is very much in lockstep with managing information technology risk and compliance, and how effectively it shares, updates, and prioritize policies and actions to deliver interim IT operations, infrastructure availability and support.
The operational resiliency expected would be to:
b. Managing Third-Party Risk and Business Continuity Planning Management:
c. Policy and Documentation Compliance Management
d. Audit Compliance Management
Infosys -MetricStream Point of View
Although there have been pandemic threats in the past, COVID-19 is the first one to fully crystalize in many countries at the same time. As a result, there will be lessons for boards, senior managers and all three lines of defense to learn from the current situation. The stressed financial markets and the tightening liquidity have begun taking its toll on corporate balance sheets. The role of the GRC/IRM function has never been so much in the spotlight and the compliance management and operational resiliency of organizations are being tested to their limits. Thresholds in risk controls are being re-examined and compliance policy management is at the forefront of every executive’s mind. The continuous and rigorous preparedness in ensuring regulatory compliance obligations are essential to the very survival of organizations in these very challenging times and will provide a realistic path to recovery while the world grapples with the “new normal”.
For customers to rapidly adopt and upgrade their GRC/IRM offerings, Infosys and MetricStream have collaborated to launch the GRC-as-a-Service offering. GRC-as-a-Service is a unique proposition to give customers a head start in their GRC adoption and expansion journey. This digital offering from Infosys and MetricStream is a subscription model to provide risk an compliance oversight for the enterprise, allowing customers to leverage the benefits of a GRC platform and navigate through the strictest and most complex regulations. By deploying this cloud-based GRC solution, customers will gain on costs, data volumes, monitoring and maintenance.
This digital offering will help customers quickly build economies of scale through switching subscription tiers – faster ramp-up and ramp-down through a core-flex model – committed monthly costs and incremental unit pricing based on defined pricing parameters, i.e. volume of tickets, etc. This covers the cost escalation of bringing in a transparent subscription grid pricing model with clear standard operating procedures (SOP) for cost calculation and SLA metric tracking using GRC ticketing tools.
GRC Capability Model Red Book
Shanti is Associate Vice President of Partners and Alliances at MetricStream.