This year has been extremely challenging for businesses around the world. The already inundated governance, risk, and compliance (GRC) teams at organizations are further stretched thin as they try to keep up with the rapidly evolving business, cyber and ESG risks, the ever-evolving regulatory landscape, and escalating geopolitical crises.
Our recent survey with OCEG confirmed how challenged organizations are with GRC today. A large number of organizations are still relying on distributed, segmented, and separate systems for managing GRC. A meager 7% of respondents said they have “excellent” GRC capabilities today.
[For a quick look at the key takeaways of the OCEG GRC Readiness for Rapid Change Survey 2022, click here. To download the complete survey report, click here.]
What are the top concerns of businesses and regulators today? Is GRC still an afterthought? What are the new cyber challenges for companies in this new normal? Are companies going to walk the talk on ESG? Let’s find out what made it to the headlines in August – through the GRC lens.
Operational risk and resilience continue to be priority areas for regulators.
The Australian Prudential Regulation Authority (APRA) has started consulting on a new prudential standard that aims to bolster the management of operational risk in the banking, insurance, and superannuation industries. The Monetary Authority of Singapore (MAS) published a paper that sets out its expectations, good practices, and improvement areas for operational risk management at financial institutions based on its inspections of selected banks over 2020 and 2021.
In another update, Germany’s financial market regulator BaFin levied a $5.28 million fine on a leading US-based financial institution for delays in reporting voting rights notifications.
Several survey and research reports published last month underscore the importance of risk and compliance management at banks and corporations alike:
A cohort of leading cybersecurity and technology organizations, including AWS, Splunk, IBM Security, and others, have come together for an open-source effort, called the Open Cybersecurity Schema Framework (OCSF) project, to break down data silos that hamper security teams. The project aims to help organizations detect, investigate, and stop cyberattacks more quickly and effectively.
The Australian Council of Financial Regulators released a revised version of the Cyber Operational Resilience Intelligence-led Exercises framework (CORIE framework v2.0). The CORIE framework aims to support the preparation and execution of industry-wide financial sector cyber resilience exercises.
Here’s a look at the current state of cyber risk and compliance management based on recent reports:
Regulatory focus on environmental, social, and governance (ESG) aspects continues to gather steam. A joint committee of European Supervisory Authorities, namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) published the first annual report on the extent of voluntary disclosure of principal adverse impact under the Sustainable Finance Disclosure Regulation (SFDR).
It lays out a preliminary, indicative, and non-exhaustive overview of best practices and voluntary disclosures. In another update, ESMA called for a “quality label” to prevent investors from being misled by greenwashing.
In Singapore, a new initiative has been launched to set a uniform baseline for banks to engage their corporate clients on environmental risk issues. The Association of Banks in Singapore (ABS) rolled out the ABS Environmental Risk Questionnaire (ERQ), which will enable banks’ customers to collect data points and identify opportunities for financing the transition to a low-carbon economy.
In Australia, the Financial Services Council (FSC) published its guidance on Climate Risk Disclosure in Investment Management. It details a set of common baseline expectations for net-zero commitments for the investment management industry, disclosure of climate-friendly investment features, and reporting of climate change risk.
Here’s a look at the current state of ESG risk management based on recent reports:
We are gearing up to celebrate the 10th anniversary of our premier GRC event in London on November 8-9. The GRC Summit 2022 will feature keynotes from industry leaders, product innovation sessions, MetricStream customer success stories and practitioner-led case studies, deep-dive workshops, GRC journey awards, and more! To check out the complete agenda, click here.