GRC’s Regulatory Risk support services Include:

Major deficiencies of financial firms have been attributable to failing to identify their risk exposure and complying to the regulations governing those risks – a simple risk map and control mapping could have put many firms on the right path to success.

Just because you run a large business does not mean you necessarily run greater risk. In fact, a lot of small to medium enterprises carry far greater risk than they realise and, in many cases, far greater risk than the larger firms as they are niche players. As a result, risk management is a prime concern of the regulators and all firms must be aware of its risks.  As a result, every aspect of a firm’s business demands root and branch analysis of the risks generated by that business, ranging from internal failure of personnel and systems to counterparty failure to systemic market failures.

Senior management has responsibility for the identification and management of risk. All business decisions need to be supported by risk analysis.

Risk cannot be completely avoided, but senior management must understand the risks, establish the level that the firm is prepared to undertake and ensure that it has the resources to handle them.

GRC can help by:

  • providing an objective assessment of your Firm’s risks
  • advising on the risks that your Firm faces and their potential impact on your business
  • working with you on a Risk Mitigation Programme (RMP)
  • working with you to develop your Risk Map
  • Mapping your control environment to your risk map and identify any deficiencies
  • reviewing and, where necessary, create Risk management policies and procedures in line with your business activities
  • defining your firms Risk Appetite Statement based on the collective work of you Risk Map
  • writing policies and procedures to communicate to all levels of staff the risk management processes and responsibilities run by the firm
  • From the above process risk management responsibilities are allocated and risk mandates created
  • Finally, the creation of a managerial reporting structure is defined, reporting lines delineated and risk reports delivered conforming to defined risk metrics
  • Periodic risk reports can be designed and issued completing the life cycle of risk and strengthening the Governance model of the firm.
An independent review of the firms’ applicable regulatory risks/rules across every aspect of your business is conducted
  • Do you have a rules database?
  • Is it complete?
  • Does it distinguish 1st and 2nd line ownership?
  • Is it mapped to the controls model?
  • Is all the above demonstrable?

Conduct regulatory development i.e., new regulations and their impact analysis – the firm’s risk map is a dynamic document requiring regular review and should be updated periodically as the regulatory landscape is constantly evolving, and when new business or systems are introduced. GRC can assist you by:

  • Perform analysis, and
  • Associated implementation project work
  • Change the Compliance model to adapt to new regulations
  • Perform resourcing analysis due to regulatory change requirements

Design the Control Model of the firm across all 3 lines of defense to measure the effectiveness of your regulatory programme.

Perform assurance reviews: Overall Framework, Specific subject matters, Benchmarking your programme to the market, Compliance Programme Efficiency reviews – output analysis, Regulatory visit(s)/examination(s) preparation, Section 166 reviews, Remediation projects Coaching – preparing C-suite development for senior Compliance Officers

Join our Consulting