SAS Institute’s Annual International Benchmark survey 2007, on Enterprise Risk Management in the financial sector, found that only 26% of businesses had a well-formulated risk management strategy, suggesting a “compliance fatigue” effect. Although compliance may be a difficult issue to resolve, it is essential to improve overall performance and should be addressed by organizations at board level.
A survey on Enterprise Risk Management has revealed a lack of compliance among organizations.
Enterprise Risk Management (ERM) refers to an all-encompassing approach to risk management which should be supported by a strategic and coherent policy. ERM solutions, in turn, enable large organizations to adopt enterprise-wide processes towards managing risks.
The survey results show that many financial companies still have some way to go to achieve real ERM. Their existing solutions often address one area of risk only; for example for payment cards, this could mean that debit card fraud is dealt with by a system in one department, and credit card fraud by another, not only in a different department but another office altogether. This kind of fragmented approach towards risks leads to disjointed processes and duplication of work, and can even increase risks if communication between departments fails.
In the financial sector, compliance fatigue is an interesting side effect of the many rules and regulations that have hit most industries in recent years, which were designed to improve market integrity and achieve regulatory harmonization. However, as the number of laws and regulations increase, so will the cost and complexity of compliance.
Risk management can no longer be left in the hands of experts in isolation; senior executives and managers need to take an active role in the process. In addition, risk management needs to encompass all areas of the organization, including executive, managerial, and operational levels.
This may be difficult to achieve but the rewards in terms of return on investment will be great. The issue of compliance fatigue can be dealt with if a more holistic and proactive approach is taken towards compliance, with objectives established and a culture developed that is generally more knowledgeable and aware of requirements.
Surprisingly, in many organizations compliance is no longer a board-level concern. This may well be because the compliance issue has been facing both private and public sector organizations for many years now, and therefore it has dropped off the radar of many CEOs. ERM requires board-level support and compliance should be a regular item on the agenda at C-level executive meetings.