The governance, risk, and compliance (GRC) landscape that financial institutions must navigate is complex and ever-changing. As a result, banks must stay on top of new regulatory and compliance challenges, while continuing to provide always-available services to their customers.
We recently gathered GRC leaders in banking to discuss their challenges, trends, and tips for the evolving banking regulatory and compliance ecosystem. Read on to learn valuable insights that can help you create, update, or transform your GRC program.
Meet Our Expert Panelists
Our panelists work throughout the banking industry and are directly involved in the GRC programs at their organizations. Let’s meet our experts before diving into what we learned from them:
Laura Buckley, SVP Tech Risk & Compliance at Cadence Bank
Ron Fox, Chief Compliance Officer at United Community Bank
Jake VanDaalwyk, SVP, Director of ERM and Corporate Risk Strategy at Associated Bank
Key Takeaways from Our Panelists
Our expert panelists dove deep into methodologies and tactics involved with maturing, scaling, and automating banks’ GRC programs. What can you learn from them to help prepare your GRC program for the future?
We’ve distilled their advice and experiences into four actionable takeaways, ranging from evolving banking regulations to embracing agility throughout the organization. Let’s explore what they had to say.
Takeaway #1: Replace Manual, In-House Processes with Advanced GRC Solutions
As a GRC and banking industry leader, Jake VanDaalwyk from Associated Bank often sees mid-size banks struggling to keep pace with changing business needs. Home-grown, in-house solutions that worked well in the past quickly become barriers to growth as the organization scales its business.
The COVID-19 pandemic further highlighted the flaws of these solutions, as they are dependent on manual processes to stay on top of new regulations.
When assessing GRC technology, Jake sees banks asking vendors, “what can your platform do?” The result is continuously a platform with plenty of features, but those features do not meet their needs.
To combat this problem, Jake recommends embracing a new mindset and instead saying, “Here’s what we need from your platform.” Look past the bells and whistles and focus on how it will address specific compliance management needs.
As Ron Fox put it, “If you were using spreadsheets before the pandemic, you got through it with significant Herculean manual efforts.” Ron shared that banks must find a flexible GRC solution that can be tailored to your needs and merge with IT workflows.
Takeaway #2: The Importance of Recognizing and Responding to Regulatory Changes
Regulatory compliance in the banking industry is changing rapidly, and more changes are inevitably on the horizon.
Ron Fox discussed the importance of having the right technology in place to understand and address these changes effectively. For example, organizations dependent on sending emails will likely have a low margin of success. In contrast, those with a robust risk management process can work directly with leaders to meet new regulatory requirements. He highlighted how all financial organizations must continually assess risks and adapt to manage those risks.
Ron shed light on the growth of fintechs and how they’ve experienced increased regulatory focus, such as FDIC’s new NSF guidance. Fintechs must be aware of applicable regulatory changes and make the necessary changes before they’re penalized. Therefore, it’s essential to scan regulations for changes, understand how they apply, and make organizational changes to stay compliant.
Hybrid work has led to new regulations and security concerns for financial institutions. Laura Buckley discussed how Cadence Bank had to quickly adapt to accommodate remote workers with the proper hardware and software, which permanently changed the risk landscape. They had to ensure security for hybrid workers, which meant evaluating the cybersecurity posture of third-party vendors.
Laura shares that banks are not operating in a vacuum and have increasingly relied on third parties. And that means sending new third-party vendor assessments, often on the fly. Third-party risk management is vital for both meeting evolving regulatory requirements and ensuring security.
Takeaway #3: Cyber Risk Takes Center Stage
Cybersecurity has become exceedingly important as cybercrime exploded during the pandemic, and it’s not slowing down. And this means regulators are paying more attention to cyber risk. It’s never been more important to assess risks and communicate them to leadership to prioritize and establish mitigation strategies effectively.
For example, SolarWinds and Log4j required all financial institutions to understand their exposure to protect IT assets adequately. As a result, banks reliant on emails and spreadsheets suddenly faced a monumental task. Conversely, organizations with modern GRC platforms, effective controls management, and streamlined third-party risk management could hone in on vulnerabilities and quickly implement new controls.
Laura advises banks to use an industry-recognized framework to establish or improve their cybersecurity posture, such as NIST CSF. Using a framework both guides your efforts and makes taking risks to leadership more straightforward. In addition, NIST CSF helps communicate specific strategies in a language that non-technical people can understand.
Executive buy-in is crucial, but even with the right language, it’s often difficult when you only discuss risks. Instead, aligning risks with business objectives and using automated tools to translate those risks into dollars helps earn executive support.
Once executives understand the business impact of financial risk management, they can help communicate changes to the rest of the organization, improving cross-departmental collaboration to protect the entire company.
Takeaway #4: Agility is Essential
Financial compliance has never been completely static, but now, it’s more dynamic than ever. As a result, banks must have GRC programs that enable the agility necessary to stay compliant and make strategic business decisions to manage risks.
Laura shares how financial institutions of all sizes need to embrace change and prioritize agility. Companies must continually ask, “What’s the biggest risk we face today?” It’s vital to always protect data and deliver services, and without agility, both are at risk.
Ron highlighted that banks need to streamline the entire GRC process to understand new regulatory requirements quickly and make necessary organizational changes. Making sense of how new or updated regulations apply to your business is unnecessarily complicated when reliant on manual processes, but the right GRC platform can simplify the process.
Jake saw how lack of agility was highlighted during the pandemic, as emails and spreadsheets quickly slowed down GRC processes. As risks continue to grow and evolve, he emphasized the importance of evaluating new solutions to embrace automated processes and reduce redundancies
LogicGate Helps Banks Adapt as GRC Evolves
Regulations and risks facing financial institutions have changed rapidly in recent years. Our experts agree that this trend will likely continue, and the need for GRC in banking will continue to evolve. Banks must embrace agility to remain compliant and protect consumers.
Adopting an agile GRC solution enables your financial organization to monitor risks and new regulatory requirements continually. LogicGate’s Risk Cloud® provides a customizable platform to keep you compliant, stay on top of regulations, and effectively manage risks.
Ready to transform your GRC program? Schedule a demo today to talk to a compliance expert and discover how Risk Cloud can prepare your bank for the future.