Top priorities for risk and compliance organizations in 2024

  • February 21, 2024
1415806_GRC_Blog_420x250.jpg

In addition to the usual preparations for new and evolving regulations, institutions enter each year with a clear focus on completing necessary initiatives and aligning them with overall firm objectives. This holds true for risk management and compliance organizations as well. In addition, tighter budgets and evolving labor and organizational dynamics continue to drive the need to plan for increased investments in technology.

What’s driving the change

Over the past year, economic challenges have prompted the need for expense reduction. However, banks are also facing increased regulatory scrutiny regarding consumer safeguards and effective risk management. This calls for ongoing innovation in internal risk and compliance practices. According to a recent report, spending on risk management is projected to rise by 14.3% this year, reaching a total of $215 billion. This statistic underscores the importance of prioritizing investments in risk management to meet regulatory requirements and enable long-term stability. Additionally, regulatory actions and control failures in several of the top financial institutions in the U.S. reinforce supervisory oversight from regulators, driving heightened scrutiny. As a result, the development of governance, risk, financial services and beyond.

Risk and compliance organizations strongly emphasize leveraging technology and automation to optimize risk and control management, all while minimizing operational expenses. Their primary objectives revolve around anticipating emerging risks, proactively addressing self-identified and regulatory issues and mitigating potential reputational or financial harm. By adopting these strategies, these organizations tackle current macroeconomic and regulatory challenges and establish a scalable framework that safeguards against internal and external threats.

Four key priorities for Risk Management and Compliance Organizations in 2024

We'll delve deeper into these critical priorities and explore how technology-driven solutions allow Risk and Compliance organizations to navigate the ever-evolving landscape while empowering leaders to enhance more protective measures.

1. Evolution of governance, risk and compliance (GRC) ecosystems.
Legacy enterprise GRC platforms may lag in areas with dynamic needs and changing regulations, such as third-party risk management (TPRM), AI oversight and controls testing. There's a significant opportunity to revolutionize the approach to GRC integration within enterprises by leveraging a centralized platform as an orchestration tool. This approach allows for incorporating advanced point solutions that effectively address business needs and meet regulatory requirements. According to Stanford University’s 2023 AI Index Report, half of surveyed organizations have adopted AI into at least one business unit or function. With AI's widespread adoption, we expect organizations to increase their focus on TPRM and AI Governance. Legacy GRC is likely to struggle to keep up with the needs of these emerging risks. Many newer platforms have started integrating more automation and AI to support this business case, including ProcessUnity, which can significantly speed up onboarding and assessments, reducing risk and improving business outcomes.

2. Conducting a risk control self-assessment (RCSA)
Lack of confidence in the identification of risks and associated controls is causing greater scrutiny from regulators, leading to more findings and greater fines. 2023 witnessed a wave of regulatory action in response to bank failures, market volatility and technological innovation, pushing organizations to consider a more critical approach to risk identification and control management. Institutions are prioritizing driving RCSA and must do it more comprehensively and efficiently to demonstrate better understanding and control over existing and emerging risks. Particularly for organizations that haven't conducted an RCSA recently or have had material changes to their operating models, the RCSA is one of the most important activities for organizations to take in 2024. Organizations should use this opportunity to build a scalable and sustainable RCSA program that leverages the right technologies and operating model.

3. Manual controls and sample testing
Institutions have typically created manual controls and manual testing practices to close known control gaps. These are expensive and create their own risks. New and emerging technologies create opportunities for further automation of controls and full-population testing vs sample-based, which regulators may move to in the future. The cost of compliance is an essential marker for organizations to keep track of and fully understand to stay nimble while scaling these activities to reduce cost.

4. Issue resolution (self-identified, MRA, consent order)
No institution wants to allocate valuable time and financial resources towards resolving internal findings or, worse yet, regulatory matters. Not only does this consume the capacity of the many stakeholders involved, but it also inadvertently erodes organizational culture. When numerous issues persist, a lack of prioritization strategies and resourcing challenges often hinder progress, leading to potential reputational and financial harm. However, in today's technological landscape, organizations can leverage advanced data analytics tools to streamline and cost-effectively address these issues.

Future-proof your organization

In today's business landscape, scaling Risk Management and Compliance teams in line with company growth becomes increasingly challenging, particularly when inefficiencies persist. To address this issue, organizations must prioritize optimization efforts to enhance team capacity. By doing so, these teams can fully dedicate themselves to their core responsibilities: identifying emerging risks and implementing effective controls to safeguard the company against internal and external threats.

Our mission is to help clients navigate the complex and evolving landscape of risk and compliance, and drive outcomes that enhance their performance and profitability. We're passionate about solving challenging problems, creating innovative solutions and building lasting relationships with clients and stakeholders.

If you are interested in learning more about NTT DATA’s Risk and Compliance capabilities, contact us for more information.

Subscribe to our blog

ribbon-logo-dark
Arsen Headshot.jfif
Arsen Aslanyants

As the Risk and Compliance Practice Leader at NTT DATA, Arsen brings over 13 years of experience across risk management, compliance and resolution of regulatory matters within financial services. His team has a proven track record and extensive experience in delivering small to large-scale initiatives, which results in achieving client-focused results that continually exceed expectations.

 

Related Blog Posts