The real concerns - regulation and technology

01 October 2015 Eugene van Rensburg, IRESS

Financial institutions and professionals are feeling the pressure from investors, customers and regulators scrutinising the manner in which they conduct their business and what they are doing to protect their customers.

This has made the management of organisations particularly difficult and risky for Chief Executive Officers (CEOs) and Board of Directors. Financial institution business models are being challenged and shaped by increased and constantly changing financial sector regulation, more demanding and better informed customers and an ever increasingly complex digitally interconnected environment.

Consequence of one wrong move

Over the last couple of years, there have been many large scale examples of regulatory penalties being imposed on financial institutions for lack of compliance or lack of effective processes and procedures in place to comply with the regulatory environment.

In April 2014, one media outlet reported that the four big banks in South Africa were fined R125 million by the South African Reserve Bank (SARB) for the lack of effective anti-money laundering measures. Litigation costs have increased significantly and have become a part of doing business for financial institutions globally. The Boston Consulting Group, in their report “Global Wealth 2015: Winning the Growth Game” reported that six leading US banks and 12 large European banks incurred litigation costs totalling $178 billion in the period 2009 to 2014 pertaining to regulatory fines and settlements surpassing $50 million.

Evaluating risk factors

When evaluating business risk it is important to understand and evaluate it within context. The first context is risk while engaging with external clients or stakeholders of the organisation; and the second context pertains to risks while performing the internal operational functions of the business.

Each of these have separate complimentary and overlapping governance and legislative compliance requirements to take into account when planning the operational roll out of a business strategy.

The risk categories to be considered for each of these include: human resource, financial, information technology (IT), regulatory / compliance, physical, credit, market, operational, currency, political, social, economic and reputational risks.

Some of these risks are controllable by the organisation, whereas others are driven by external factors. Where the organisation is able to control the processes or resources that could result in an uncertain risk event, it is possible to put policies, processes and systems in place to report on and mitigate, and possibly avoid, risk events.

When facing externally driven risks, organisations need to put transparent risk appetite and tolerance policies in place to respond effectively to these uncertain events.

When evaluating internal controllable and external non-controllable risks, it is also imperative that the organisation identifies the systemic nature of these possible risk events and understand the interrelatedness and causal nature of risk events on other possible uncertain risk events.

A simple framework for managing risks would involve describing and categorising risk in the following manner.

Identify and describe the potential risk event detailing:

1. The type of risk or potential loss;
2. The potential impact or probability of the risk;
3. Mitigation strategies for the risk, which include: avoidance, mitigation, transfer or internalised custody;
4. Remediation strategies for dealing with the risk; and
5. Monitoring, reporting and reviewing of risks using processes and systems.

Standard for good governance

Once management has been able to articulate the potential risk event universe, they are able to prioritise these in terms of the potential impact and probability of an event occurring in a low / medium / high risk matrix. The matrix would therefore highlight the potential high risk items as those corresponding to high impact and high probability.

Once the prioritisation has been completed, it is important to put the internal policies and procedures in place that enable effective mitigation, management, monitoring and reporting of these high risk events as a minimum standard for good governance.

The risk management and mitigation strategies available to an organisation will include company policies, defined processes and procedures including monitoring and reporting, clear segregation of duties, insurances (e.g. key man insurance, professional indemnity insurance, fidelity guarantees), transparent risk management plans including people resource training, engendering a risk-aware culture and encouraging risk reporting.

Efficient workflow processes

Equipped with a clear view of the potential risks and the mitigating strategies, the organisation is able to clearly identify the work flow processes that need to be put in place and monitored to enable effective risk management. Once the business has invested the time to go through this process, the IT strategy is able to define and implement the systems workflows and technology tools required. Reliance on automated systems has its own inherent risk elements and is exposed to human error. When planning and implementing IT solutions, it is important to acknowledge and address this while embracing technology for its ability to efficiently manage, automate and report on regulatory compliant and business value generating activities.

It is imperative that financial institutions are able to improve their operational efficiencies within their specific regulatory environments. This is achieved by developing and investing in their IT capabilities to deliver consistent, regulatory compliant and user centric work flow systems. The CEO and Board of Directors of an organisation is well advised to ensure alignment of the information technology strategy to the business strategy in delivering efficient simple business activities at the same time as enhancing the effectiveness of complex processes and work flows within the organisation’s regulatory environment.

Executed well, this enables organisations to not only address business risk but also leverage the core competencies of the organisation in delivering value to clients and stakeholders as their competitive advantage.

Quick Polls


We have watched with interest as each of the country’s large life insurers report their 2021 life claims statistics, with soaring claims and claims values. That got us thinking: how do the big life insurers compare against one another, from an IFA perspective?


An insurer is an insurer is an insurer
All are excellent: would not deal with them otherwise
There is one insurance brand that stands out for me
Tied agent: but my brand is the best out there
fanews magazine
FAnews June 2022 Get the latest issue of FAnews

This month's headlines

A free smoothie does not make a loyal customer
Consequential loss policy court cases
Everything you need to know about death, disability and severe illness cover post-emigration
Are advisers doing all they can for clients’ portfolios?
Financial advisers need help - navigating the complex ESG fund environment
Subscribe now