Maintaining Perspective: Enterprise and Compliance Risk Management

It is always interesting to watch the flow of risk management trends, particularly as they impact ethics and compliance issues.  Financial companies have been the target of regulatory enforcement actions for risk management and control deficiencies.  Citigroup and JP Morgan were two recent targets of banking regulatory enforcement actions.  We will probably see a few more banks subject to regulatory enforcement actions.

Apart from the regulatory focus, and in response to the impact of the pandemic on corporate entities, companies are renewing their focus on risk management.  An integral part of this process is compliance risks.  As I see it, the legal and compliance risk analysis is one component of an overall enterprise risk management process.

Enterprise risk management is a broad process that takes into account a variety of risks to an organization – for example, a pandemic, a natural disaster (e.g. earthquake, hurricane or flooding) or other “Act of God” could cause serious disruption to a company’s operations and have a severe economic impact on the business.  Companies are devoting more attention to these issues, and rightfully so, given the impact that such occurrences can have. 

COVID-19 has underscored the importance of enterprise risk management.  Many companies conduct an ERM assessment by soliciting input from key functions throughout the organization in order to provide a specific perspective.  Some companies have a formalized procedure for conducting this analysis, while other companies secure informal input.  Given the importance of this analysis, companies need to devote more attention to securing reliable information, rather than just off-the-cuff, informal opinions from key functions. 

To bring some rigor to the process, a specific set of questions and parameters needs to be adopted so that everyone involved in the process is speaking the same language.  I have seen risk managers sift through a set of opinionated response to try to score and make sense of the responses as the basis for a formal risk management assessment.

Compliance risks is just one of many risks that a company faces in today’s global economy.  The impact of an FCPA investigation and enforcement action is certainly significant but pales in comparison to COVID-19 and the severe damage resulting to many companies that were unable to operate, or had to continue its operations with major adjustments or limitations.

I am not belittling legal and compliance risks but in the face of environmental disasters and other catastrophic events, legal and compliance risks, which should be assessed, need to be weighted by a healthy perspective on impact to an organization.

An accurate ERM process is critical for any organization.  Based on the ERM analysis, companies have to develop contingency plans and take affirmative steps to mitigate risks.  For example, if a company manufactures a key component in one location which may be subject to weather events, risk managers have to identify alternative solutions for a weather event impact on such manufacturing. COVID-19 uncovered a vast set of supply chain and distribution risks that company’s face. As a result, companies are now reassessing their ERM procedures to develop appropriate contingency and crisis management problems.

In response to recent events and economic disruptions, organizations have to revisit their ERM process and adopt a more accurate and robust process.  Compliance professionals can be very helpful to this process.  Compliance officers are familiar with risk, mitigation and gap analysis processes and their expertise should be incorporate into the improvement of an organization’s ERM risk management.  Bringing risk expertise together in an organization is a critical and important initial step before responsive critical response strategies can be developed.

You may also like...

2 Responses

  1. Dennis Myhre says:

    Mr. Volkov,

    I agree that companies have to develop contingency plans and take affirmative steps to mitigate risks. During the financial crisis of 2008, the focus for managing risk by financial institutions was to implement a newly designed Enterprise Risk Management (ERM). Corporate Governance, which typically included some degree of ethics and integrity, was reborn, unfortunately, to include an acceptable layer of criminal behavior.

    “Risk versus Reward” was the passphrase for most C-Suite’s at that time. Tom Stanton, a former staff member of the Financial Crisis Inquiry Commission, and a lawyer in Washington, D.C., advocated for enterprise risk management in a video on the subject of ERM, but he overlooked the issue of ethics and integrity. Had every corporate officer he described in his narrative had the moral integrity and ethics required for the positions they held, none of the “disasters” he described would have happened.

    ERM is, and has been, a gross mistake for corporations. Corporations must include, in large part, a preponderance of integrity and ethics in their corporate governance plans to survive. Our country was built on ethics and integrity. During the past decade, individuals in positions of authority, in government and business, have turned their backs on those factors. We need change, and I disagree that ERM is the answer during times of disaster, because the wrong individuals pay the cost of corporate mistakes.

    .

  2. Dennis Myhre says:

    Mr. Volkov,

    I agree that companies have to develop contingency plans and take affirmative steps to mitigate risks. During the financial crisis of 2008, the focus for managing risk by financial institutions was to implement a newly designed Enterprise Risk Management (ERM). Corporate Governance, which typically included some degree of ethics and integrity, was reborn, unfortunately, to include an acceptable layer of criminal behavior.

    “Risk versus Reward” was the passphrase for most C-Suite’s at that time. Corporations must include, in large part, a preponderance of integrity and ethics in their corporate governance plans to survive. Our country was built on ethics and integrity. During the past decade, individuals in positions of authority, in government and business, have turned their backs on those factors. ERM, in proper perspective, as your post clearly shows, is beneficial. Along with ERM, however, Corporations must engage ethical and moral decision making practices and not pass their financial fiascos to innocent victims.

    .