“The Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) have fined Goldman Sachs International (GSI) a total of £96.6 million (US$126 million) for risk management failures connected to 1Malaysia Development Berhad (1MDB) and its role in three fund raising transactions for 1MDB.” Check full article here
Ian Wilson (Director - Sales UK & Europe at TriLineGRC), shares that “with recent shifts in the world, regulatory changes are constant. And with increasing levels of enforcement, the risks of non-compliance to your bottom-line, and reputation, are greater than ever.”
Therefore, organisations should be able to provide solid and tangible evidence of strong risk management and governance control.
In the case of Goldman Sachs International, they failed to assess and manage the risk to the standard that was required given the high risk profile of 1MDB transactions. Further, they failed to assess risk factors on a sufficiently holistic basis.
GSI also failed to address allegations of bribery in 2013 and failed to manage allegations of misconduct in connection with 1MDB in 2015.
In another recent case U.S federal banking regulators will fine Citibank US$400 million for shortcomings in its risk management and internal controls processes.
“Per the order, Citi's board will have 120 days to submit a plan for how it will oversee the required improvements, including how it will hold senior management accountable for executing remediation plans and how it will ensure senior managers' incentive pay is aligned with risk management incentives. In that time, the bank must also do a "gap analysis" of the changes necessary to its enterprise-wide risk management framework and internal controls systems with regard to three areas — capital planning, liquidity risk management and compliance risk management — before making a plan to address those gaps.” Check full article here
Within both these failures, one of the key themes that has led to punitive action is not the lack of a Risk Management framework, or internal policies and procedures, but the ability to effectively oversee the real world, day-to-day, application of these frameworks.
Questions to consider in addressing risk management failures:
How can technology be utilised to automate as much of the risk management process as possible - without losing oversight?
How can I demonstrate that I comply with regulatory requirements promptly without substantial manual processing and remediation work?
What is the future of risk management in this regulatory environment?
How can I be confident that I have all of the information I need, at hand, in order to make effective risk based decision?
TriLine GRC's suite of fully integrated modules allows for risks, compliance tasks and events to be aggregated, separated and interlinked - thus ensuring that any risk event, or compliance breach, immediately adjusts the impact on related risks and triggers necessary tasks, and escalations, to ensure that your view of Risk is real time, real world and accurate.
To learn more, please complete the form and we'd be happy to demonstrate to you what the future of Risk Management holds.