(MENAFN- Khaleej Times) GRC (governance, risk and compliance) is an organisation's integrated approach to governance, risk and compliance; typically encompasses activities such as governance, enterprise risk management (ERM), internal controls, regulatory compliance and internal audit. GRC improves the alignment of risk activities to the strategic objectives of the business.
Companies are now being forced to align in order to close gaps and eliminate overlaps, while focusing on the risks that matter and create value. The fines, penalties and settlements face by global financial institutions recently have remphasised the importance of regulatory compliance dimension of GRC framework. The key trends, which are impacting the banking environment include macroeconomic developments, market developments, technology developments, cyber security incidents and changes in legislation and regulation. The global governance had got redefined after the crisis and has an impact on corporate governance. The failures of Lehman & Madoff has indicated how corporate governance failure can contribute to systemic risks. The financial markets have become gambling grounds and individual regulatory systems have be revamped to better monitor threats to the whole financial system. Economies, institutions and individuals need to follow governance. It can be called corporate governance for institutions, and global governance for economies. Individuals are affected by corporate governance and global governance due to the links with institutions and economies, respectively. The Anglo-American model of corporate governance is being promoted as the global standard. However, there is no one size fit all corporate governance approach. In the current environment, there has been an increased focus on GRC to ensure that how these three functions integrate and work closely to increase their effectiveness. GRC framework should be realigned to address challenges arising from changing market dynamics. Risk management, remuneration and incentive systems, board skills and independence and shareholder engagement are the key areas which had been revisited after the global financial crisis. The board should review and provide guidance about the alignment of corporate strategy with risk appetite and the internal risk management structure. Steps must be taken to ensure that remuneration is established through an explicit governance process. Transparency needs to be improved beyond disclosure. The functions of chief executive officer and chair of the board of directors are separated. Shareholders should be proactive. Institutional investors should be encouraged from acting together in individual shareholders meeting provided that they do not intend to obtain the control of the company. It is crucial to ensure that the legal group has clearly understood its role in the GRC frameworks. Traditional GRC technology solutions in banking environment were aimed at providing organisations with a single issue solution, but nowadays leading companies utilise GRC technologies for multiple purposes such as audit management, regulatory compliance, IT governance, performance improvement and policy management. Therefore integration, central databases and reusability are more important than in the past. GRC technology offers solutions to fully integrated governance, risk management, compliance and process improvement. The key evolving areas in board room excellence models are integrity, assistance of board committees, board diversity and governance framework. An effective board is concerned about integrity inside and outside the boardroom. Integrity at the Board level can be measured by evaluating key governance elements against attributes such as skills and knowledge, process, information and board behaviour. Boards can have multi-year succession plans and Nominating committees should map out future board retirements and design systematic approach to board searches. Remuneration committee can broaden the pool of independent directors and also invest in their training. Basel 3 has revised the governance framework taking into consideration the key areas which required attention after crisis. Capital markets, especially since the recent financial markets crises, are paying closer attention to governance systems and how organisations manage risks and demonstrate compliance. Rating agencies have expanded their assessments to include more qualitative factors around governance, risk and compliance; with the belief that better governance and management of risk can lead to more certainty around the achievement of business objectives which in turn can increase business value. On the whole GRC integration is the key to protect business values and promote business performance. The writer is the group CEO of Doha Bank. Views expressed are his own and do not reflect the newspaper's policy.