US - ENSearch

Choose Your Language:

Talent Community
large pillars


Governance, Risk and Compliance in the Age of COVID-19

Even before coronavirus struck, decision-makers across a broad range of industries recognized the strategic value of a sturdy governance, risk and compliance approach.

But with a massive infusion of economic uncertainty, that need is now existential. Governance, risk and compliance is no longer a long-term, proactive strategy for finding more accurate and actionable projections — it’s a life raft for businesses.

           Governance, risk and compliance is no longer a long-term, proactive strategy for finding more accurate and actionable projections — it’s a life raft for businesses.

We spoke to Karl Kimball, a longtime executive banking officer who now serves as an advisor for Aston Carter’s Governance, Risk & Compliance services, to understand more about how companies can move forward through an economic, political and operational environment littered with unseen obstacles.

Transitioning to a “Risk First” Approach to Planning

Solid governance, risk and compliance practices are like good headlights on a car — without a clear view of conditions ahead, your business can only go so fast.

While individual business needs may result in vastly different priorities, proper risk management planning focuses organizational resources on planning for events with the right mix of impact and likelihood. These can range from vendor and financial crime risks to regulatory and government program changes.

Getting it right is more important than ever.

“We’re seeing companies with a firm basis in risk and compliance best practices pull away,” says Kimball. “Navigating this crisis is the new chief source of shareholder value. You have to avoid Chapter 11 before you can do anything else.”

Assessing Your Governance, Risk and Compliance Needs

Governance, risk and compliance maturity can vary from business to business, but everybody’s at least a little behind the eight-ball at the moment.

“Surveys of self-assessments show that most businesses are lagging behind their ideal state,” says Kimball. This is only natural in an environment that’s introduced more change than most organizations can handle.

A thorough audit of your current risk and compliance state is the first step forward. “From there,” says Kimball, “you can build a plan to bolster strength and get where you want to be.”

Each business will find its own set of challenges, but in all cases, a rigorous assessment should include an audit of your current staff’s expertise to understand which specific areas could be better addressed by drawing on outside governance, risk and compliance talent.

Using Governance, Risk and Compliance Inputs for Change Management

After a risk-based assessment phase, the next step is to formulate a management plan for the most pressing changes. This can be a challenging task, as it often means standing up new and unfamiliar capabilities.

For example, instituting a financial crime protection system might be a suddenly pressing need. To understand what’s involved in such an implementation, you’ll need to work with people who have experience in that area.

Change management can also mean augmenting current activity to incorporate a more risk-based outlook.

Your organization may now be using the wrong calculators to make key decisions about matters like viable credit extension, platform liability or asset ownership. Depending on current resources, a remodeling process may require additional staffing or consulting help.

Shoring up Operational Capacity for Governance, Risk and Compliance Outputs

Of course, for any new risk-based capabilities to take root and drive value, businesses also need to install some degree of operational resourcing.

If, for example, you adopt a financial crime protection system for mitigating security risks, the post-implementation state may also require additional caseworkers.

“You have to look at the capabilities of your staff, and ask if the current state is a permanent or temporary crisis before you can adequately address your operational needs,” says Kimball.

There may be multiple ways to address the operational component of a risk-based strategy. Upskilling your current staff and hiring to address their backlog of transactional operations may be a cost-effective option.

Understanding Resource Availability for Governance, Risk and Compliance Activity

The talent pool for workers with governance, risk and compliance skills was tight before COVID-19, and it’s even tighter now. Plus, with many businesses taking a wait-and-see approach to governmental regulations, Kimball anticipates a hiring crunch soon.

Resource availability will be a key issue, and early movers will come out ahead. Especially with regard to compliance issues, says Kimball, “The penalty for inaction can be massive.”

“As soon as you have an idea of which priorities you’ll need to address,” says Kimball, “you’ll want to take active steps to bolster your framework and infrastructure.” The right partner can help you get teams aligned, shore up processes and get forearmed with knowledge about the talent market.

Getting ahead of upcoming challenges is the name of the game in governance, risk and compliance, and the potential rewards for doing so are greater now than at any point in the recent past.

“As the economy starts to return, equity will go into business models that had been functioning well and are positioned to return from the disruption,” says Kimball. “We’ll see the money flow back.”

What businesses do now to prepare for what’s ahead — by turning on the high-beams of sound risk and compliance practice — will be the key difference-maker in that recovery phase.

To start a conversation about a risk-based consulting and talent strategy that best fits the preparations you need to make, reach out to Aston Carter.