Keeping Risk & Compliance Teams in Harmony

August 29, 2024

Originally published in FinTech Global and RegTech Analyst on August 16, 2024. 

Although it may seem that compliance and risk teams struggle to harmonize because they have very different organizational goals and perspectives, their motivations are essentially the same. Compliance teams are focused on meeting their organization’s compliance obligations, while risk teams want to manage the effect of uncertainties on the organization’s obligations and objectives. Recognizing the overlap between the two is the key to working together cohesively and achieving success.

Understanding Each Other

Compliance teams are focused on ensuring the business operates in accordance with all applicable laws, regulations, industry stands and internal policies, and the world of compliance is black and white – you’re either in compliance or you aren’t. And if you aren’t, then you can potentially face negative consequences. For those working in compliance, it can be hard to accept gray areas.

Risk teams are focused on protecting the organization from the impact of events, incidents. and potential liabilities. They deal with every aspect of the business and communicate with every department as they build risk assessments and determine the organization’s risk appetite. Their perspective creeps more into gray areas as they weigh the likelihood of every incident and its impact.

Without clear and consistent communication between compliance and risk teams, tension, confusion and misinformation can occur.

Much of what the compliance team does influences how risk operates. For example, the controls that a risk team implements often come from the compliance team and their knowledge of regulations. Without the knowledge of the rules that they can operate within, the risk team might struggle to move their initiatives forward or fail to gain approval from compliance.

Risk management and compliance are both necessary components of an organization’s strategic and operational objectives. By clearly understanding the purpose of each, teams can more effectively communicate and work together toward a common goal: business success.

Working in Hand-in-Hand

Individuals responsible for risk management are working to support the achievements of compliance obligations, and often compliance obligations are necessary controls for an effective risk program. Working together to ensure everyone understands the risks involved in compliance and the criticality or weight of related risks helps ensure the organization operates within its defined risk appetite. Successful compliance benefits both teams, but risk professionals must be prepared for the impact and action steps that may come into play in the event the business is out of compliance.

Technology platforms like those offered by ViClarity and other regtech providers can link both teams and their work together by mapping compliance controls that may affect a risk, which allows risk owners to understand the full picture (i.e., control performance, incidents, or key risk indicators that may have an impact on the risk score). A tech solution can also provide management teams, risk committees and boards with a holistic view of both risk and compliance results. With real-time views, the risk and compliance teams can communicate transparently and mitigate any areas of concern, whether high risk or non-compliance.

By clarifying roles, responsibilities and the purpose of both risk and compliance, these equally important groups can work together in a compatible and complementary way.