Share on twitter
Share on facebook
Share on google
Share on whatsapp
Share on email

Governance, Risk & Compliance: Part 1

Governance (not Government) is always a hot topic for organisations and never more so than when in the midst of a global pandemic. 

Like many things in finance, we love to bundle together acronyms and so this week I present GRC; governance, risk and compliance. 

In other words, how your organisation is run. 

Let’s dissect the first part and focus on governance. Sounds simple enough but do we really know what it is all about? Is it the stuff and decisions that are always made at the top of the organisation regardless of size? Does it cascade throughout to all levels of an organisation, and is it actually meaningful? 

Let’s present the case upfront for why it is so important. 

Taking an innovative approach to managing and enhancing your governance, risk and compliance (GRC) activities can help organisations: 

  • seize opportunities 
  • stay a step ahead of uncertainty, and 
  • meet stakeholder expectations 

It’s a bedrock of most organisations and the sort of thing you see emblazoned across corporate websites and literature. 

Take Toyota as an example. Their governance framework consists of both a mission statement and a company vision, which collectively forms their governance approach. 

A company’s mission statement: 

  • Is designed for both an internal and external audience 
  • States who the company’s target market is, and 
  • Explains what the organisation exists to do 

A company’s vision

  • Describes how the company will achieve its mission 
  • Explains why the company does what it does 
  • Guides internal decision-making, and 
  • Lays the foundation for strategic objectives 

Governance thus consists of two elements at Toyota: 

Mission statement – high level, call to arms *WHAT* 

Vision – *HOW & WHY* 

The key for successful organisations is to ensure the vision translates throughout and creates engagement with all levels of employees so that employees know and understand how their role contributes to strategic outcomes. This is achieved through operational objectives, which are typically short-term deliverables that align to the long-term corporate strategy and ultimately its vision. 

Strategy is the key word here; governance should define the strategy, the objectives, and join the dots between corporate boardrooms and the day-to-day operations. 

To put this into action and see how well this translates let’s do a little quiz. I will give you a number of high-level governance straplines to see if you can name the underlying companies (answers at the end): 

  • To create a better everyday life for the many people 
  • To enable people and businesses throughout the world to realize their full potential 
  • To become the number 1 fashion destination for 20-somethings globally 
  • To organize the world’s information and make it universally accessible and useful 
  • To inspire and nurture the human spirit – one person, one cup and one neighbourhood at a time 
  • To connect the world’s professionals to make them more productive and successful 
  • To be Earth’s most customer-centric company, where customers can find and discover anything they might want to buy online, and endeavours to offer its customers the lowest possible prices To give everyone the power to create and share ideas and information instantly, without barriers 

What you will note when you review the answers is that some are more obvious and more definitive than others. This is of course deliberate. Some organisations are laser-focused on who they are and what they do, while others want to stay broad and have the ability to pivot as required. Something we have seen many examples of recently, where agile organisations have been able to move into key areas, like the production of PPE and other in-demand products and services. 

Governance is an area that is often in the headlines for all the wrong reasons though. 

Here’s a recent example for you to consider: 

• EasyJet has gone ahead with its £174m dividend payout to shareholders, which included £60 million to its founder, Sir Stelios Haji-Ioannou 

• It went ahead while it appealed to the UK Government for taxpayer help by way of lines of credits or loans to deal with the collapse in travel due to the coronavirus pandemic 

• Labour MP David Lammy aptly described it as “greedy super-capitalism at its worst” 

From a pure governance point of view, you can see why it raised a number of challenges. 

Governance is often cited as the tone from the top – driven by the Board of Directors and Senior Management, setting the tone for culture and decision making. 

What does this case show? That payouts to key shareholders and invested senior managers were more important than the livelihood of many workers? 

You may argue that as a listed business it does in fact have a duty to return profits to shareholders, which is indeed correct. However, decision-making and ultimately governance under difficult circumstances is where we really start to see good organisations shine. 

Let’s look at a counter example, with the call-to-arms to ramp up ventilator production in the UK when lockdown was first announced: 

In one corner is vacuum and hairdryer maker, Dyson. 

It partnered with The Technology Partnership, a medical company based in Cambridge. 

In the other corner – a consortium of manufacturing companies including Airbus and GKN, which makes parts for cars and planes. 

The approaches of these two groups were very different. 

Dyson designed and built from scratch. 

The consortium of medical, military and civil engineering companies – which includes Airbus, Meggit, GKN and others worked to ramp up the production of an existing design. 

Usually, these processes would take months or even years. 

This show the power of good governance, pivoting quickly, making decisive decisions and in this instance for much more than a profit motive. 

Unfortunately, we often see governance manifest itself in the negative corner. 

Here are a few interesting cases I would suggest you read up on… 

Carillion

VW

Sports Direct

Whilst all different in detail, there are many common themes and lessons to be learned from them: 

  • Oversight Failings; a lack of challenge to those in charge 
  • Control weaknesses 
  • Profit (greed) over basic operational focus 

But the biggest consequences are the impacts. Take the case of the VW car emissions scandal – mass job losses, 11m cars impacted, fines, penalties, recalls and scrutiny on the whole industry. It’s still rumbling on today; you may have seen the news that Germany’s highest civil court has ruled that Volkswagen must pay compensation to a motorist who had bought one of its diesel minivans fitted with emissions-cheating software. The ruling sets a benchmark for about 60,000 other cases in Germany. 

I’ve deliberately stayed away from financial examples else this article would be like War and Peace. There are many of us though who, throughout our careers, have experienced first-hand the impact of poor governance. 

Libor, FX and rogue trading issues dogged much of the misconduct landscape before and after the financial crisis. If you look at current Investment Banks, most – if not all – look very different to how they did before. Partly caused by poor investment governance (see subprime) and partly due to a lack of oversight across things like Libor. Oh and by the way, lessons were clearly not learned when a few years later it was discovered the exact same thing had been happening in currency markets too. Doh! 

Overall, the Board must have responsibility for managing the organisation, making decisions relating to the strategy, and assessing its progress towards achieving it. 

Sounds easy right? Some takeaways… 

Good governance should focus on: 

  • Setting and instilling the right culture throughout the organisation 
  • Monitoring the company’s exposure to risk and the key risks that could undermine its strategy, reputation or long-term viability 
  • Identifying the risks inherent in the company’s business model and strategy, including risks from external factors 
  • Overseeing the effectiveness of management’s mitigation processes and controls, and ensuring the company has effective crisis management processes 
  • Determining the company’s approach to risk, including setting or approving its risk appetite 

And here the answers from the governance strapline earlier in the article: 

  • Ikea 
  • Microsoft 
  • ASOS 
  • Google 
  • Starbucks 
  • LinkedIn 
  • Amazon 
  • Twitter 

Award yourself some pride points if you got any or all of them right. 

Stay safe, stay curious and keep learning! 

About this author

Matt Fotherby

Financial Markets, Compliance & Regulations

Matt Fotherby

Matt is our Founder and a passionate trainer.

His interest in education stems from his 10 years as an Account Executive looking after Global Hedge Fund and Asset Management clients. This led Matt to join the coveted Financial Markets Education team at UBS, a unique in-house education team that specialised in running a curriculum of financial market and product classes for both UBS employees and clients. Matt was responsible for building out the client offering; managing programs, creating content and teaching courses.

As financial markets entered a significant period of regulatory change Matt pivoted to take his client experience and market knowledge to focus on Regulations and Compliance topics.

Look who’s back, back again!

The most recent of these in late 2019 took a slightly different approach hosting Conduct Roundtable sessions with 18 wholesale banks. Each was represented by a group of 10 staff at a ‘Vice President’ (VP) level of seniority or similar. They came to refer to this group as ‘the Engine Room’, acknowledging their importance to firms.

It’s a good read and I thoroughly recommend it but if you don’t have time to sift through the 34 pages I’ve picked out some key highlights and comments for you to ponder over.

Read More »