Skip to main content
Skip to footer
We're taking you to another TCS website now.

Why are businesses in Australia and New Zealand repurposing their enterprise risk systems?

Regulatory change and business complexity, the differing expectations of regulators, and the ways in which regulations are enforced are all driving businesses to repurpose their enterprise risk systems. Over the past couple of years, large banks have expended enormous amounts of their investment pools to prioritise programs directed toward remediation of customer failings and breaches. This follows recommendations outlined by the 2019 Royal Commission into Misconduct in the Banking, Superannuation, and Financial Services Industry.

Ultimately, a back-to-basics approach from an enterprise risk management perspective was required. With governance, risk, and compliance (GRC) systems at the heart of how enterprise risk is managed in an organisation, it is essential to ensure that they stay robust, fit for purpose, and operated by those with the right user experience – or they will not work effectively. This is why establishing a single source of truth, automating manual and repetitive tasks, and enhancing the intrinsic processes and workflows has become even more relevant today. 

Some of the megatrends driving risk management include greater interconnectedness, increased stakeholder demand for transparency and accountability, heightened financial and regulatory downsides such as reputational impacts, the rapid proliferation of technology-enabled risks, and rapid advances in risk technology. Ultimately, these megatrends make it even more important for organisations to leverage GRC to create and maintain a competitive advantage.       

What have companies within the ANZ region done to repurpose and upgrade enterprise systems throughout the pandemic?

During the initial phase of the pandemic, banks and financial institutions responded to the financial hardships that customers were facing as a priority. The response to more recent lockdown measures, which sought to strike a better balance between health and economic hardship, has been more measured. This has enabled financial institutions to instead focus on repurposing and recalibrating enterprise risk systems and simplifying their business operations.

Recently, in particular among the big banks, there has been a significant reshaping of the industry in terms of divesting non-core assets. This is designed to enable organisations to instead focus on their core business, restructure what that looks like, and to deliver enterprise risk systems that are more flexible, adaptable, and sustainable. 

One of the key findings from the Royal Commission into Misconduct in the Banking, Superannuation, and Financial Services Industry was that there was a significant lack of investment into an organisation’s own risk and compliance capabilities, systems, and processes. Not being adequately set up in terms of capacity, skills, capabilities, and experience meant that systems and processes were not future-proofed. A lot of recruitment has since taken place in the risk and financial compliance professions to make up for these losses, helping businesses set themselves up for greater success and align these functions with the business’ overall strategic growth objectives.

What are the main challenges and opportunities for the C-suite in ensuring that enterprise risk systems are fit for purpose in the future?

Sponsorship and advocacy from the most senior levels within financial institutions is essential. Having commitment from board members, risk committees, and CEOs and embracing a consistent approach toward enterprise risk as a critical element within the DNA of the business and its growth strategy are some of the most significant criteria to strengthen the foundation for success.

While most organisations have well-documented frameworks, their embedding and operation has not been consistent, with a lack of investment into the capabilities and maturity of enterprise risk management systems. Ensuring risk is prioritised in the same way as other business-critical functions across the rest of the organisation will help unlock the true value of these systems. Historically, they have been set up by second-line risk and financial compliance groups, but the majority of users are within the business. The first line of defence, where business is managed and risk is owned, is where risk should be managed. The second-line function, where group and governance risk are framed, should provide oversight to the day-to-day management of enterprise risk. 

Enterprise risk processes, systems, and frameworks should be kept simple and fit for purpose, and should be used and managed in the language of the business, without the use of technical jargon. Keeping processes simple and reviewing plus refreshing them often, will help increase their value, use, and compliance. Ensuring that enterprise risk remains relevant and strategically focused is one the biggest priorities for financial institutions. Further, the maturity of GRC systems is considered a proxy by regulators for the maturity of risk management frameworks.

What’s the role of technology in unlocking value and improving the user experience for enterprise risk systems and processes?

Having an effective enterprise risk system as the centrepiece of the enterprise risk framework is critical. So far, change management and user experience has not been optimal, as the co-creation element of these frameworks and systems has been lacking. This has meant that systems were not set up correctly, users were not properly trained, and change was not effectively managed, impacting the business’ ability to keep pace with business complexity and regulatory change.

When managing heightened change and complexity, organisations need to engage and partner with first-line business users more efficiently and effectively to enshrine these practices on a day-to-day basis. Improving the user experience for the first line of defence within the business should remain an essential element of enterprise risk management.

While developing systems of the future, we need to consider the ways in which we can disrupt the current system and approach plus change the way in which this is managed and used. As all arms of an organisation start to think about the business differently, AI, automation, and machine learning will play a greater role in risk functions. Advancements in these technologies will enable enterprise risk systems to become better – fit for purpose, smarter, leaner, and more efficient.

This will ultimately result in better management of data and reporting, helping organisations overcome commonplace data-related issues – such as legacy, governance, and quality – and unlock the value of the usually large volumes of data that they hold. Enhancing predictive capabilities will improve the ability to respond proactively, identify new threats and vulnerabilities, and capture new opportunities

Ranjan Banerji

Ranjan Banerji is Head, Risk and Regulatory Consulting, TCS ANZ and Asia-Pacific. He is an enterprise and regulatory risk optimisation specialist with deep and diverse experience in maturing risk infrastructure, frameworks, and capabilities across Australia and Asia.

Ranjan has led several strategic transformational initiatives, delivering best-practice skills and capability transfer, driving program maturity, and enhancing risk culture.