Table of Contents
Preamble
Generali Worldwide Insurance Company (hereinafter called Generali Group) recognizes the necessity of the efficient and secure utilization of technology (IT) in order to improve their governance, risk as well as compliance (GRC) tasks. The Generali Group’s GRC experts take a comprehensive understanding of the IT’s security in making decisions regarding the technology’s GRC capabilities. They also understand the importance of being able to align IT solutions to the goals, vision and goals. In order to ensure agility and advancement of the GRC practices the Generali Group’s GRC support specialists have decided to go to implement a customized IT Security solution (Generali Group, 2016).
The company’s central IT structure allows GRC personnel to gain access to and manage many of the company’s processes and operations without putting at risk the information assets. These IT security guidelines allow for ensuring that each of the IT GRC tasks are conducted securely: individual accountability in the utilization of IT assets as well as identification of information availability, maintenance of reliability as well as the safety of the design and its implementation, prudential and separation of tasks (Generali Group 2016,).
This journal is designed to examine the role for IT in GRC to carry out management revision, re-engineering, and compliance tasks. The subject is of particular importance to me since when I am aware of the technology used to enforce compliance and its implications, you can make sure it is that GRC software solutions offered by Generali Group are aligned with the goals, vision and goals, thereby fixing security weaknesses and enhancing the competitiveness of the business.
Fundamental principles and the issues that are raised in the Master class
Decision Making, Oversight, and Control
The most important lesson in The primary lesson learned from the Masterclass is the fact that IT can be utilized to help GRC experts with the data needed for making decisions monitoring, oversight, and control. Different businesses have their own regulatory requirements that call for the use of technology for compliance which could simplify GRC operations, thus reducing the overall cost (ICT 2015.). In the case of the process of customer due diligence (CDD), GRC software solutions are crucial to creating an individual’s profile of the customer at the time of application. It’s just one instance of ensuring compliance within the constantly evolving regulatory environment which financial service companies like Generali Group have to operate.
Unfortunately, only about 60% of decision-making within large companies is based on reliable data (PWC 2016, 2016). This implies that the decision-making culture of many organizations do not focus on the use of the latest algorithms. In addition, those which are a bit data-driven make use of the available information in order to “support the conclusions they want” (PWC 2016, page. 2.). Refusing to trust IT GRC solutions is a dangerous trend that could expose a company to many compliance risks and reduce its competitive edge.
The most modern IT GRC solutions have management, execution and monitoring capabilities. However, the successful implementation of such software applications is contingent on whether they align to a company’s mission, goals, and vision and GRC particulars that can differ between its various branches. To be sure IT GRC solutions necessary for the collection of data and monitoring of compliance concerns, give adequate assurance of security and resilience from an operating model, it’s important to take into consideration the use of custom-designed solutions. It is also possible of utilizing a third-party for the provision of IT GRC services (FCA 2014).
But, after having analyzed important legal and technical areas of concern, Generali Group has decided against outsourcing its crucial technological services (Generali Group, 2016).
To allow the IT GRC solution to deliver the benefit of giving GRC practitioners with the information they need to aid their decision-making process compliance technology must be centralized, organized and organised. There is plenty of evidence to suggest that firms with superior IT GRC performance, which can be achieved through the use in the core structure of integration are “more than 20 percent higher profitability than firms with poor governance” (PWC 2017 para. 7).
A key element to achieving an excellent quality IT GRC performance is to centralize the storage of data. It is not only helpful to comply with regulatory requirements, but also from a practical perspective. For instance, a financial service firm that uses a homogeneous IT platform that has central storage of data can demonstrate “traceability and liability of information in financial reports” (ICT 2015, 7. 7.). Additionally localized data centers provide more effective control of corrective measures that need to be implemented by a business.
Compliance Analytics
The other key lesson from the Masterclass which must be kept in mind is that compliance analytics is a valuable tool that helps to analyze data from various data sources to increase the company’s GRC capability (Zitting 2015.).
As per Spanaki and Papazafeiropoulou (2013) The Sarbanes-Oxley Act of 2002 necessitated the development of new methods to implement the firm’s GRC strategy. A lot of companies built their GRC actions around the use of detective methods which take forms of retro-reporting. However, the reality is that after-the-fact IT Forensics significantly reduces the time needed to correct controls deficiencies, which can undermine the efficiency of compliance efforts (Abdullah Indulska, Sadiq, and Abdullah 2012). Automated detection of compliance issues using analytics can be a viable alternative to conventional measures of investigation.
It is possible to argue that using compliance analytics is a successful way of eliminating gaps in compliance and predicting breach of policy. Society for Worldwide Interbank Financial Telecommunication (SWIFT) Compliance Analytics is a data mining platform which can be utilized by financial institutions to detect financial crimes and compliance (FCC) threats (ICT 2015.). The platform allows customers to “identify behavioral anomalies, unusual patterns, and trends, hidden relationships, and high levels of activity with high-risk countries and entities” (SWIFT 2014, page. 1.).
This lesson is related to the first one by ensuring the centralization of all data is crucial for conducting appropriate analysis through a compliance analytics system. Afficient risk management analysis for risk management are only feasible if the data is standardized and collected from a single source within an organization.
Use of IT in Know Your Customer (KYC)
The third point of learning can be that IT can be utilized effectively to carry out KYC processes that are crucial for CDD. Despite the overwhelming evidence that the effective collecting and sharing KYC information among banks reduces the risk of compliance Many organizations continue to rely on old systems that hinder access to KYC information (ICT 2015.). Not just the old methods, typically built on manual processes which can increase the rate of error and pose regulatory risks as well as reducing general quality the client experience.
KYC automation is a field of IT that has been successfully studied by SWIFT to offer banks accessibility to standardized client information via a secure web-based portal (ICT 2015.). It is important to note that a variety of companies specialize in providing these services and with KYC Exchange Net AG being the most prominent. A method for due diligence permits the classification of customers according to key attributes that include but aren’t limited to, size, industry as well as risk and entity. It is worth noting that recent advancements in the field of mobile banking have led the providers of KYC automation to accept non-traditional customers that were previously exempt of financial service (ICT 2015.).
GRC experts need to understand that every KYC actions must be viewed from a perspective of risk-based approaches (RBA) viewpoint. The selection of any KYC policy is based on an exchange of risk; thus, it is crucial to strike the best equilibrium among “false acceptance of an invalid identity claim” and “false rejection of a valid identity claim” (Gelb 2016 3). 3.). With the aid of the latest KYC software It is now possible to swiftly process KYC documentation, and thus fill in any information gaps quickly. Additionally, KYC technological solutions that are built on RBA can help improve the customer experience by avoiding the needless negatives (ICT 2015.).
Utilization and Recommendations
In terms of practical application of learning points, GRC specialists from Generali Group have to use GRC functions of IT to improve the quality of their decision-making and compliance. To achieve this it is suggested to ensure that the technology used for compliance is in line with the company’s vision and mission, strategy, and objectives. Thus, only bespoke IT solutions should be utilized to cover particular GRC tasks and to achieve an ideal degree in alignment (ICT 2015.).
To decrease GRC risks within Generali Group, its compliance professionals must make use of SWIFT the Compliance Analytics (SWIFT 2014.). It has ongoing monitoring and auditing capabilities which are highly effective in identifying all types of FCC dangers. The use of real-time predictive analytics will allow the business to develop effective preventative measures, thus avoiding undesirable future events.
The effective implementation of IT GRC processes within the control environment of the company isn’t possible without the use of advanced KYC technology.
Conclusion
The research conducted on the Masterclass subject has allowed me comprehend the significance of effective utilization of IT in the GRC processes of a financial service company. Now , I understand it is imperative that Generali Group should try to reduce its manual processing in order in order to gain a more efficient and risk-based analysis of KYC information and enhance the client experience.