Home > Risk > A Leap Forward for Risk and Compliance

A Leap Forward for Risk and Compliance

November 19, 2012 Leave a comment Go to comments

Last week, I had the honor of being the opening keynote speaker at the Compliance Week West conference in Palo Alto. As we gathered, I chatted with a couple of friends from a large technology company. They told me about some amazing things they are doing with the latest technology (including from SAP and its partners) to improve their risk and compliance activities. This company is not alone and I am hearing stories from companies in all different sectors and geographies almost every week.

For example:

  • One company is continuously monitoring hundreds of millions of transactions for indicators (red flags) of potential fraud. While organizations have been doing this on a monthly basis for a long time, the latest in-memory technology provides speed improvements – up to 300,000 times faster than just a year ago – that let them monitor transactions almost as they are processed. Now, they can intervene and take action quickly and close down anything improper very quickly.
  • A large bank is using some of the same in-memory technology to monitor signs of money-laundering. With the massive fines being levied by the government and regulators for anti-money laundering (AML) compliance failures, this has become a critical activity for financial services organizations. The power is now available to monitor the literally billions of transactions processed every day.
  • An IT organization has moved its information security threat risk assessment tool onto an in-memory platform. Previously, the tool was limited to assessing intrusion risks by analyzing a sample of intrusion attempts. As a result, its accuracy and reliability was limited. Now, it does its assessment based on the full history of intrusion attempts.
  • SAP is one of many companies that use social media monitoring technology (sometimes referred to as sentiment analytics or text analytics) to monitor what people are saying about the company; this keeps their fingers on reputation risk.
  • SAP’s internal risk management function is in the process of deploying mobile risk analytics. Linked to our enterprise risk management system, this mobile app will enable every manager to see and dive into the risks they own. It is enabling risk management to be “embedded” into daily management of the business.
  • Other companies are using new technology to improve their monitoring and communication of risks across the organization. It is great to go to a conference, such as Compliance Week West, and see the growing maturity of risk and compliance solutions showcased by vendors, some with integrated risk monitoring capabilities.

The ability to monitor risk and compliance in a more dynamic fashion that is responsive to change delivers power and value to the organization – and to the contribution that can be made by risk and compliance professionals.

But, I hear you say, risk and compliance functions don’t have the money to spend on expensive new toys.

That is true, but the majority of companies are either acquiring or actively looking at the new technology to improve business operations – especially to leverage so-called Big Data, but also to improve the analytics used to make decisions and run the business.

Risk and compliance professionals should be looking for the opportunity to leverage the technology their organization is acquiring for other purposes. That is what my friends at the Silicon Valley technology giant did.

What to look for? Here’s a partial list of new technology to power risk and compliance:

  • In-memory computing (sometimes this is called in-memory analytics, sometimes just as a platform or a database. SAP’s solution is called HANA)
  • Predictive analytics
  • Mobile analytics (sometimes referred to as mobile business intelligence, or mobile BI)
  • Risk monitoring, including event monitoring (where a real-time agent tests individual transactions against rules as they are processed)
  • And more, such as these solutions from Wipro

I would love to hear what you are doing with the new technology to improve risk and compliance effectiveness and efficiency.

  1. alexxh
    November 19, 2012 at 5:36 PM

    Small “too big to fail” bank here. Been using this approach for 6 years now with using mainly open source tools.

    Results are very successful in terms of outcomes.

    • kke
      November 20, 2012 at 6:02 AM

      Hi, alexxh, what open source tools are you using? And what functions from the tools you are using, e.g., reporting, ad-hoc analysis or data mining and predictive analytics? Thanks.

      • alexxh
        November 20, 2012 at 5:09 PM

        Hadoop, Hive, R, Drupal, Postgres, various graphing libraries…

        I should add that there also commercial products involved for some ancillary functions. The risk/security/fraud warehouse is more than that, it is a data service that we provide.

        More important than the tools are the modelers (which is why on Twitter, I pressed Norm for details on their staffing there).

        You can have plenty of product and technology, but the key determinant in the ability to extract value are the model builders, themselves.

        We’ve made the conscious decision to stress employing people vs a specific vendor.

  2. Gary Lim
    November 20, 2012 at 2:46 AM

    I was the Risk Manager of a MNC insurer before my retirement and I remember that once the company’s risk register has been tabulated, there is much work to do until the next review, 3 months down the road. RM Consultants put is so much fear to Mgt Team on the list of risks that it becomes a full time monitoring job. Many of the risk has pre-warning period, like the Euro crisis, Greece defaulting,etc, everyone knows about it, do something.
    Now with technology (software), it becomes expensive to purchase and to maintain, the user finds it easier to click here and there, it would not help at all UNLESS the ERM culture is positive. I agreeable to simple ERM software reporting.

  3. Norman Marks
    November 20, 2012 at 6:50 AM

    My point is:

    1. Risks change all the time and running the business based on assessments every three months is like driving down the freeway using only the rear view mirror.
    2. A key element of effective compliance is monitoring. It’s fine to have policies, training, and such. But you need monitoring to have assurance they are being followed.
    3. The new technology lets practitioners make giant leaps in both areas.
    4. Business managers are buying the technology. We can see if we can use it as well.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: