Order from us for quality, customized work in due time of your choice.
Masterclass 1: Building and Learning an Effective Governance, Risk, and Compliance
Preamble
Generali Group is an insurance company that just like other financial services organisations is subject to a large body of legislation and regulation. Given that past scandals associated with noncompliance and excessive risk taking have resulted in an exponential growth of regulatory policies and intensive scrutiny of companies operations, the organisation is seriously in need of skilled governance, risk management, and compliance (GRC) staff (ICA 2015).
In order to have a better control of risk areas and guarantee strict adherence to relevant laws, policies, contracts, and regulations, Generali Group has developed an internal control and risk management system (Weinstein & Wild 2013). The system also helps the company to ensure that its actuarial and financial functions are aligned with the companys mission, vision, and objectives. This is being achieved through a strong human development element (ICA 2015, p. 1) of GRC.
The aim of this reflective journal is to highlight the main elements of building and leading an effective GRC strategy in the insurance company. The topic is especially relevant to me because by understanding characteristics of an effective GRC strategy it is possible to improve GRC capability of Generali Group, thereby optimising performance and sustainability of the organisation.
Background reading
Required reading:
-
Darcy, K 2013, The effective practitioner: ethics and compliance: birth of a profession, Business Compliance, vol. 13, no. 1, pp. 36-45.
-
Killingsworth, S 2013, Ethics in the executive suite: the best, the brightest and a wicked problem part II: the role of the board in c-suite compliance, Business Compliance, vol. 12, no. 1, pp. 22-33.
-
Smith-Meyer, A 2015, A definition of ethics in business, Compliance & Ethics Professionals, December 2015 issue, .
-
Martin, R 2008, The opposable mind: how successful leaders win through integrative thinking, Harvard Business School Press, Harvard.
-
Ibarra, H 2015. Act like a leader, think like a leader, Harvard Business School Press, Harvard.
-
Additional reading:
-
Chmielewski, C 2004, Values and culture in ethical decision making, Web.
-
Driver, D 2016, Governance, risk management, financial regulation and compliance: an integrated approach, Wiley, Chichester.
-
Kedia, S, Luo, S & Rajgopal, S 2016, Culture of weak compliance and financial reporting risk, The Journal of Law and Economics, vol. 48, no. 1, pp. 371-407.
-
Schlegel, G & Trent, R 2016, Supply chain risk management: an emerging discipline, CRC Press, New York.
-
Weinstein, S & Wild, C 2013, Legal risk management, governance and compliance: a guide to best practice from leading experts, Globe Law and Business, New York.
-
Zimmerli, W, Richter, K & Holzinger, M 2007, Corporate ethics and corporate governance, Springer, New York.
Key principles and issues raised within the Masterclass
Human Element
The first learning point from the Masterclass is that even well intentioned GRC strategy cannot be effective without concentrating on the human dimension, which includes actions, personal traits, and skills of organisations employees. Therefore, in addition to installing proper controls, policies, and procedures, effective GRC activities have to make sure that workers commit to compliance culture on a personal level (Killingsworth 2013). It will help personnel to readjust quickly to unexpected changes in the regulatory environment in which a company operates. It is important to understand that without emphasising the human element, a companys GRC program will not be able to meet its objectives.
According to ICA (2015), proper emphasis on the human element is as much about effective cooperation and collaboration among staff working to meet common goals and objectives as it is in simply manifesting a character of integrity and honesty (p. 2). Even though GRC practitioners appreciate the differences between intrinsic values of employees, they, nonetheless, have to understand that in order to avoid undesirable outcomes of employees decision-making processes, all personnel should be introduced to a single set of principles guiding a company. It will provide staff with a sense of a common goal and will help them to avoid extremes on an ethical continuum (Chmielewski 2004).
There are three rules outlined by Chmielewski (2004) that can be introduced by GRC practitioners to staff in order to guide their ethical decision-making process:
The Rule of Private Gain
The rule invites an individual to consider whether their decision will result in them gaining something at the expense of another person.
If Everyone Does It
Another question that has to be asked in advance of a decision is who would be hurt? (Chmielewski 2004).
Benefits vs. Burden
The rule urges a decision maker to weigh benefits of a decision against its burden. If the burden outweighs the benefits, the behaviour under question is unethical.
GRC will work effectively only if all employees are introduced to a companys core values and principles and know how to act on them within a context of organisational success and integrity (FSPCOMP5) (Darcy 2013). Furthermore, such a common framework will help to ensure that the contributions of employees at all organisational levels result in the establishment of a virtuous cycle (Zimmerli, Richter & Holzinger 2007)
Organisational Features
The second learning point from the Masterclass is that in order to guarantee an optimal performance of a GRC system, it is necessary to consider carefully the key features of an organisation. It has to do with the fact that organisational features can influence both the process of development of a GRC framework and its outcome to a great degree. It must be borne in mind that financial services organisations differ in their GRC capabilities; therefore, while some companies will benefit from a top-down approach, others have to adopt a decentralised approach.
Size and scale of operations in which an organisation is involved influence its ability to respond to risks and compliance incidents in an effective and timely manner (Kedia, Luo & Rajgopal 2016). The growth in the scale of companys operations should coincide with the evolution of its GRC functions. It has to do with the fact that if a GRC system is simply magnified to accommodate a larger scale of business activities gaps of accountability might emerge. Furthermore, the differences in the rate of growth of business units might translate in the uneven distribution of control activities thereby reducing a companys potential for managing its risks (Driver 2016).
Supplementary risks introduced at the nodes of a companys supply chain should also be considered during the development of a GRC framework (ICT 2015; Schlegel & Trent 2016). Furthermore, if a company outsources some of its functions to third parties, it is vulnerable to acquiring additional risks. Therefore, the external contractual arrangements have to be reflected in an organisations GRC strategy.
Strategic goals of financial services organisations are another element of consideration that should not be missed by GRC professionals when they engage in the process of designing a GRC framework. Contradictions between a companys objectives and the shape of GRC might result in the increase of reputational risk and underperformance (ICT 2015).
It is also necessary to avoid potential misalignments between GRC functions and codes, rules, and policies governing the industry in which a company operates. Given that the financial services industry is associated with massive changes in regulatory enforcement, GRC practitioners have to ensure that GRC resources are distributed in a prudential manner.
GRC Leaders
The third learning point that must be taken away from the Masterclass is that GRC leaders are qualitatively different from skilled GRC practitioners. Unlike, GRC practitioners, GRC leaders are always aware of the bigger picture (i.e. economic and financial climate in which a firm operates) (ICT 2015). Furthermore, a GRC leader is an individual who is capable of foreseeing changes in the essential matters of concern for a company and to act proactively and decisively to ensure that their company can mitigate and manage risks at all organisational levels (Martin 2008; Weinstein & Wild 2013).
Leadership scholars argue that values and beliefs of effective leaders are not contradictory in practice (Ibarra 2015; Zimmerli, Richter & Holzinger 2007). Therefore, GRC leaders should have a clear perspective on a companys ethical framework and on how it aligns with its regulatory requirements. Another critical feature that separates leaders from GRC practitioners is an ability to make correct decisions on limited information by synthesising information gained from previous experiences and other sources.
Utilisation and recommendations for business activities:
In terms or practical application of the key learning points described above, Generali Groups GRC practitioners have to analyse carefully the key features shaping the requirement for GRC capabilities of their company. Generali Group recognises the following elements as the minimum requirements for its internal control and risk management system:
-
internal control environment,
-
internal control activities,
-
awareness,
-
monitoring, and
-
reporting (Generali Group 2016).
Taking into consideration the fact that there are many areas requiring control activities in the company, it will benefit from utilising a decentralised approach to the development of its GRC framework, in which risks are managed at the point of their origination (ICT 2015). In light of numerous elements influencing the development of a companys GRC strategy, Generali Group has to consider how its characteristics are encapsulated in a GRC framework.
Another practical suggestion for Generali Group is to make sure its GRC strategy emphasises the human element, which includes actions, personal traits, and skills of organisations employees. In addition to developing policies for managing three core functions of GRC, the companys GRC practitioners have to introduce all employees to a single set of values and principles through its code of ethics.
Generali Group has to provide its GRC professionals with resources and training necessary for them to become effective leaders capable of quickly adapting to changing demands of the regulatory environment and a companys evolving size and scale.
Conclusion
After conducting a research on the Masterclass topic, I have understood that the process of developing a GRC framework requires a careful analysis of a companys main functions and characteristics. Now I know that effective leaders who have a vision of the wider picture of GRC know that it is necessary to incorporate the human element in a GRC strategy.
Masterclass 2: Strategic Risk Management Strategic Areas of Concern
Preamble
Generali Group is a financial services organisation that specialises in the provision of insurance services around the world; therefore, it is open to numerous global risks that can materialise in a wide variety of new and unexpected ways, thereby leading to severe legal and reputational ramifications for the company. The company has 420 subsidiaries in the United States, Europe, Middle East, Latin America, and Asia and employs more than 74, 000 people, which means that it requires full GRC functionality that can guarantee holistic risk management (Generali Group n.d.).
GRC practitioners of any large enterprise functioning within financial services setting have to recognise strategic risk as a principal factor in the holistic management of risks (ICT 2015, p. 1). By doing so, they would be able to develop and implement strategic risk management policies at the corporate level, which will help them to successfully mitigate the effects of exposure to uncertainties associated with management processes and objectives of their companies.
This reflective journal aims to explore the strategic risk management and highlight the importance of risk-focussed personnel for enhancing the competitive advantage of financial services organisations. The topic is of high relevance to me because by incorporating effective risk management practices into corporate strategies of Generali Group, it is possible to improve the companys tolerance to a wide range of threats.
Background reading
Required reading:
-
AON 2017, Global risk management survey report, Web.
-
COSO 2016, Enterprise risk management: aligning risk with strategy and performance, Web.
-
ISO 2009, Risk managementprinciples and guidelines, Web.
-
Sowcik, M 2015, Leadership 2050: critical challenges, key contexts and emerging trends, Emerald Group, New York, NY.
Additional reading:
-
Deloitte 2015, Third party governance & risk management: turning risk into opportunity, Web.
-
GAD 2013, Strategic risk management, Web.
-
Generali Group n.d., At a glance, Web.
-
Grant Thornton 2016, Balancing risk with opportunity in challenging times, Web.
-
Griffiths, S 2017, Professional postgraduate diploma in governance, risk and compliance: masterclass 2: strategic risk management, International Compliance Training Ltd, Birmingham.
-
ICT 2015, ICA professional postgraduate diploma in governance, risk and compliance: course manual module 3, International Compliance Training Ltd, Birmingham.
-
Kroll 2016, 2016 Corporate risk survey: trends in cyber security, fraud, compliance and Big Data, Web.
-
Mohammed, A & Sykes, R n.d., Sharpening strategic risk management, Web.
-
PWC 2017, Risk in review: managing risk from the front line, Web.
Key principles and issues raised within the Masterclass:
Cross-contamination of risks
The first learning point from the Masterclass is that risks faced by companies providing financial services are often interrelated and can lead to cross-contamination resulting in severe consequences such as loss of reputation. GRC practitioners engaged in strategic risk management have to recognise the key areas of concern in order to prevent risks of multidisciplinary nature from crystallising.
An ever-changing landscape of modern risks includes the following elements: macroeconomic, cybersecurity, reputation and brand equity, regulatory and legal, new technologies, business interruption, market developments, natural catastrophes, and financial crime (AON 2017; Griffiths 2017; ISO 2009). In order to effectively deal with these risks and prevent them from cross-contamination, GRC leaders create unique risk management ecosystems within their companies. According to a recent survey, companies spend on average 12 percent of their revenues on GRC activities (Grant Thornton 2016). The allocation of GRC costs varies greatly among companies; however, on average financial services organisations spend 28 percent of their GRC budget on financial risks, 27 percent on compliance risks, 20 percent on operational risks, and only 13 percent on strategic risks (Grant Thornton 2016).
Strategic risks are referred to as the uncertainties and untapped opportunities embedded in a companys strategic intent and how well they are executed (Mohammed & Sykes n.d., para. 2). Risk-focussed personnel understand that such risks can spill over to all areas of a companys operations instead of influencing an isolated business unit. Unfortunately, risk management is often conducted separately from frontline assessments of strategic nature, which means that organisations cannot follow a resilience imperative. Effective GRC strategies should not only include risk assessment, management of risks, control processes, and communication systems but they also have to transfer risk decision-making procedures to the front line (PWC 2017). A recent study reveals that only 13 percent of companies lead risk decision making from their first lines (PWC 2017). It means that organisations that are not capable of aligning ownership of key business risks with ownership of risk decision making (PWC 2017, p. 5) are more open to adverse results of cross contamination of risks than their front line counterparts.
Third party governance and strategic risk management
The second learning point from the Masterclass is that third party governance is an important component of strategic risk management (FSPCOMP14). Outstanding GRC practitioners should know how to translate risks into business value. It can be argued that all risks have to be viewed as drivers of opportunity by 21-century leaders (Grant Thornton 2016; Sowcik 2015). Therefore, effective managers should opt for the holistic approach to risk, which will help them to devote maximum strategic attention to all business functions. This is especially true when it comes to gaining full visibility of risks associated with third party actions.
The process of prudential risk management presupposes the control of third party risks that can substantially damage the reputation of a company and compromise continuity of business. Therefore, financial services companies willing to implement superior control systems minimising their exposure to strategic risks should extend their regulatory efforts to third parties that include, but are not limited to, providers of IT and supporting business processes, all contractors, marketing partners and agents, brokers, and franchisees (Deloitte 2015, p. 6).
In order to avoid multi-million-dollar fines, GRC practitioners of financial services organisations should embrace new approaches to the safety of their enterprises. Third party governance is especially important in the world of technology-driven innovations that create new risk associated with cyber security and big data. The need to mitigate technological risks facing third parties is highlighted by a recent report that indicates that cyber security is considered the most substantial threat to modern corporations (Kroll 2016). The report also shows that almost 60 percent of companies do not have effective protection against data breaches (Kroll 2016).
Prudential Risks
The third learning point from the Masterclass is that GRC practitioners have to be able to identify and properly analyse prudential risks (ICT 2015). By doing so, risk-focussed personnel will secure the reputation of their companies, which is especially important in the context of the finance sector. The ramifications of the 2007 financial crisis have led to financial services organisations emphasising more on GRC activities (ICT 2015). The interest in prudential and conduct issues has reached its peak with the issuance of new policies and regulations by the Financial Conduct Authority (FCA) and the Prudential Regulation Authority (PRA) (ICT 2015).
No organisation can ignore with impunity macro-prudential risks. In order to resolve issues associated with prudential stability authorities apply macro-prudential regulatory tools that focus on the following elements of companies functioning on financial markets: capital adequacy, liquidity, asset quality, profitability, management performance, and sensitivity to systemic risks (ICT 2015). Macro-prudential policies exist in order to prevent intermediaries from externalising costs of their behaviour, which is a behaviour that might lead to severe consequences for a financial system. GRC specialists in organisations such as Generali Group have to understand how these tools and policies limit systemic threats. It will help them to reduce systemic risk contribution associated with the behaviour of their companies. Other factors that should be of particular interest to risk-focussed personnel include, but are not limited to, balance of payments, exchange rates, GDP growth rates, and regional and international economic landscapes (COSCO 2016; ICT 2015).
Micro-prudential risks are another area of concern for GRC practitioners of financial services organisations. Micro-prudential regulation is necessary to limit systemic risks pertaining to the stability of an individual company. Even though the foci of policies aimed at the management of micro-prudential risks is an organisation, they are often intertwined with broader macro-prudential regulations. These overlapping policies have to be understood by effective GRC leaders who want to increase the resilience of their companies.
Utilisation and recommendations for business activities
In terms or practical application of the key learning points described above, risk-focussed personnel of Generali Group have to be cognisant of an ever-changing landscape of modern risks in order to avoid their cross-contamination. GRC practitioners of the company should create a unique risk management ecosystem that will help the organisation to minimise the effect of threats associated with macroeconomic trends, cybersecurity, reputation and brand equity, regulatory and legal environment, new technologies, market developments, and financial crime among others (Griffiths 2017).
To create an effective risk management ecosystem, the company should adopt a strategic top-down approach. Such approach is only effective when it is aligned with a bottom-up process for operational risk management (GAD 2013; FRC 2014). Furthermore, GRC specialists of Generali Group have to clearly define the current level of the companys risk tolerance and identify the consequences of bad outcomes. Risk tolerance analysis has to be regularly reviewed at board meetings (FSPCOMP6). The board of the company should evaluate the likelihood of bad outcomes in order to make informed decisions. Such approach to the decision-making process will allow greater focus on the most important areas of concern. All lessons learned from such reviews should be summarised in reports.
Conclusion
After conduction a thorough research on the Masterclass topic, I have realised that an effective strategic risk management can provide a company with a decisive edge. By reducing the harmful influence of strategic uncertainties, an organisation can ensure that its reputation is not damaged by actions of third parties as well as other unwarranted events. Now I know that strategic risk mitigation is the process that only includes risk assessment, management, control but also transfers risk decision-making procedures to a companys front line, thereby fostering a high level of responsiveness.
Masterclass 3: Future of Payment Services
Preamble
An insurance company, Generali Group, just like other financial services organisations, requires a seamlessly functioning payment system that will reduce its transaction costs. Taking into consideration the fact that the company has many subsidiaries around the world, it has to ensure the safety of its payment arrangements. Furthermore, Generali Group relies on services provided by commercial banks and has central banks accounts; therefore, it is important that a payment system used by the company mitigates credit and liquidity risks (PCR 2015).
Payment systems are associated with numerous risks that include, but are not limited to, settlement risk, credit risk, operational risk, reputational risk, security risk, liquidity risk, and regulatory risk (ICT 2016). The role of GRC functions is to mitigate these and other risks and ensure sustainability of business; therefore, it is hard to overestimate the importance of GRC in the context of payment systems. In order to guarantee strict adherence to pertinent regulations, GRC practitioners have to understand both infrastructures of the current payment systems and future developments of payment services (Weinstein & Wild 2013).
The aim of this reflective journal is to explore the future of payment services and highlight the importance of payment regulations. The topic is especially relevant to me because by understanding the future developments of payment services it is possible to improve GRC capability of Generali Group, thereby mitigating the key areas of risk associated with monetary transactions.
Background reading
Required reading:
-
Capgemini 2016, World Payment report 2016, Web.
-
Capgemini 2017, World FinTech report 2017, Web.
-
HM Treasury 2014, Digital currencies: call for information, Web.
-
PSR 2015, A new regulatory framework for payment systems in the UK, Web.
Additional reading:
-
Bartlett, J 2015, The dark net, Windmill Books, New York.
-
Carton, F, Hedman, J, Dennehy, D, Damsgaard, J, Tan, K & McCarthy, J, B 2012, Framework for mobile payments integration, The Electronic Journal Information Systems Evaluation, vol. 15, no. 1, pp. 14-25.
-
EBA 2014, EBA opinion on virtual currencies, Web.
-
Haycock, J & Richmond, S 2015, Bye bye bye banks?: how retail banks are being displaced, diminished and disintermediated by tech startups-and what they can do to survive, Wunderkammer, Melbourne.
-
ICT 2016, ICA professional postgraduate diploma in governance, risk and compliance: course manual module 4, International Compliance Training Ltd, Birmingham.
-
Wang, Z & Wolman, A 2014, Payment choices and the future of currency: insights from two billion retail transactions, Web.
-
Weinstein, S & Wild, C 2013, Legal risk management, governance and compliance: a guide to best practice from leading experts, Globe Law and Business, New York.
Key principles and issues raised within the Masterclass
Importance
The first learning point from the Masterclass is about the importance of the future of payment services. Well-designed GRC strategy must ensure that a company is perfectly capable of meeting all payment regulations. Three jurisdictions form a wider financial system of the world and play a key part in the development of the global marketplace; the US, the EU, and Hong Kong SAR (ICT 2016). The rapid pace of change in the ecosystem of payment services, which is triggered by the creation of high-speed data networks and portable computing devices, pushes the development of new jurisdictional approaches to payments and market infrastructures.
GRC practitioners of Generali Group have to understand the key areas of concern associated with the three jurisdictional approaches of the modern financial system. Furthermore, the rise of FinTech movement, which is associated with FinTax, created new regulatory challenges for GRC practitioners of financial services organisations. Three key jurisdictionsChina, the US, and the UKhave different regulatory structures that serve their market needs; therefore, an outstanding GRC specialist has to understand the intricacies of these structures in order to provide their companies with proper regulatory guidance (Capgemini 2017).
It should be mentioned that acceptance of card payments is only the first step towards financial inclusion, which is necessary for succeeding in the market. There is a wide-range of alternative payment services that have been embraced by successful companies around the world. These services include, but are not limited to, PayPal, Apple Pay, Google Wallet, and Payoneer (Haycock & Richmond 2015).
Future Payment
The second learning point from the Masterclass is that non-cash transactions are a key part of future payment trends. Payments systems play a key role in the growth of modern economies; therefore, it is impossible to overestimate their importance in the market processes. However, methods of payment evolve over time, thereby leading to the creation of new systems capable of completely changing existing business models. It means that GRC practitioners of financial services organisations have to be cognisant of the driving forces on the payments market in order to guarantee compliance with laws and regulations associated with payment instruments used by their companies. Furthermore, they also should understand instruments, transaction types, banking procedures, payment domains, geographic scope, and other key dimensions of the circulation of money (Carton et al. 2012).
According to a recent report issued by Capgemini (2016), global non-cash transaction volumes grew at 8.9% to reach 387.3 billion in 2014 (p. 6). Interestingly enough, emerging economies in Asia have shown the highest growth ratemore than 30 percent (Capgemini 2016). Latin America is the next-fastest grown region in the adoption of non-cash transactions8.3 percent (Capgemini 2016). The report shows that the largest non-cash markets in the world include the U.S., Eurozone, Brazil, China, the U.K., South Korea, Japan, Canada, Russia, an
Order from us for quality, customized work in due time of your choice.