Can Risk Management and Compliance be digitalized?

15. Juni 2016 in Kategorie AufsichtsEnglisch

Karl Viertel
CEO, Alyne

Digitalization is a seemingly new buzz word on the agenda in many organizations as well as in pitch decks of savvy consultants. It describes the introduction of digital technology to an organizational process to make existing activities more effective or deliver a new service to the organization. Avoiding manual steps, human intervention and any unnecessary interfaces are commonly a focus point. Over the past decades, the term has been used in various contexts, from actually transforming physical processes like type setting to digital printing or using computer aided design instead of pencil and paper. However, in today’s practice, businesses usually mean leveraging X-as-a-Service offerings to apply flexible and scalable technology to optimize a specific business outcome when talking about digitalization.

What does digitalization mean for Risk Management and Compliance?

You could argue that Risk Management and Compliance are already largely digital domains and digitalized. However, it is worth taking a second look when you consider the following characteristics you may encounter in these functions in companies around the world:

  • Lots of manual interaction
    • Many Risk Management and Compliance processes in organizations involve multiple separate spreadsheets, feedback and additions being sent back and forth via emails, spreadsheet outcomes pasted into slide decks and probably still some printouts with a busy executive’s hand-written comments.
  • Labor intensive processes
    • Compliance reporting and Risk Management requirements have developed so rapidly that especially highly regulated companies as banks have solved an immediate need by hiring more people. Compliance and Risk Management departments have grown to enormous dimensions.
  • Generic and outdated toolsets
    • While digital tools are used in Risk Management and Compliance, these tools are often generic tools, such as spreadsheets or outdated solutions, like many GRC tools currently on the market. Processes are not necessarily streamlined and the quality of the output is highly dependent on the structuring and content of the user, as little guidance or content is provided.

So how can digitalization add value?

There is huge value to be added through digitalizing Risk Management and Compliance processes, and the emergence of RegTech as a trend in late 2015 seems to support this. If you are a company looking to optimize these domains or you are a RegTech with a solution you think can drive digitalization, try benchmarking them against the following questions:

  • Does it save money?
    • Risk Management is an expensive undertaking and measuring return on investment is difficult. Cost of Compliance is always matched against the Cost of Non- Compliance. Your solution needs to significantly tip the scales.
  • Can it commoditize something you do today?
    • Many Risk Management and Compliance processes are driven by experts applying knowledge or skills to analyse a specific issue. Digital solutions need to at least commoditize the legwork allowing experts to focus on high value risk analysis and decisions.
  • Is greater transparency enabled?
    • Assurance is generally provided on a sample based auditing approach. Highly scalable technology may allow full assurance coverage to increase compliance transparency, allow for better insights and enable more powerful risk analytics.
  • Are insights delivered faster?
    • With business moving faster, Risk Management and Compliance is more about detecting and reacting appropriately to a risk event than trying to prevent every possible scenario. The faster risk insights are delivered, the more powerful the GRC solution.
  • Does it create actionable results?
    • Although most organizations have plenty of risk data, few can derive actionable compliance insights from it within a short period of time. Smart RegTech solutions should streamline the process from capturing risk data to delivering actionable compliance insights to the right stakeholders.


  • Keep an eye on RegTech and FinTech solutions in 2016 that can contribute to digitalizing Risk Management and Compliance successfully.
  • Look for partners to support Risk Managers and Compliance Professionals in focussing on developing and executing Risk Management and Compliance strategies (their core competence should be finding smart ways to effectively comply with laws and regulations and mitigate risks).
  • The heavy lifting of identifying and analyzing risks and compliance requirements should be digitalized and left to Compliance as a Service or Risk Management as a Service provider.



  • New MaRisk                                                  17.10.2016     Frankfurt/M.
  • EBA-Vorgaben: SREP                               24.–25.10.2016     Frankfurt/M.
  • Datenrisiken im Risikomanagement               28.10.2016     Frankfurt/M.
  • Compliance-Tagung 2016                        14.–15.11.2016     Berlin



Cover_AufsichtsEnglisch2Auflage_978-3-95725-047-6Bill Child
Handbuch Bankaufsichtliches Meldewesen
Erscheinungstermin: 31.03.2016
Umfang:291 Seiten
Preis: € 119,-
ISBN: 978-3-95725-047-6
Hier erhalten Sie weitere Infos zum Buch und die Möglichkeit zur Bestellung im Online-Shop


Dieser Beitrag ist erschienen im Newsletter Banken-Times SPEZIAL AufsichtsEnglisch, Ausgabe Juni/Juli 2016.
(Kostenlose) Bestellung möglich unter

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.


Folgende HTML Tags und Attribute können verwendet werden: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>