Protiviti Survey Outlines Risk and Compliance Lessons from Financial Crisis

A survey from Protiviti Ltd, an independent risk consulting company, held at a recent seminar for senior risk and compliance managers has revealed that, against the backdrop of the current economic turbulence, the most important lesson to be learnt is that there is the need for much greater risk and compliance challenge to firms’ operating models and strategies. The survey respondents were asked to identify the biggest lesson for firms’ governance, risk management and compliance arrangements from the turmoil, and this was the choice of 37%.

However, despite the current debate around restricting and restructuring the bonuses of senior executives, only 2% of respondents said that the need for a greater role for risk and compliance functions in this process was the biggest lesson to be learnt. Since the seminar the UK government has made the restriction of senior executive bonuses as one of the conditions of its injections of new capital into banks. Additionally, while the FSA has stopped short of drafting rules on executive remuneration, it has published a ‘Dear CEO’ letter, urging firms to consider their remuneration policies and describing policies that are not linked to sound risk management controls as “unacceptable” and indicating that good practice is for areas such as risk and HR to have a strong and independent role in setting compensation for the business areas.

Furthermore, only 4% considered that the most important lesson was to build more extreme and extraordinary scenarios into firms’ ICAAP (Individual Capital Assessment) models. FSA are also expected to be publishing its revised expectations of firms’ ICAAPs soon and is known to regard them as a key control tool.

The survey also reveals that the second biggest lesson (the choice of 28% of respondents) is the need to reassess the effectiveness of governance at the very top of companies. One in four respondents said that the biggest lesson was the need to place a much greater focus on macro unexperienced risks.

Jonathan Jesty, director at Protiviti, said: “There will of course be numerous lessons to learn from the financial crisis and many organisations will need to re-examine their governance and risk management structures and arrangements. But our survey shows that the biggest challenge in the minds of risk and compliance professionals is to how to get a strong risk management culture and awareness back into the business and the boardroom after years of complex technical regulatory change which has probably resulted in too much dependency on the control functions. Changes to remuneration principles and ICAAPs can be important tools of course, but the survey confirms that there are more fundamental, business issues to be addressed.”


Related reading