Pursuing Business Vitality – Get your First Line Assurance sorted and soon!

October 2022
GRC

Financial service businesses across New Zealand face new and unknown risks and, thus, new and untapped opportunities. The need to pursue Business Vitality has never been greater.

Risk management and assurance are no longer about simply minimising risks and protecting value; this traditional risk stance has had to evolve and rightly so. This means proactively pursuing better ways of working, making unknown risks known, to pre-empt and treating those risks to enable businesses to not simply survive but to thrive.

I passionately believe the risk and assurance element has a significant and valuable part to play in successfully achieving that goal. It is good for business, good for shareholders, your employees and, importantly, your Customers.

Why would you not pursue, with a passion, Business Vitality?

My professional risk career has been formed over 25 plus years in the UK, starting from the ground, up to senior leadership roles working across retail and investment banking, and then global and boutique investment management. In late 2021, despite the pandemic, we moved our family… and toy poodle, to live in Aotearoa to bring our dream to life.

In making this move, I also wanted to make a real difference to wherever I decided to work and use my lived and deep industry experiences to their full effect. I also wanted to work with truly exceptional creative talented people that would challenge and help keep me intellectually energised, fresh and learning – enter Mosaic FSI!

With that UK veteran risk practitioner hat on, I thought it might be worth sharing a few observations with you about business vitality and its vital connection to risk and particularly first-line risk assurance.

In New Zealand, many financial services businesses have grown organically or have merged to become bigger and more successful. However, as these businesses have reshaped, for various reasons, many have not built or invested energy into robust governance and risk assurance models aligned to that success, shape, and change. My observation is that many of them have simply reacted to events and risks as they have become ‘known,’ often when their customers, regulators or events offshore have made it known for them…

When I’ve asked senior executives how they are faring from a risk and control environment perspective, I often hear; “We’re doing alright”, “No major problems to date”, “Nothing to add there.”,

My question is, “How do you know?

Effective frontline risk assurance provides you, the senior executives, with an accurate real-time view of Your World and can help you uncover risks that are either currently unknown to you or, if known, are not being treated effectively and/or efficiently in accordance with your risk appetite. By taking this vantage point, you furnish yourself with quality risk intelligence that enables you to react dynamically to manage a situation, a risk, or an opportunity in a way that both protects and pursues business vitality.

Let me share a simple analogy to support this point, let’s make it personal.

You’re a fit and well person, and you take the view, ‘I don’t need that yearly check-up with the doctor.  Does this sound familiar? Maybe it’s you, your spouse, or someone close to you?  The reality is most people react to their health rather than monitor their health. However, an annual health check is a valuable & proven assurance tool; it provides positive reassurance i.e., you’re fit for purpose, or we’ve caught something early. By being informed, you can rest assured, make changes, or put strategies in place … improve your life quality and/or ensure your survival. Precisely the same principle applies to all firms in New Zealand with regards to risk assurance – know the unknown unknowns. Why would you not jump on the opportunity to better position your firm for its best outcome?

My last 2 roles were as newly appointed Global Head of First Line Risk functions of a global and a boutique investment management firm, respectively. They both headhunted me to take on “greenfield” situations where they had experienced significant control and conduct incidents resulting from primarily sub-optimal risk cultures and inadequate process and control environments. My job was to assess, identify weakness, fix it and at the same time, build out the risk control framework, first line risk team and then implement that into existence and ultimately into an embedded state. You can imagine the upward hill battles that ensued, but over time we delivered a robust, effective and value-driven framework built upon solid first-line assurance.

Bigger firms in New Zealand will most probably already have risk and compliance frameworks in place and believe they are “fit and well.” Believing is not enough! You have to support that belief with fact-based ongoing evidence derived from well-thought-out structured first-line assurance. The key questions your Board, Senior Management or Risk Committee should and will undoubtedly soon be asking (due to increased regulator, shareholder, and customer expectations) are:

  • How robust and effective is our first-line control environment?
  • When was our first-line control environment last tested, and by who?
  • Where’s the proof that you are listening to those with accountability for first-line controls?

If you, or they, do not get clear, informed, and positive responses to these 3 questions, then I strongly encourage you to seek an independent review of your frontline risk & control environment, a “health check” as soon as possible. At best, it will provide you with confirmation that you are receiving tangible fact-based assurance from those ‘in the know’ and at worst (or even better) it may help you make some unknown risks known, all of which will improve or ensure your ongoing Business Vitality.

Small to medium-sized firms should also seek that same quality first-line risk assurance review. The difference here is ensuring that your frontline risk and control environment is suitably right sized and pragmatic, recognising that the three lines assurance and accountability framework, in its purest form, will not always be efficient or effective and, therefore, first-line assurance will need to play a greater role in controlling and uncovering risks.

Mosaic has an exceptionally talented and experienced Conduct, Risk and Compliance team who can apply their deep domain knowledge and pragmatic approach, to help solve your conduct, risk, and compliance challenges. – why not contact us to discuss how Mosaic can help ensure your first-line assurance supports and enhances your Business Vitality