Welcome to this special podcast series, In Conversation with K2 Intelligence FIN Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I have visited with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community, reviewed GRC and K2 Intelligence FIN and today, in Part 5, we conclude with a look at GRC then and now.
I found most interestingly that Jeremy Kroll believes one of the key mainstays of GRC is something that many compliance professionals are only now coming to realize, which is that proactive compliance is more effective and more cost effective than reactive compliance. With the addition of technology, it is possible to do things not only more quickly and more efficiently but in a much more cost-effective manner. Jeremy Kroll noted, “What we’re seeing is the velocity of data available, the increasingly important role of technology, coupled with a multi-disciplined approach within organizations to create governance, frameworks, risk management techniques and abilities, and compliance programs that are even more essential now.”
Moving forward, compliance and ethics as well as GRC professionals, who are living and breathing the mission every day, are more fully operationalized down to the front lines. It is these risk management professionals who will be the ones first identifying the risk and risk management strategy. As Jeremy Kroll noted, “This will help you to flatten the curve and that risk particularly to your reputation or your business. I would say, come on over the water’s warm here, we’re growing very quickly. And I think as a proof point, the investment community is showing up every day at our doorstep. And they’re also thankfully investing in a lot of other businesses in our field and technology, RegTech, CompliTech, also professional services and advisory.”
We ended by agreeing that GRC is going to be one of the most exciting areas, including the outsourcing of compliance, which also includes training and education. Here Jeremy Kroll said, “we are taking people who are already in their forties, fifties, or even sixties, and we’re retraining them. And so, pivoting and making a career change and growing in this field, this is a growth field and we want that wisdom. We want that judgment. We want that business or life experience. And you can couple that with young employees and technology enablement, and then you can add tremendous value to clients.” It really does not get much better than that.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Tag: GRC
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week am visiting with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we have reviewed the current Governance, Risk, and Compliance (GRC) landscape, looked at GRC at work, considered GRC and the investment community. In Part 4, we consider GRC and K2 Intelligence FIN and will conclude tomorrow with a look at GRC then and now.
Jeremy Kroll counseled that you must “start with an investigative mindset and understanding what the core risks are. Where is that inflection point? Sometimes you might find out a little bit late, but so long as you are quick to react and pivot, you can change the calculus. That means you have to be ready with enough resources internally. You need to make sure that you have a couple of key crisis response or organizations on speed dial because you can’t do everything yourself and your team is usually focused on doing business as usual.” He ended with “how do you be prepared and be in a position to make sure it is a normalized environment when you are dealing with a significant risk to your organization?”
A growing area is outsourced compliance, which was once again recognized in the 2020 Update to the Department of Justice’s (DOJ) Evaluation of Corporate Compliance Programs. Jeremy Kroll noted, “For entities of any size, it’s important to have the ability to constantly monitor and update compliance procedures and protocols as risk profiles change. However, we also know compliance budgets are under tremendous pressure to adhere to budget cuts and to create greater efficiencies. As a result, our third-party managed services offer outsourced technology and manpower service that enables these organizations to meet regulatory requirements and control costs. We leverage flexibility and scalability across areas including coping with a shortage of experienced employees; improving compliance processes; developing and maintaining a robust technology infrastructure; and tackling global compliance demands.” Jeremy Kroll concluded, “This way, for entities who don’t know where to begin or simply do not have the internal resources, they can rely on organizations like ours to help.”
Please join us for our final episode of this podcast series where we examine GRC: then and now.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over this week, we are reviewing the current Governance, Risk, and Compliance (GRC) landscape, GRC at work, GRC and the investment community, GRC and K2 Intelligence FIN and will conclude with a look at GRC then and now. In Part 3, we consider GRC and the investment community.
It turns out that the investment community should be one of the biggest users of GRC platforms and technologies, particularly when we examine recent events around risk exposure in anti-money laundering (AML) and other illicit activity. Private equity is built to grow businesses and GRC is a key component as a solutions system. One regulatory area that Jeremy Kroll pointed to was AML, “AML was something you might hear about because of narco-traffickers and that some of the big money center banks were in trouble because they were banking drug dealers. After September 11th, everything changed. There was a wellspring of professionals entering the field, either they entered it because they wanted to serve in government or they wanted to pivot in their careers and go from being an auditor, a lawyer, an in-house risk manager into this whole area of fighting terrorism, through tracking, tracing, and reducing the threat of illicit finance. It only picked up steam and in part because of the whole financial collapse and crisis in 2008. Even beyond that, I think what happened was that the regulatory and enforcement bodies both in the United States and Europe have really committed to cracking down because there is money laundering going on.”
All of this has led Jeremy Kroll to conclude that investment firms are looking to invest in companies that can help mitigate these risks more than ever in a post-COVID 19 environment and that an increased innovation and growing number of solutions emerging. Please join us tomorrow where we look at GRC and K2 Intelligence FIN.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future. Over the week, we will review the current Governance, Risk, and Compliance (GRC) landscape, look at GRC at work, consider GRC and the investment community, review GRC and K2 Intelligence FIN and conclude with a look at GRC then and now. In Part 2, we consider some examples of GRC at work.
From the Foreign Corrupt Practices Act (FCPA) world, there is Siemens, which sustained a $1.6bn fine from both US regulators and German regulators for its institutional corruption. The case still remains a landmark settlement and clear failure of a GRC framework. While the company had the rules, policies, and procedures written down, their GRC controls ultimately failed because of a lack of adequate leadership and a culture that enabled corrupt behavior. Following the enforcement action, it became clear they had to reinforce their compliance controls and corporate governance framework.
We ended with some of the biggest takeaways. First, mitigate risk on an ongoing basis. Next, be proactive, not reactive. Finally, it is all about culture. Please join us as we explore this and other GRC-related issues over this podcast series. Tomorrow we examine GRC and the investment community.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Welcome to this special podcast series, In Conversation with K2 Intelligence FIN: Jeremy Kroll on GRC Risks, Strategies, and the Future, sponsored by K2 Intelligence FIN. This week I visit with K2 Intelligence FIN, Chief Executive Officer (CEO) Jeremy Kroll on GRC Risks, Strategies, and the Future.
Over the week, we will review the current Governance, Risk, and Compliance (GRC) landscape, look at GRC at work, consider GRC and the investment community, review GRC and K2 Intelligence FIN and conclude with a look at GRC then and now. In this Part 1, we consider the current GRC landscape.
GRC aims to synchronize information, processes and practices across the enterprise to help entities operate more efficiently by enabling effective information sharing about risk, aligning risk mitigation with organizational goals, allowing for more accurate and effective risk insights, while avoiding wasteful redundancies. Kroll related that a high-level explanation of GRC is “governance is at the top of an organization, literally the very tone from the top. So, at the end of the day, it’s, how can you share information, align your plans, to organize your goals and create an environment where you get more accurate, more effective insights to help you mitigate or manage risk”. GRC ensures that the people who are in the position to avoid risk and effectuate risk avoidance activities can effect that change, alter the course before things go wrong, based upon having the right information.
We turned to risk appetite. Jeremy Kroll believes “organizations have evolved and now there is precious little time to really experiment and figure out not whether something is going to go haywire”. This make is more about business resiliency. To be able to start or expand a business in this competitive world, you have to have a certain appetite for risk. GRC provides a framework to not only “have that appetite, but also be able to take certain decisions; whether that is a geographic expansion and going into a new market or going from investing in a people based businesses, and then starting to pivot into technology.” You can take certain risks as you either evolve or even transform the organization or team. Kroll pointed out that GRC can allow for an “organizational design that allows the highest levels of the business to listen and have the information flow to them and then react quickly that an organization does not lose its way.”
We next turned to the components of a strong GRC framework. They include: tone at the top governance; an effective method to identify, assess and quantify the risk; the ability to train and enforce compliance requirements; independent testing of mitigation measures and to close gaps and remediate deficiencies; audit programs focused on continual improvement and reporting; and the ability to communicate all of the above up the chain of command to the decisionmakers and change agents where decisions can be made and adjustments that cascade back down through the organization.
With these components in place, Jeremy Kroll then expanded out on how they are used. It begins with identifying the risks and then assessing them. From there you create a risk management plan and “once you have that plan in place, being able to monitor it, which leads to training and the constant reassessment, not just of the systems, but the people in your organization.” Moreover, if there is a failure, how quickly can you react and remediate? Jeremy Kroll concluded that it is actually “putting your plan into practice.” He provided the example that if you are a senior inhouse counsel and you are having a conversation with an engineer out in the field, you must, “feel their pain, to understand what it’s like to perform at a high-pressure environment.”
He concluded that GRC has become a much broader part of the conversation across the board. For example, this has become a larger part of the due diligence process for investors examining portfolio companies or acquisitions. Please join us as we explore this and other GRC-related issues over this podcast series. Tomorrow we examine GRC at work.
Check out the LinkedIn page for K2 Intelligence FIN here.
Check out the K2 Intelligence FIN website here.
Matt Kunkel saw a need in the market for “a platform that could act as a central nucleus and bring together and automate in a flexible, easy fashion, all of the different components that make up a traditional governance, risk and compliance regulatory program.” He, together with John Siegler and Dan Campbell, founded LogicGate to fulfill that need. Matt joins Tom Fox on this week’s show to talk about LogicGate’s GRC platform and how it helps businesses improve their bottom line.
Every Business Needs a GRC Champion
Matt wants to give business leaders the keys to the kingdom from a technology perspective. Leaders should be able to own and maintain Governance, Risk and Compliance (GRC) technology that grows and evolves alongside the company’s growth and evolution. A well run GRC program has multiple stakeholders throughout the organization, he points out, especially a champion who will advocate for a culture of risk and compliance. He shares six tips for choosing the best GRC solution.
Managing Third Party Risk
Tom asks about the key exposure points in third party risk and how LogicGate’s solution helps to manage those risks. Matt responds that the best GRC program is only as good as the third parties we use and the programs they have in place. He explains the role of their platform in managing third party risk as well as performing due diligence.
Risk is Good
Matt explains why all businesses should have a Business Continuity Playbook: it’s your Bible to tell you what to do when a disaster strikes, he says. He emphasizes that risk is good. “Risk is good. Companies are built and scaled and grow and achieve great things because they take on… additional strategic risk,” he remarks. It’s about evaluating where risk lies and taking the necessary mitigating steps that would enable you to take on more risk and drive better business outcomes. “I hope that we as an industry can elevate compliance professionals, risk professionals, security professionals to a spot where we can help the organization make strategic decisions based on risk to drive better top-line outcomes, more revenue for the business. It’s not just about asset protection, it’s about revenue generation,” he comments.
Resources
LogicGate.com
LogicGate on LinkedIn | Twitter
Matt Kunkel on LinkedIn
