GRC is key to post-crunch compliance, says Deloitte report

LONDON – The top 100 global finance firms are paying more for compliance, with many failing to heed the warnings of the credit crunch by better integrating their risk and control strategies. Costs rose 30% in the past three years to £28 billion in 2007 and could reach £50 billion by post-crunch 2010, according to research by financial adviser Deloitte.

The report, entitled ‘In Control?’ says firms’ compliance costs can only be effective if the ‘holy trinity’ of risk management, controls and governance are interconnected in a common strategy. Calls for closer integration of governance, risk and compliance (GRC) strategies – though varying in the concept’s precise wording or definition – are growing increasingly louder in the post-credit crunch environment.

Chris Gentle, an associate partner and head of research at Deloitte, said: “It appears that a prime feature of the recent losses incurred by major banks in the credit crunch was the inability, in many instances, to link risk and control factors together.

“Current market dynamics dictate that there are few more vital issues for financial institutions to address than risk appetite, governance and control. Such systems set few hearts racing until it is often too late, yet they are increasingly determining the winners and the losers across the global financial services industry.”