Strathmore Business School’s inaugural Governance, Risk and Compliance Summit was attended by top and senior industry players in Compliance and Risk Management, Cyber security and Anti Money Laundering; across various financial and telecom based service provider organisations.
Dr. David Mathuva, Senior Faculty Strathmore Business School, gave the overview of the summit speaking on some of the significant trends which have altered the “business as usual” operations in the financial sector and how such trends continuously shape the Governance Risk and Compliance.
Kicking off the summit, Safaricom’s Risk Director, discussed the role of an integrated enterprise risk management, while providing perspective to the weighty role of regulatory compliance in enhancing innovation.
“Most businesses find it challenging to prove how Governance, Risk and Compliance translate into performance. Putting up compliance structures not only eases compliance regulation, but also gives room for risk managers to be innovative and enablers to the attainment of their organisation’s strategic goals. Sometimes because of the pressures of performance, good business governance is sometimes underweighted. However, this should not be substituted for ethical business practice. Although overregulation can also suppress innovation; it is very critical to work together with regulators and perceive them as enablers to succeeding in providing good consumer driven products.”
While most organisations might be aware of the significance of an integrated enterprise risk management, very few organisations have one. It has been noted that 63% of organisations that have an integrated enterprise risk management structure are 3-4 times more profitable that those that haven’t and they are more sustainable.
The influence of global trends in governance, risk and compliance continue to heavily influence local regulation, lending rates, tax transparency and money laundering and terrorism financing policies. Compliance managers must be akin to these trends, remarked Simon Dwyer, Partner, Risk Advisory KPMG East Africa.
For instance, Foreign Financial Institutions (FFIs) that do not comply with Foreign Account Tax Compliance Act (FATCA) are subject to a withholding penalty of 30%. Attempts to reduce fraud and corruption both globally and locally are shifting into a personal obligation, as expressively witnessed through the Central Bank of Kenya Bribery Act of January 2017, which requires senior officers in an organisation to report corruption and bribery suspicions within 24 hours. Failure to comply in attempts to prevent corruption will inevitably attract penalties.
As the digital age continuously evolves, financial crimes and fraud commitment continue to increase in prevalence, making financial services in the digital space vulnerable to attacks. “Financial crime has become a stay-awake issue for financial institutions, with exploitation of easy, quick deliveries and cashless systems in mobile banking contributing to financial crimes,” said Agnes Magero, Head of Anti-Money Laundering, Safaricom Limited.
According to the Serianu cybersecurity report 2016, African countries lost at least USD $2 billion in cyber-attacks in 2016. In East Africa, Kenya recorded the highest losses with $171 Million lost cyber criminals. Tanzania lost $85 Million while Ugandan companies lost $35 million.
Speaking during the summit, Raymond Kiprotich Bett, CISA, Vice President at ISACA Kenya Chapter, attributed the increase in cybersecurity threats and vulnerabilities to poor compatibility of systems as most of them have not been developed locally and the worrying low number of accredited professional in cyber security. “Most of the vulnerabilities in financial services occur in; mobile banking, due to the many intermediaries involved, social engineering and insider threats.”
Clients onboarding systems for Banks such as KYC software (Know Your Customer) are critical touchpoints in providing good customer services as well as ensuring that regulatory requirements for the provision of various services are met. It is however important to achieve a balance between regulatory requirements and improving the client’s experience even during due diligence exercises, remarked Judy Maiyo, Head of Risk and Compliance, Prime Bank Kenya and Anne Mureithi, Compliance Manager Stanbic Bank.
The summit’s highlight also included vigorous discussions by Capital Markets Authority Chief Executive Officer Mr. Paul Muthaura who emphasized on the roles of regulatory compliance, governance and risk management’s in financial system stability, Kenneth Kanyarati, Regional Head of Compliance Stanbic and Laban Omangi, Regional Head of Compliance Barclays Bank on the role of the Board and CEO in supporting Risk and Compliance programs. Discussions surrounding the future of Risk Management in East Africa, as facilitated by John Olukuru; Director Risk Management Center, Strathmore University and De-banking and De-risking by Gilbert Ouko, Director GRC & Risk Solutions Specialist, Thomson Reuters, just but to mention a few.