, Transparency International
Governance, Risk Management and Compliance (GRC) have been shown to be interconnected concepts. Applied effectively in a business, they can reduce costs, cut inefficiency and improve communication throughout an organisation; GRC can help ensure a businesses’ goals and objectives are better defined, the company structure improved and regulations properly adhered to. Indeed, strong GRC lays the foundations for potential company growth.
Conversely, when aspects of GRC are neglected then space becomes available for bad business practice to flourish. Following the global economic downturn of the last decade, GRC as a concept has seen a surge in recognition and implementation. It has dawned on many organisations and individuals that there is substantial benefit to employing robust GRC strategies, and a risk of unwanted consequences for overlooking them.
Let’s shift this corporate example to a national one.
Perhaps no country better illustrates the need for effective compliance, risk management and governance than Greece. The country has been in financial poor health for over 5 years and, though there are number of reasons for Greece’s economic collapse, poor governance and a lack of consideration of the risks that the Greek economy was vulnerable to could be considered to have contributed to Greece’s current predicament.
Greece does not have a long history of formalised corporate governance; there was no law covering corporate governance in the country prior to the year 2000. A voluntary code of practice was written up in 1999, but it wasn’t until the following year that a mandatory code was introduced by the Hellenic Capital Market Commission (HCMC), one half of Greek financial regulation alongside the Bank of Greece.
In 2003 corporate governance laws came into effect which enabled the HCMC to impose sanctions on companies that failed to follow guidelines and procedures set by financial regulators. Since then Greece has of course witnessed seismic shocks to its economy, sinking into a six-year recession and receiving €326 billion from the Eurozone in bailout loans.
Warning signs were already apparent during Greece’s process of joining the European Union, when questions were asked about the manipulation of Greek government deficit figures. Following the debt crisis, in 2010 the Greek government produced a report that listed ‘budget compliance’ – not adhering to the set financial budget - as one reason for their financial state.
Two years later, with the economy still stalling, the Greek government faced accusations of again failing to follow budget compliance by missing EU-set targets. This led to the floating of a remarkable proposal from within the EU to cede Greek financial decision-making to bureaucrats in Brussels.
Such measures illustrate the consequences of failing to adhere to a robust and well-designed GRC structure. But it also shows that bad practice is usually not isolated to one area. If governance is not formulated properly in an organisation, then risk management and compliance considerations may well be approached in the same fashion.
Again, let’s take Greece as an example. The country scored 58/168 in Transparency International’s 2015 Corruption Perceptions Index, the worst results of any EU nation; 18% of Greeks reported paying a bribe to officials in 2010. The institution most likely to receive a bribe, according to public perception, was political parties.
These figures are pretty damning. They also suggest a strong correlation between bad business practice (failing to implement robust GRC) and the potential for other risk areas (such as corruption) to flourish in the space created.
Greece shouldn’t bear the burden for its economic crisis alone; irresponsible lending by European banks also significantly contributed to the catastrophe that subsequently engulfed the country. But had Greek leaders’ more successfully implemented aspects of GRC it may be that the country would perhaps not be in the position it now finds itself.
Similar implications may await those who fail to practice compliance on a business or individual level. Non-compliance with anti money laundering procedures, for example, can result in businesses incurring hefty fines and individuals earning jail sentences.
Governance, risk management and compliance can theoretically stand alone as principles that support and promote adherence to regulation and laws. This was certainly the case historically. Empirically, though, these concepts are commonly interrelated and are far more effective when applied in unison. Evidence of this is seen in the huge growth in individuals and organisations implementing unified, robust GRC practices over the last few years.
Requirements from financial regulators have increased in the wake of the late-2000s global recession. Today, GRC is no longer a useful add-on, but is now acknowledged as a vital and fundamental set of procedures that prevents bad practice and unwelcome repercussions for individuals and businesses – and perhaps even governments.
To find out more about ICA professional qualifications in Governance, Risk and Compliance, which can be studied all over the world, click here or see the details of our forthcoming Greece and Cyprus workshops here.
View more information about ICA qualifications in Greece