How FinLeap masters the challenge of Governance, Risk Management & Compliance

By Stefan Otremba | June 1st, 2017
  • News
  • Fintech
  • Back to blog
  • The Challenge: Adhering to regulatory requirements while maintaining agility

    Corporate organizations of all branches are currently facing a challenge that influences the way they produce and sell their products and services significantly: As regulatory requirements and societal expectations increase, competitive pressure also rises and forces companies to become more and more efficient. In this context, companies are confronted with the question how they can adhere to the elevated requirements – without losing efficiency and agility.

    This question is of particular importance to companies in the FinTech area – businesses that bring financial services to the next level by intelligently deploying digital technologies. Due to their industry specific focus and their competitive differentiating character as fast, agile and flexible startups, the way FinTechs answer this question is of enormous relevance for the success of their businesses. This article elaborates on how both objectives – regulatory Compliance and corporate performance – can be brought together in general and in FinTech companies in particular.

    The Solution: Managing Risks & Utilizing Synergies

    Effectively managing legal, financial and reputational risks while keeping the eye on performance – the simultaneous accomplishment of both perspectives requires an integrated GRC-Management. GRC stands for Governance, Risk Management and Compliance. In essence, GRC is about systematically integrating risk management and compliance as well as further relevant functions and aligning them with a company’s general means to direct and to control a business (= Corporate Governance). In this context, two aspects can be distinguished:

    • By closely aligning the governance functions (= horizontal integration), synergy potentials are exploited and risks are managed more effectively and efficiently. While the functional coverage of this integration lies within the entrepreneurial freedom, risk management and compliance as well as Internal Audit (if applicable) should definitely be included.
    • The close cooperation between these governance functions and the operative business departments (= vertical integration) creates transparency pertaining to risks and opportunities within a company. If, in particular, risk management and compliance position themselves as “business enabler”, operative functions are relieved from unnecessary administrative burden and the corporate performance is strengthened.

    The below standing image illustrates the “GRC-Framework” – a systematic approach towards GRC-management that is based on many years of practical experience and the principles described above.

    Since it is virtually impossible to go into every single dimension of this GRC-Framework here, I want to at least describe briefly some of its major principles – and, by doing so, demonstrate the specific added value an Integrated GRC-Management can provide.

    • … from isolated to integrated:

    Oftentimes, Risk Management, Compliance and other governance functions tend to act independently from each other’s. Different conceptions as well as deviating procedures and content- and time-related reconciliations lead to increased coordination efforts, redundancies in data collection, analyses and documentation and, last but not least, to heterogenous decisions. Silo-thinking leads to unnecessary burden for operative business functions and hinders transparency within the company. This explains why it is so important to identify and to utilize synergies among the GRC-functions across the entire value chain.

    • … from reactive to anticipative:

    It is one of the objectives of any GRC-Management to not only react to negative consequences that have occurred in the past but, in fact, to anticipate potential risks. By using practical professional experience, analogy circuits from other companies as well as theoretical reflections and by involving Compliance and Risk Management early into important business decisions, risks can be identified and managed in due time and crises can be avoided before they occur.

    • … from a pure cost factor to a provider of added value:

    The added value of an integrated GRC function consists of three components: Firstly, GRC adds value by effectively fulfilling its tasks and, thus, satisfying legal requirements. Secondly, GRC adds value by efficiently using the existing organization and procedures within the company. And thirdly, GRC adds value by supporting the entire company in successfully managing legal, financial and reputational upside and downside risks. By fulfilling all three aspects of its value proposition, the GRC functions position themselves as consultative, normative and protective function for the enterprise and its representatives.

    The major principles of an integrated GRC-Management reveal that it addresses every member of a corporate organization: The close integration and cooperation of the governance functions facilitate an effective and efficient risk- and compliance management. Just as important, however, is the close and trustful cooperation between these governance functions and the operative business areas. Together, they generate full transparency on opportunities and threats. And together, they are able to find suitable solutions to handle these risks in the interest of the company.

    Practice: Why the FinTech-Branch can be a Pioneer

    What is true for the economy in general, is the case for the FinTech-branch in particular: Managing the stress field of effective compliance and corporate agility has become a major success factor in times of increasing competitive pressure. In addition, FinTechs are confronted with a number of specific challenges:

    • Competition

    FinTechs are operating on a market that is characterized by a growing competitive pressure – pressure which has increased, to some extent, as a consequence of newly born FinTechs themselves. Since financial services can usually not be patented, they are not well protected against imitations from other market participants. Therefore, internal procedures (which cannot be detected from the outside) become more and more important as a competitive success factor. Hence, how effective and efficient governance functions work contributes to the market success of a FinTech company.

    • Regulation

    Depending on the specific business model, FinTechs are oftentimes operating in a regulatory environment that poses enhanced demands to these companies’ business organization. Whether it is banks, insurance companies or asset managers – many startups in the financial services industry are obliged to fulfill high (BaFin-) standards from the very first day on. This includes, but is not limited to, risk management and compliance. Against this background, it becomes evident that the more these governance functions perceive themselves as active partners to the operative business divisions, the better they will be able to support the entire company in finding effective solutions and, by doing so, ensuring responsible business conduct.

    • Innovation

    Scientific studies prove: A „too much” of purely rule-based compliance impedes creativity and innovation. In the corporate FinTech context, however, these skills are of utmost importance for the success of startups. Consequently, FinTech startups need Chief Compliance & Risk Officers who themselves are creative in finding the right balance between trust and control.

    By successfully launching twelve ventures since 2014, FinLeap GmbH has become known as effective company builder in the FinTech market. Distinct skills in the areas of financial services, technology and entrepreneurship have contributed to FinLeap’s growth and made the company a central player on the market. By establishing the role of the Group Chief Compliance Officer (a role which the author of this article holds), FinLeap has started the journey of further professionalizing and systematically developing its compliance- and risk management procedures. And by doing so, produce evidence that corporate performance and responsible business conduct go hand in hand when it comes to reshaping finance in every sense.

    About the author:

    Dr. Stefan Otremba is the Group Chief Compliance Officer at FinLeap GmbH. He is responsible for the establishment and sustainable anchoring of Compliance in the company builder itself as well as the various ventures. Before joining FinLeap, Stefan held different roles in governance- and finance functions at Daimler AG. Among others, he was Daimler’s Global Head of Anti-Money Laundering, Sanctions Compliance & Compliance Operations. In addition, Stefan is speaker of the Forum Compliance & Integrity – a thinktank in the areas of compliance and integrity management. As an author, he is an active contributor to the GRC community. His last book covered “GRC-Management as Interdisciplinary Corporate Governance”. More information about Stefan and his publication portfolio can be found under: http://www.grc-management.de/


    Stefan Otremba