Governance, Risk and Compliance is all about how to best manage a business. The session will present a case study of how a GRC program can successfully alleviate risks by aligning basic components of GRC: strategy, process, people and technology of an organization. The session will cover:

  • Best practices from a perspective on the GRC landscape
  • Insights on utilizing available professional guidance
  • tips to simplify implementation
  • steps to improve focus on the objective: improved business performance



Claude Baksh, Chief Compliance Officer, Sun Life
Tahera Sultana, Head of Compliance, Woori Global
David Law, Head of Compliance, Axis Bank Limited


By Claude Baksh
  • The ability to better manage future events and/or risks is driving the need for an integrated GRC approach. Financial Institutions have recognized that they need to be more anticipatory and proactive to be successful. Challenges include:
    • Anticipating improved financial and non-financial information accountability and transparency demands by investors and other stakeholders (analysts, regulators, shareholders, Boards)
    • Managing more complex business models e.g., multi-territory operations with a mix of wholly-owned to joint venture partnerships
    • Dealing with greater dependency on an increasing variety of different stakeholders to execute successful strategy
    • Accelerating the rate of change required due to an increase in competitive pressures (new products, methods of distribution)
  • How to achieve this – By understanding the demands of your organization’s stakeholders in terms of performance and conformance, and aligning the organization to deliver against these objectives, in consideration of the risk appetite and risk tolerance of the organization. The people, processes and technology should be designed and deployed such that the achievement of objectives are measured, risks assessed and continuous improvement realized in support of effective governance, risk management and compliance – continuous and timely sharing of information and leveraging of each other (silo) work products to mitigate risks, reduce duplication and add value.
    • Embed and integrate the Governance, Enterprise Risk Management and Compliance operations intelligence models (strategy, people, process, technology) to provide a dynamic continuous improvement model for better intelligence gathering, risk assessment and reporting, and overall more substantive decision making by Management and Boards.
    • The objective is to unify the silos that divide corporate oversight, standardize processes, increase communication, decrease operational costs, and secure competitive advantage.
    • At the end of the day the key is the people and relationships built to deliver on the shared objectives cross control silos in a concise manner to allow Management and Boards the ability to make timely decisions on risk management.
For those who are interested in the origin of Corporate Governance and Compliance as we know it today, the case that gave rise to current international standards and regulations is the Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996), is a Delaware Court of Chancery decision setting out an expanded discussion of a director's duty of care in the oversight context. 
For further information, please contact:
Claude Baksh, VP & Chief Compliance Officer, Asia Sun Life Financial


Leave a Reply

You must be logged in to post a comment.