Instead, the costs associated with say setting up a biometric system are seen as too high and better invested elsewhere. Dr. Matunda Nyanchama, a Canada-based consultant, gave the example of Canadian banks that came out of the global financial crisis unscathed because of stringent governance and compliance systems. “Regulation (in Canada) is done to a ‘T’,” Nyanchama said. “When the crisis came, the nation was saved.”
Eric Lusaka, a governance, risk and compliance consultant at PWC Kenya said these related functions tend to be muddled up or lumped together when they should be separately defined. In some organizations, compliance is placed together with risk while in others it is found in a legal and compliance department.
Yet compliance should be used to stringently enforce rules and regulations that should be followed when assessing credit risk and information security. “When problems arise each side says you are responsible,” Lusaka said. Hesham Hamdy, Chief Risk Officer of Arab International Bank of Egypt said such roles should be well defined. “It is better to segregate the duties. The functions are different,” Hamdy said. “I cannot head compliance and audit.” Hamdy said the roles sometimes overlap but that should be seen as an advantage.
Lusaka of PWC advised that banks use an umbrella model that converges information from these different functions together to avoid duplication of duties and the existence of contradicting information about the same issues in one bank. For example, the risk department may have different sets of risks from the Information Security department. Lusaka also identified information security as one area banks have yet to address fully. “Information Security is treated not as a strategic investment but as something nice to do,” said Lusaka. “Something as biometrics is seen as too expensive.”