GRC Means Governance, Risk & Compliance

GRC is an abbreviation for Governance, Risk and Compliance. These three functions are put together to increase efficiency and efficacy. Governance is responsible for overseeing the implementation of decisions made by the board of directors. Risk is responsible for analyzing all risks that impact revenue and operations. Compliance is responsible for meeting regulatory requirements to reduce, primarily, legal exposure. So, protect the integrity of management decisions, protect the business that makes the organization successful, and protect the organization from unnecessarily dealings with governments.

Going Through TSA
Going Through TSA

Depending on the industry, an organization maybe have licensed attorneys as heads of each of these areas. Other times, a separate legal department is created not just to deal with litigation issues but advising the organization on any combination of these three issues, there by allowing the organization to have functional and industry experts lead these areas. Governance can be lead by MIS or Audit professional – MIS means Management Information Systems. Risk can be lead by IT or operations professional – IT means Information Technology. Compliance can be led by Audit or front-office professional.

Front-office is a term used for the area of an organization that focuses on revenue and sales. Bankers in a bank are front-office professionals.

All three areas require a combinations of special knowledge.
Governance covers management issues, an understanding of operations, concerns of investors and shareholders and information being shared within the organization, both how and what. This person must have a strong understanding of the organization’s structure.

Risk covers capital requirements (if a bank), supply chain, losses from inefficiencies in the operations and the like. This person must have a strong understanding of how the business operates.

Compliance covers regulatory exams and responses, investigation, surveillance, monitoring, controls and policies and procedures, and sanctions (if a bank). This person must have a strong understanding of expectations by regulators as well as be a person who can persuade line-of-business professionals to buy-in to a set of rules for the whole organization to play by.


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Three Ways To Becoming A Compliance Professional

For the longest time, compliance officers were people with background in law and audit. These are still very useful ways to get into compliance. Over the past three decade, the regulatory environment for financial services firms have become so complex, compliance officers have started to develop training and credentials more focused on the broadened role their profession has taken. Here are three credentials the industry recognizes.

ACAMS LogoCAMS – Certified Anti-Money Laundering Specialist
A certificate that requires higher education, experience and passing an exam, it addresses the largest work of a compliance department. Additionally, three professional references are required to take the exam. The exam is computerized and takes 3.5 hours. There are 120 question in total. The body of knowledge required to pass the exam includes understanding:

  • how money is laundered,
  • various standards for policies and procedures to combat money laundering,
  • how to develop an anti-money laundering program,
  • how to conduct investigations, and
  • how to interact with regulators.

ACFE LogoCFE – Certified Fraud Examiner
A certificate that requires an undergraduate degree, experience and passing an exam, it cover fraud in all industries, not just financial services. The exam is taken at home or in the office with a Windows based web browser. The candidate has 10 hours to complete and submit the 125-question exam. The body of knowledge required to pass the exam includes understanding of:

  • Financial Transactions,
  • Law,
  • Investigation, and
  • Prevention.

ABA LogoCRCM – Certified Regulatory Compliance Manager
Provided by the American Bankers Association, this certificate requires three years of experience, and exam and a combination of conferences and continuing education credits. The 4-hour exam contains 200 questions and covers the regulatory compliance following topics:

  • Credit
  • Deposit
  • Bank Operations
  • BSA/AML/OFAC
  • CRA
  • Privacy

For all certificates, the profession must maintain membership and participate in continuing education.


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.
He tweets @MoneyCompliance