In advance of our new Governance, Risk & Compliance (GRC) Masterclass this October 2019, we asked course trainer Adrien Lefèvre…
Q: How is GRC generally approached in the iGaming sector? How could an integrated approach improve business outcomes?
A: Many operators may have approached the components of GRC (governance, risk, compliance) individually – but often efforts are conducted in an isolated and disassociated manner. There’s also a tendency to focus on high decision-making level rather than operational integration.
It’s common that operators have designed and implemented risk assessments, compliance policies, procedures and processes within narrow risk areas. These activities can generally be categorised as ‘reactive’ (as opposed to ‘proactive’ risk anticipation) and are often conducted in defined locations (business units, departments, specific jurisdictions), without consideration of how or when the organisation has eventually addressed similar issues in other areas (committees, Business Units, Board meetings, Audits, Risk assessments.) It’s rare that items have been fully addressed as per the organisation’s Risk appetite and Tolerance statements?
As a result, numerous processes and controls are buried in isolated silos, leading to lack of consistency, duplication, major gaps and multi-jurisdictional deficiencies.
“Common activities undertaken by operators can generally be categorised as ‘reactive’ (as opposed to ‘proactive’ risk anticipation)”
To better understand the GRC integrated system, it is necessary to more closely examine the individual GRC components of governance, risk management and compliance, as well as some of the significant supporting functions that contribute to GRC goals.
A GRC strategy is a macro solution to a macro problem, that addresses all the separate problems that come up as the business environment changes.”
Adrien Lefèvre is a GRC specialist who currently occupies the role of Executive Advisor at gaming and banking specialist firm Ronin Advisory