• News
  • Columns
  • Interviews
  • BW Communities
  • Events
  • BW TV
  • Subscribe to Print
  • Editorial Calendar 19-20
BW Businessworld

‘Bringing In The Best Practices’

Photo Credit :

As fraud and financial irregularities tumble out with sickening regularity the world over, there is increasing concern among banks and corporations to plug the loopholes. Indian firms are also under great pressure to improve governance and ensure compliance with both domestic and global regulations. Information giant Thomson Reuters’ president of financial and risk business, David Craig spoke to BW’s Gurbir Singh about governance, risk and compliance (GRC), which accounts for 60 per cent of the company’s revenue. Edited excerpts from the interview:

It was a milestone in media when the two giants, Thomson and Reuters, merged in 2008. How have things changed since then?
It's interesting: are we are a media company or an information company? We are mainly an information company, with a legal business, tax accounting, IP and Science, and financial risk which is the largest one. The merger of Reuters and Thompson has created a very strong information company; and it is good that it happened before the downturn, as it proved we are a very resilient business. Reuters brought an international element, a global element to Reuters; by having a strong legal business, we were able to do GRC - governance, risk and compliance. We would not have been able to do that without a strong legal business. GRC is the intersection between banking and law. It is the biggest evidence of the success of bringing the 2 companies together.

You have seen the worst of the financial markets close hand. How bad is it? Where do we stand today?
This year has been tough in Europe. Many banks have shut down. Many banks have lain off their people. Are we at the bottom? Can't say, maybe it feels so. Europe is coming through. A couple of things have changed. One of them is the way banks are looking at costs. Cost is not just about saving money. It is the way banks look at their supply chain. The analogy I like to use is: If I were a car manufacturer, then I would want to have a rubber plantation to make the tires; and a field full of cows for the leather to make seats. But we don't need to do all these things ourselves. It is that which has created all these opportunities for us. Banks are not going to invest the same amount of money in technology; they are going to look at partners like us. 

It is still a recessionary climate as you mentioned. For banks and financial institutions, which are the key areas of concern that they are currently tackling?
They don't want so many vendors. It is always very expensive managing too many vendors. Our platforms have always been very good at integrating third parties. They don't want to manage all the services for data themselves. It is also not very efficient either. It does not make sense for banks to copy other banks to create their own legal entry data. It makes sense for us to do it once, and then share that into the market. GRC is an interesting example. What we do is to collect every day from 340 regulators around the world every single update on financial services. We process that, we atomize it, we organise it so that it can be searched. If we did not do it, every single bank would have to have a small army of legally trained people doing this. 

When did risk management and the allied areas like compliance start as a business for you?
Our GRC business has been only 3 years old. I stepped down from my role as head of strategy. I assembled a team in London and New York. I spent a year meeting the most influential compliance officers of banks. We then acquired a company CompliNet - Compliance Network. It gave us the opportunity to share information between regulators, compliance officers, lawyers, auditors. CompliNet had created that community, and it was a fantastic acquisition. We used it as a catalyst. Since then we integrated a company we acquired, Pasely, which does audit; then acquired WorldCheck. It does screening, for frauds, helps banks round the world to protect themselves from companies and people who do money laundering. These acquisitions made us truly global, and for the GRC business you have to be global; you can't say you have what Brussels says, but not have what the SEC (Securities & Exchanges Commission of the US) says. So that is what we bring to the Indian market is the global regulatory framework which is so important here because of the reliance on external investments.

You say you started your risk and compliance business just 3 years ago. What were the banks doing before that? Were they all grappling with these issues individually?
The banks and government in India are beginning to realise that they have to tackle this issue. The banks are on the frontline. It is no different from anywhere else in the world. I have been in the business for 4-5 years, and I have realized that governments - be it the US or the UK government - do not have the resources to tackle this issue. They rely on banks to be the policemen if you like, the frontline to tackle frauds. What is now happening in India, which has happened elsewhere, is that banks and government are getting together to put rules, and processes and standards in place. This is not brand new, but then India is raising the bar through its banks. No country is free from scandals.
The merger: Craig co-ran the integration of the two companies after the $17-billion acquisition of Reuters by Thomson in 2008
The GRC agenda: This business provides the Accelus suite — a comprehensive information software, and service solutions for customers in highly regulated industries
Story markers: The agency generates around 1 million market stories a year
India connect: The Bangalore office, which was started in 1997, is a hub for 10,000 people (of the 60,000 worldwide) and much of the firm’s research, content, and product development
Revenues: $12.7 billion (in 2011); $7.3 billion (from GRC in 2011)

How big is the issue of fraud in India? How concerned are bankers about this problem?
I don't know how big it is. It is something on the agenda as the banking system matures. It is a tough challenge because it requires information. And information is not that easily available in India as it is outside. That is where we help. We are growing among corporations very fast because corporations have to look at their suppliers, their resellers, their partners, and they have to see that things are operated in a legitimate way. The other big push is the governance of the board, the information the board receives, the control of that information. We have products and services that manage that. We are working with partners to bring best practice to India from around the world.

Structurally, do you have different verticals for corporations on one hand, and banks and financial institutions, on the other?
We see corporations as part of the financial community. If you go to a trading desk at the Tatas, it looks pretty much like a bank. We don't segment around 'company'; we segment around 'role'. That is a change that we made. Similarly, a bank often has the same needs as an FX trader or a corporate treasury group. A compliance officer looking at a supply chain in a company is often doing the same job as a compliance officer in a bank. Corporations are just part of the global financial community.

Different markets look at fraud differently. Look at the Walmart case. In India, the $ 25 million it spent on what it considers 'lobbying' is being interpreted by some in India as money spent on bribery. What do you make of these different languages spoken?
The legal framework in the US is different from India. Lobbying in the US is a regulated area. In India, there is no legal definition of 'lobbying' and companies should be therefore very aware of the perception risk. In the Starbucks case in the UK, it was not paying very much tax. It was not breaking any law either. It was just being tax efficient. But the perception risk with consumers and its employees was an area of concern. So for a company, reputation risk is serious business. Brands and reputations can be damaged very, very quickly. That is why we call it financial risk. It is not just market risk, or other traditional risk. There is reputation risk, brand risk, fraud risk, IP risk, operation risk. It is a much more holistic view of risk management that people have to be aware of. Walmart does not want that type of reputation in India. The political and legal debate can go on, but reputation has been damaged.

A routine filing by Walmart triggered a huge parliamentary debate on 'lobbying' spends in India…
Increased disclosure is going to lead to more and more companies around the work being scrutinised for what they are doing. You are seeing increased disclosure in India too; SEBI has announced that core companies must disclose electronically. We participate in the disclosures market. There is a huge amount of information being disclosed; and that it is in the public domain. You can't afford to be caught out after you have disclosed. You want to prevent that.

The Right to Information Act opened up the books of the government in India. Now the demand is to extend the RTI Act to the corporations too. It is only a matter of time when this will happen.
With more information, your behavior footprint is lasting longer. It is becoming harder and harder to hide things. So you have to put more protection in place, often to protect yourself against your employees doing bad things or unintended consequences. You also have a decreasing level of trust. The financial crisis has created a trust crisis. If we look at the trust index of financial institutions, they are at a all-time low. UBS fined $1.8 billion, HSBC $1.2 billion.

Perception levels of banks in India are fairly high; but one can't say the same things about corporations. Some very big groups like Satyam have been caught out, and that has created negative perception.
Satyam…that was a global story. There is a trust gap for corporations around the world, and they are trying to solve that with better governance. The difference banks and corporations in India is that the corporations are way more exposed and reliant on the global market than the banks. The Tatas and Infosys, who are expanding, are now much more exposed to global standards. India had Satyam, the US had Enron, Japan had its Olympus, UK its BAe, and Germany had Siemens. So what happens after these events is that there is a kind of shock that good companies like these are seen to be breaking the rules, and acting in a way that no one can be proud of. And then there are calls for higher regulation. And the way the two are connected is that the financial industry is the conduit for the money invested in these companies that are listed on the exchanges. So the financial community is saying to these companies that you need to clean up. The exchanges too are saying that if you are listing here, you need to hold a higher standard of disclosure.

There is also the issue of sanctions, the political implications of sanctions, Arab Spring, Iran, counter-terrorism. The US state department announcing sanctions against Iranian companies means that a Satyam or Tatas cannot be caught out doing business with these embargoed companies. During the Arab Spring, when there were sanctions imposed against the Gadaffi family, within 20 minutes our data bases had all the information - who were they, what organisations were they related with. If companies were to do that themselves, it would mean phenomenal cost.
(This story was published in Businessworld Issue Dated 04-02-2013)