Versions Compared

Version Old Version 2 New Version Current
Changes made by

Sunay Zelawat

Sunay Zelawat

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1. Introduction

/* To be added */

1.1. Mission

The Governance Risk and Compliance Special Interest Group (GRCSIG ) represents industry professionals working together to study how Hyperledger DLTs interact with Governance Risk & Compliance use cases. Issuance and trading of instruments to continued market-making, management of risk, program-trading, standards, regulations, capital requirements, traceability, post trade settlement, custody including corporate actions for Governance Risk & Compliance. We would like to have all your attention for the launch of the Special Interest Group of GRC on Blockchain. The launch of Hyperledger GRC SIG is designed to focus on the optimization of GRC on the blockchain. We would be happy to work with enthusiastic developers and all manner of professionals to take this SIG forward and make it into an industry standard.

To keep it in simple words, GRC – SIG uses decentralized, permissioned Hyperledger blockchain to build applications that will streamline the way global organizations run their businesses. Blockchain has a huge potential on data accessibility along with cryptographic hash security in a transparent manner. The SIG will use the following relevant technologies like

  1. Hyperledger Fabric
  2. Token
  3. DAO
  4. New Consensus Mechanism

The span of a Governance, Risk and Compliance process includes three elements

  • Governance is the oversight role and the process by which companies manage and mitigate business risks
  • Risk management enables an organization to evaluate all relevant business and regulatory risks and controls and monitor mitigation actions in a structured manner
  • Compliance ensures that an organization has the processes and internal controls to meet the requirements imposed by governmental bodies, regulators, industry mandates, or internal policies.

Governance: With an increase in activism among shareholders and increased scrutiny from the regulatory bodies, corporate boards and executive teams are more focused on governance-related issues than ever before. The governance process within n organization includes elements such as definition and communication of corporate control, key policies, enterprise risk management, regulatory and compliance management and oversight (e.g., compliance with ethics and options compliance as well as overall oversight of regulatory issues) and evaluating business performance through balanced scorecards, risk scorecards, and operational dashboards. A governance process integrates all these elements into a coherent process to drive corporate governance.

Risk Management: With the recent jump in regulatory mandates and increasingly activist shareholders, many organizations have become sensitized to identifying and managing areas of risk in their business: whether it is financial, operational, IT, brand, or reputation-related risk. These risks are no longer considered the sole responsibility of specialists - executives and the boards demand visibility into exposure and status so they can effectively manage the organization’s long-term strategies. As a result, companies are looking to systemically identify, measure, prioritize and respond to all types of risk in the business, and then manage any exposure accordingly. A risk management process provides a strategic orientation for companies of all sizes in all geographies with a formal process to identify, measure and manage risk.

Compliance: An initiative to comply with a regulation typically begins as a project as companies race to meet deadlines to comply with that regulation. These projects consume significant resources as meeting the deadline becomes the most important objective. However, compliance is not a one-time event - organizations realize that they need to make it into a repeatable process, so that they can continue to sustain compliance with that regulation at a lower cost than for the first deadline. When an organization is dealing with multiple regulations at the same time, a streamlined process of managing compliance with each of these initiatives is critical, or else, costs can spiral out of control, and the risk of non-compliance increases. The compliance process enables organizations to make compliance repeatable and hence enables them to sustain it on an ongoing basis at a lower cost.

Governance Risk and Compliance ProcessImage Added

Note: GRC Framework definition by MetricStream

1.1. Mission

The Governance Risk and Compliance Special Interest Group (GRCSIG ) represents industry professionals working together to study how Hyperledger DLTs interact with Governance Risk & Compliance use cases. The Mission of this group is to research blockchain as a technology and its right use in the GRC space, work with other contributors to define standards in the GRC space and work on PoCs to generate value and to develop acceptance of DLT with GRC Practitioners. If interested and open to contributing, you can register yourself via this link, you will need a Linux Foundation ID to access the SIG. You can add your detail to the Member Directory post-registration. please also Subscribe to the Group Mailing List and post an introduction there so other group members can get to know you. 

This group also explores architecture, identity, and performance-related considerations specific to Governance Risk & Compliance and DLTs. Business and technology professionals from the Governance Risk & Compliance world come together in this SIG to discuss, brain storm brainstorm and learn from each other. 

...

Under the different topic groups, led by subject matter experts; we will work on documents, diagrams, presentations, implementations, or road maps of solutions. For existing projects, as well as outputs please see the link

As we collaborate, all output will be made available in the open. For ease of discovery by new comers newcomers and others, this material will be annotated and labeled with keywords for easy searching. The aim is to  If any code is produced, the output will be easily downloadable from open-source. Documentation and deployment will be made as friction-less frictionless as possible. SIG members who are in touch with practitioner groups, as well as working groups, the technical steering committee, and other SIGs, will either bring knowledge of methods and practice from such groups or push out our findings to these groups to create synergy in the Hyperledger ecosystem.   

...

  • Identifying related proofs of concepts, current pilots, use cases, and functional architecture in Governance Risk & Compliance;

  • Sharing stories of successes, failures, opportunities, and challenges;

  • Identifying conferences or other opportunities to connect face to face, as well as submit talks or present as a group at an event.

...

Hyperledger SIGs are open and global communities where anyone from anywhere can and should be able to participate, contribute, and access tools and information.  For example, this means that even with meetings that are held via teleconference, we have to involve those not on the calls who are online. Best practice in an open and global community is to keep in mind time zone differences of the group participants and make sure to include non-meeting participants in group discussions and decisions by active use of the mailing list, the wiki and Rocket Chat. All SIGs must adhere to the Hyperledger Code of Conduct and Anti-Trust Policy (see below) during meetings:

...

GRCSIG membership shall be free and open to members of the community who have an interest in issues as they relate to the SIG topic technologies in general, and blockchain technologies. SIG membership is established by subscription to the mailing list.

All participation in the groups activities is voluntary. It is perfectly fine to listen in to a group and do nothing. Of course active contribution is our goal, but it is not a requirement for membership.

Anyone can propose agenda items, activities, and work products. In work products, the only requirement is there's enough buy-in from community members to want to volunteer to complete the product.

7.2 Governance

Governance of the GRCSIG shall be managed through its membership in accordance with the guidelines and overriding jurisdiction of Hyperledger leadership.

...

If more than one office role is available, an GRCSIG officer shall not hold more than one office role at any given time.

7.3a Eligibility

For consideration of an office of GRCSIG, a GRCSIG officer-in-consideration must be:

  • An active contributor within the GRCSIG community

7.3b Election

The first interim Chair of a SIG is nominated by the initial proposer of the SIG and s/he serves for approximately 90 days or up to the first 6 meetings as long as the SIG has active participation and contributors. All future Chairs will be selected through an election process where group members vote.

...

  1. Candidates email the mailing list individually and provide a statement of candidacy indicating why s/he is a good candidate for chair.

  2. Candidates email the Hyperledger point of contact with their statement of candidacy. Once all are received, Hyperledger point of contact gathers all submissions and posts the names and candidate statements in the mailing list altogether for the community to review.

8. Election Process

8.1 Voting

All GRCSIG members shall have one vote. All membership votes shall be based on a simple majority, unless otherwise noted.

...

The GRCSIG shall follow the direction of Hyperledger POC for the voting process. In the event of a tied vote, a ranking GRCSIG officer shall be granted a tie-breaking vote.

8.2 Early Elections

In the case where an existing Chair is not able to complete their term, an early election can be called. For instance, if a Chair has a change at their work that causes them to not have the time to devote to the SIG or if a Chair is no longer performing the responsibilities assigned to the role of the office, then a new Chair will need to be elected. At any time over the course of an GRCSIG officer’s tenure, GRCSIG member(s) may identify whether the Chair is fulfilling the responsibilities.

A new election process can be started by having a discussion on the group’s list or by communication by the Hyperledger POC. In that discussion, the Chair may announce they are stepping down.  

9. SIG Chair

9.1 Responsibilities

An GRCSIG Chair is responsible for the following items:

  • Facilitating the group and helping ensure that the mission statement and goals are observed and met

  • Scheduling and facilitating regular General Meetings open to all GRCSIG membership

  • Developing and distributing meeting agendas at least one business day before the scheduled meeting

  • Ensuring that all group members have the opportunity to participate in decisions and provide input even when not attending a meeting. SIG communities are global and a chair should make efforts to ensure all are included in the community’s activities. This can be done by ensuring meeting notes are shared after calls and any major decisions are shared on the mailing list.

  • Ensure recordings/minutes are taken during meetings which captures the discussion and includes a list of meeting participants, shared post meeting, and are added to the SIG wiki page

  • Manage the SIG wiki page

  • Generate Special Interest Group Quarterly Updates to present to Hyperledger POC in a timely manner and communicate regularly on any concerns or questions related to the SIG

  • Serving as a proxy and ambassador for GRCSIG membership (as appropriate)

  • Enforcing adherence to the Hyperledger Code of Conduct and communicating the Anti-Trust Policy


9.2 Term Length

An GRCSIG officer shall serve for a period of one year from the start of the SIG group (for the first chair) or the last election date. An GRCSIG officer may be elected into office for unlimited consecutive terms.

At such time a member is to be considered for the role of an GRCSIG officer, or a sitting GRCSIG officer is to be reconsidered for that role, an election process (as identified in the Election section) shall be commenced not less than four weeks in advance of the end of the current GRCSIG term.

9.3 Removing an existing Chair

There are a few cases in which an existing SIG chair can be removed:

...

Upon the determination that an a GRCSIG officer is no longer performing the responsibilities assigned to the role of the office, GRCSIG member(s) may perform the following actions:

...

All GRCSIG membership meetings are placed on the Hyperledger Community Calendar. To ensure that a cancelled meeting is removed from the calendar, the person leading the meeting shall send a meeting cancellation request to zoom@hyperledger.org.

Additionally, a meeting cancellation notification shall be made to GRCSIG membership through both the mailing list and chat channels.

...