Hit Enter to search or Escape to close
A global financial institution was required to design, develop and implement an end-to-end risk and control framework to identify, eliminate and minimize risks across business lines and functions to ensure compliance risk management. The bank’s Independent Compliance Risk Management function is a second line of defense function that manages compliance risks and ensures adherence to applicable laws, rules, and regulations. This involves setting risk policies, overseeing aggregate risk categories, and performing independent testing and monitoring activities to identify and escalate compliance issues. The ICRM’s goal is to provide credible challenge to the business and protect the firm, its clients, and assets from reputational damage and other harm.
Challenge
The primary objective of this engagement was to enable the bank to strengthen compliance risk management by defining, implementing and executing monitoring procedures addressing key compliance risks impacting front, middle and back office operations, in accordance with the bank’s Compliance Risk Management guidelines, policies and procedures. The project involved performing Regulatory Inventory Assessment of applicable Laws, Rules and Regulations (LRRs) to MCAs Assessment Units (AUs) and Controls and managing the centralized diagnostic and remediation efforts facilitating central governance, communications, planning, progress tracking, and a consistent global approach to remediation thus enabling a robust control framework across 250+ assessment units and 3 regions globally.
Delivery
The key components of the execution include:
- Risk and Control Framework: Designing and implementing an end-to-end risk and control framework across business units. The key components of the framework include – Risk Identification, Risk measurement and assessment, Risk monitoring and mitigation and Governance.
- Establish internal control environment
- Identification and analysis of various risks impacting the bank’s business activities
- Designing and implementing control activities
- Assess that controls are properly applied to the system
- Develop information and communication channels
- Establish monitoring activities
- Policy and Procedures: Establishing and implementing enterprise-wide compliance risk policies, procedures and guidelines.
- Process and Controls Design: Design of detailed process workflows and controls to capture the necessary business activity, risk, control and monitoring activities.
- Regulatory Mapping Interpretation and Assessment:
- Interpretation and analysis of global regulations including FRB Banking Regulations, Basel III, Prudential Regulations, General Data Protection Guidelines (GDPR), Financial and anti-crime compliance.
- Identified Risk and Controls based on applicability analysis and aligned 2LoD Risk regulatory risk responsibilities to Activities, Risks, Controls and Monitoring (ARCMs)
- Performing Regulatory Inventory Assessment of applicable Laws, Rules and Regulations (LRRs) to MCAs Assessment Units (AUs) and Controls
- Regulatory Mapping Workflow: Performing mapping of risk and controls in the bank’s centralized risk and control system to enable systematic workflow for capturing the applicable activity, risk, controls and monitoring activities
- Approvals: Stakeholder group review including obtaining approvals from the ICRM function
- Independent Testing: Performing independent compliance testing and monitoring business activities to assess risks and the effectiveness of controls.
- Collaboration across business functions: Working closely with internal areas including Legal, Business Management, Operations, and Technology to address compliance issues and supports the business in performing compliance reviews of new products and training.
- Regulatory Engagement: Assist with regulatory inquiries and examinations by coordinating responses for regulators and internal stakeholders.
- Remediation Plan: Defining a centralized remediation plan across lines of business and assessment units to track end-to-end remediation efforts to remediate existing gaps and enable improvements to the risk and control inventory.
- Global Remediation Support: Provide remediation support facilitating central governance, communications, planning, progress tracking, and defining a consistent global approach to remediation to address ongoing compliance risk.
- Process Improvement: Active participation in ongoing process improvement activities to improve efficiency, effectiveness and adaptability of the various business processes.
- Status Reporting: Centralized status reporting across the Program and key stakeholders to track and monitor remediation efforts, program progress, and address key risks and issues.
- Documentation: Documentation of various project artifacts including risk and control framework, activity, risk and controls mappings (ARCMs), controls definitions, remediation plans, status reporting materials, and RAID logs, related to the program implementation.
Value Creation
Achievements
- Risk and Control Framework: Ensured application of a well-defined and robust risk and control framework across the bank’s businesses.
- Policies and Procedures: Governing policies, procedures and guidelines ensured consistent identification, monitoring and risk mitigation across various businesses, products, geographies, sectors, regions, and industries.
- Controls Design: Designed and implemented new/update of existing controls inventory across various businesses and assessment units, resulting in improved and enhanced compliance risk management.
- Compliance Testing: Compliance testing and monitoring of the developed controls to assess the effectiveness of risks, resulting in improved tracking and reporting of risks across business activities.
- Remediation Plan: Comprehensive remediation plan across business lines to ensure smooth tracking and reporting to both internal and external stakeholders.
- Effective Collaboration: Fostered better collaboration of ICRM with other functions such as Legal, Business Management, Operations, and Technology to address compliance issues.
Impact
- Regulatory Compliance: Alignment with applicable regulatory requirements through implementation of effective risk framework, monitoring and control activities.
- Strengthen Risk Management: Strengthen compliance risk management across various business lines, assessment and reporting units of the bank.
- Improved Risk Assessment and Challenge: Providing independent challenge to business activities, decisions and escalation of identified issues with transparency by assessing risks related to various global regulations.