The Situation
Due to a plethora of different regulatory requirements, a large global Systemically Important Bank (G-SIB) found itself struggling with risk assessments being performed multiple times, by multiple assurance groups on the same risks, resulting in a complex set of redundant, and sometimes overlapping, information e.g. RCSA, RRA, AML, SOX, IT, MRI.
They needed a common framework and approach that harmonized risk language across the firm (particularly Enterprise Risk Management, Compliance, IT, Finance, Audit), promoting clarity and transparency.
The business needed to move to a situation where it assessed risk once, and then used those results to respond to the different risk assurance programs.
The Satori Solution
We supported a program to develop and maintain a risk and controls taxonomy containing standard definitions, descriptions and risk rating scales to be adopted by participating risk and control functions e.g. Audit, compliance, Finance, IT, Enterprise Risk Management.
We developed an understanding between the various functional areas on how the different components of reference data related to each other. This included: organizational hierarchy (Business Unit, Legal Entity), Jurisdiction, Products & Services, Business Process, Risk, Control, Regulator, Regulatory Theme and Regulatory Obligation.
Our role involved working across the various stakeholder groups to address objections and reach consensus.
The Results
The harmonization framework we developed provided a mechanism to facilitate cross-functional discussion and alignment.
Risk Convergence provides the foundation upon which clarity, transparency and operational efficiency can be achieved.