Situation
Due to a plethora of different regulatory requirements, a large global Systemically Important Bank (G-SIB) found itself struggling with risk assessments being performed multiple times, by multiple assurance groups on the same risks, resulting in a complex set of redundant, and sometimes overlapping, information e.g. RCSA, RRA, AML, SOX, IT, MRI.
The client needed a common framework and approach that harmonized risk language across the firm (particularly Enterprise Risk Management, Compliance, IT, Finance, Audit), promoting clarity and transparency. However, use of language is highly political, especially within large organizations with different stakeholder agendas and arriving at a consensus is critical given that the power to say “no” is widespread.
Essentially, the business needed to move to a situation where it assessed risk once, and then used those results to respond to the different risk assurance programs.
Satori Solution
We worked with the SVP, Operational Risk, and representatives from ERM, First Line of Defense (FLOD – i.e. the business) and Compliance to support a program for developing and maintaining a risk and controls taxonomy. It contained standard definitions, descriptions, and risk rating scales to be adopted by participating risk and control functions e.g. Audit, Compliance, Finance, IT, Enterprise Risk Management.
We developed an understanding between the various functional areas on how the different components of reference data related to each other. This included – Organizational hierarchy (Business Unit, Legal Entity), Jurisdiction, Products & Services, Business Process, Risk, Control, Regulator, Regulatory Theme, and Regulatory Obligation.
Our role also involved working across the various stakeholder groups to address objections and reach consensus.
Results
The harmonization framework we developed provided a mechanism to facilitate cross-functional discussion and alignment. Risk Convergence provided the foundation upon which clarity, transparency, and operational efficiency was achieved.