Add to collection(s) Add to saved
  1. Business
  2. Finance

None - PwC

Intelligent Risk Management & Compliance Cost Reduction
Creating a sustainable risk and compliance organization while reducing
inefficiency and improving effectiveness
Informational Presentation for Our Clients
August 2008
PwC
Table of contents
Section
Page
1
Point of view
3
2
Current situation
5
3
Regulatory considerations
10
4
A framework for response
12
5
Competitive intelligence
15
6
Case studies
17
PricewaterhouseCoopers
2
Intelligent Risk Management & Compliance Cost Reduction
Section 1
Point of view
•
•
•
•
•
It is possible to significantly improve risk management and compliance effectiveness and lower costs – This
may seem counterintuitive, but rationalizing the organizational structures, eliminating duplication and applying common
sense generally leads to operational process improvements which result in better risk and compliance information at a
lower cost.
The last decade has seen an unprecedented increase in risk management spend – The functions that make up
the risk management and compliance activities of firms have grown well beyond revenue and inflation rates, often times
without demonstrable increased value to the organization. These functions have evolved largely independently from
each other, leading to multiple organizations, risk universes, assessment methodologies, compliance activities and
testing regimes.
The costs of the risk management and compliance functions themselves are only a fraction of the true cost of
risk and compliance activities – The true cost of implementation of the compliance and risk activities in the front,
middle and back office processes is generally multiple times the cost of the risk management, audit and compliance
departments themselves. We are seeing a consistent trend where simplification and reduction efforts in these functions
lead to business efficiencies as well.
The credit crisis has caused deep reflection as to the effectiveness of risk management & compliance in its
current form – The Financial Markets disruption has created inter-related challenges for companies- e.g. valuations
and risk, dealing with investigations and disputes, developing proper liquidity management capability, capital adequacy,
dealing with regulatory oversight. Many organizations are now re-considering everything from organization,
governance, roles, level of review, reporting and the like. Our conversation with the regulators has only reinforced the
view that they are expecting significant changes. The challenge is how to enact those “changes” without triggering a
new cost spiral.
Moving quickly is imperative – There are two significant reasons to act quickly and intelligently in this area. First,
there is a heightened regulatory focus on the horizon in the aftermath of the sub-prime crisis. If this sharpened focus
occurs, it could translate into greater scrutiny of risk management functions and more difficulty in making meaningful
efficiency gains in cost structures, organizations and approaches. Secondly, as financial institutions approach their next
budget cycle, there is greater pressure for freezes or reductions in GRC costs while the responsibility and prominence
of those functions has generally been increased over the last year. Both of these factors argue for moving quickly and
decisively.
PricewaterhouseCoopers
3
Intelligent Risk Management & Compliance Cost Reduction
Section 1
Point of view
•
•
•
•
•
•
A fundamental re-think of the existing frameworks is needed – This is a difficult challenge. Risk and compliance
are historically areas where cost cutting has not taken place. This is primarily due to increasing regulation (most
recently largely SOX and AML rules) and fear of compliance and risk issues if cuts were made too deep. In other words,
the risk/reward of reducing risk and compliance headcount and spending was heavily weighted to maintaining status
quo. The increasing cost and demands on the business associated with these areas along with the recent risk
management failures in the marketplace are causing financial institutions to fundamentally re-think their existing models
and contemplate fundamental change.
Financial institutions are beginning to organize around a core of common principles as opposed to the
existing silos – A number of our clients have begun to move in this direction. Several have created common testing
utilities, consolidated risk assessment methodologies and are moving towards rationalizing risk control self assessment
processes and tools. More recently, the credit crisis has caused several institutions to take more radical actions such as
moving towards integration of the credit and market risk functions.
Progress is being made through agreement on these principles, alignment of the organization and the
execution of pragmatic, incremental steps – Once the principles are agreed and the organizational roles clearly
defined, the definition of specific simplification and cost reduction efforts around risk assessment, testing, planning,
reporting and the like are the key to making consistent, sustainable progress.
Technology is emerging as a key enabler – We are seeing technology being leveraged to reduce cost, enhance risk
information access and improve efficiency in such diverse areas as legal discovery, risk control self-assessment
efficiency, compliance monitoring, risk reporting/dashboards, AML alert filtering and other core risk and compliance
functions.
Modern sourcing practices for risk and compliance services are being applied to reduce costs – Leading firms
are expanding their sourcing options for 3rd party specialized skills to assist audit, risk and compliance functions in
efficiently and executing their roles. Routine risk management activities such as compliance audits, external information
risk assessments, surveillance monitoring lookbacks, security reviews and the like are increasingly being outsourced to
third-party providers with proper supervision.
Where successful, senior management has committed to this new way of thinking and the accompanying
cultural changes – The resistance to change in many institutions is strong. We have seen both successful and
unsuccessful efforts in this area. The common thread in the successful clients has been the consistent commitment of
senior management to make the tough decisions and articulate their program and the rationale behind it to employees,
the board and regulators.
PricewaterhouseCoopers
4
Intelligent Risk Management & Compliance Cost Reduction
Section 2
Current situation
Most C-level executives face a dilemma which can be characterized by increasing change, oversight,
and transparency
Accelerating rate of change and complexity
•
•
•
•
Sophisticated products, unfamiliar markets and unprecedented volatility
Rapid technological advances
Accelerated rate and volume of change demands increased flexibility and anticipation
New risk and accounting standards (Basel 2, fair value accounting)
Increased regulatory oversight and uncertainty surrounding future regulatory landscape
•
•
•
•
•
•
•
Regulatory implications stemming from the Senior Supervisors Group observations on the financial markets
disruptions of 2007-8, and the 2008 Treasury Blueprint
Uncertainty on how to effectively relate to the 3 core regulatory objectives- market stability, safety and soundness,
customer protection
Big focus on managing liquidity risk more completely and effectively
Fed regulation of investment banks, potential of additional regulation
Focus on trading markets exposure and the possibility of internal fraud
Increased number of relevant regulatory regimes for global institutions
Likelihood of rise in enforcement activities and litigation
Increased visibility and demands for transparency
•
•
•
•
Stakeholders learn about unmanaged risk almost immediately (credit crisis, trading breakdowns)
Management has little time to remedy the impact of a risk management failure
Greater disclosure to the market relative to practices
Places a premium on the ability to proactively identify, evaluate and manage risks
PricewaterhouseCoopers
5
Intelligent Risk Management & Compliance Cost Reduction
Section 2
Current situation
Companies have historically responded by instituting independent governance risk & compliance (GRC)
oversight functions and committees
Increasing stakeholder
demands
Shareholder
The Board
Rating
Agencies
Community
Others
+
Expansion of Risk and
Control Oversight
Functions
IT
Legal
Finance
Risk Mgmt
Compliance
Internal Audit
+
Expanding Risks, Laws
and Regulations
=
•
•
•
•
•
Business Fatigue
Lack of coordination
Duplicate efforts
Risks falling through
the cracks
Competition
for attention
PricewaterhouseCoopers
6
SOX
Anti-Fraud
Privacy
AML
Credit
FCPA
BCP
Info Sec.
Op Risk
FSG
Business Unit
Intelligent Risk Management & Compliance Cost Reduction
Section 2
Current situation
Financial institutions are realizing that they cannot sustain this ineffective and costly approach to
managing risks
•
•
•
•
•
•
•
AMR Research estimates that in 2008 organizations will top $32 billion on compliance spend
Many of our financial services clients are reporting greater than 20% increase in overall costs, with an average of 16%
per year1
Most clients are reporting that they cannot cost effectively sustain this approach
Others are concerned about the impact that future growth will have on an already fractured system
Siloed approach is impeding standardization, scalability and speed to market
Sub-prime crisis and many “lessons learned” reviews that firms have undertaken have highlighted the inadequacy of
the current approach at many firms in terms of organization, reporting lines, risk appetite, risk monitoring and
overall infrastructure
In the current environment, new regulation is inevitable and this will carry additional cost as well
Integration and rationalization of GRC functions is necessary to avoid another cost spiral and to seize future business
opportunities and cost effectively manage new risks and compliance obligations
1Financial
Services Finance Executives Forum survey (2007)
PricewaterhouseCoopers
7
Intelligent Risk Management & Compliance Cost Reduction
Section 2
Current situation
What some of our financial institution clients are experiencing
Stakeholders
GRC Challenges
Board & Audit Committee
•
•
•
Difficulty in exercising their role of effective oversight into corporation’s risks
Lack of visibility into potential landmines
Difficulty in understanding breadth and implications of regulatory expectations
Senior Management
•
•
•
Lack of a consistent or defined view on the level of risk the company is willing to accept
Need better information and articulation of critical emerging risks and control issues
Current risk information not sufficient to be a key factor in driving key
corporate decisions
Risk and Compliance
Leadership
•
•
Multiple and/or uncoordinated risk/control assessments
Independent GRC oversight functions and committees, each focused on a specific
GRC challenge
Difficulty in responding to the next regulation in a coordinated fashion
•
PricewaterhouseCoopers
8
Intelligent Risk Management & Compliance Cost Reduction
Section 2
Current situation
What some of our financial institution clients are experiencing
Stakeholders
GRC Challenges
Business Unit Management
•
•
•
•
•
•
Internal Audit
PricewaterhouseCoopers
9
•
•
•
•
•
Business often views risk management as a bureaucracy that provides limited insight
or tools
Experiencing “assessment fatigue”, and is distracted from its core revenue
generating activities
Suffering losses or breakdowns in controls but feels like they spend a lot of money to
identify and prevent breakdowns
High volume/complexity of management reports that don’t distill what’s important
Business has only informal or ad hoc approaches to managing risk
Previous cost cutting actions have often been “slash and burn” headcount reductions
that are reversed when the growth cycle returns
Businesses that feel over-audited or that audit focuses on the wrong areas
Disjointed remediation and tracking of issues
Lack of automated controls and/or too much time spent on evidence collection
Risk and compliance information not suitable for driving intervention
Challenges in proper internal valuation and validation of securities & portfolios
Intelligent Risk Management & Compliance Cost Reduction
Section 3
Regulatory considerations
In our interactions with regulators and our clients, it is clear that the regulatory backlash to the sub-prime crisis is building
and that this will have negative implications in a number of areas, including the cost structures of risk and compliance
functions. These negative consequences will likely show up in areas such as increased reporting, more focused
supervisory exams, more critical reports, findings and mandates for remediation. There is also likely to be a rise in
enforcement actions and litigation. There has been a stronger focus on sound and internally coordinated enterprise risk
management practices (particularly those put forward by the Senior Supervisory Group and the BIS).
In this environment, real operational process improvements that result in better information on risk and compliance profiles
should also result in cost reduction if carried out intelligently. Cost reduction should be a by-product, not the primary goal.
Some Key Implications
More regulation, greater regulatory scrutiny and costs are coming
Financial institutions will need to deal with these challenges in the backdrop of very difficult economic times and severe
pressure for cost cutting, notwithstanding the substantial risk management challenges that must be managed on a dayto-day basis for the foreseeable future. Any attempts to cut costs will need to be made in a careful manner,
Much better enterprise risk oversight will be required
Regulators will expect a unified view of the major risks facing the enterprise. They are starting to ask for evidence that
the Board, Senior Management, and risk and control functions have similar views of the core enterprise risks facing the
organization, and a unified mechanism for determining internal capital adequacy.
Accountability for specific compliance mandates can not be delegated
Regulators will encourage efforts to integrate, but will expect individual control functions to perform their expected rolefor example, AML assessments need to produce specific information on AML risks
PricewaterhouseCoopers
10
Intelligent Risk Management & Compliance Cost Reduction
Section 3
Regulatory considerations
Some Key Implications
Greatly expanded supervision of liquidity risk management
The June, 2008 BIS guidance has expanded the supervisory powers over liquidity risk management. To limit the damage
liquidity shortfall can have, on individual companies and systemically, a more integrated framework consisting of
tolerance, risk identification, stress testing, reporting and disclosure will be necessary at each financial institution.
More compliance training will be expected
The regulatory expectation of across-the-board awareness of risk will require a great deal more spend on employee
training, especially on compliance related issues
Global organizations are expected to have similar approaches to risk management across their entire organization
Home regulators will expect head office to lead globally, and demonstrate an affinity for local rules interpretations
The race is on
Firms will be held up to the best practices of their competitors- in other words, the bar is going up for demonstrating
leading practice
An integrated regulatory model will be supportive of an integrated GRC model
A move towards a more integrated objectives-based regulatory scheme in the US would be supportive of integrating risk
and compliance activity with an approach that focuses on results and core principles.
PricewaterhouseCoopers
11
Intelligent Risk Management & Compliance Cost Reduction
Section 4
A framework for response
We recommend using a Principles-Based Approach to analyze alternatives to integrating Governance,
Risk and Compliance functions (iGRC)
Core GRC principles
•
•
•
•
•
•
•
•
•
•
Objective setting
Risk appetite and tolerance
Roles and responsibilities
Policies and standards
Risk and control assessment
Issues management and remediation
Monitoring
Testing
Reporting and Analytics
Communication and training
PricewaterhouseCoopers
12
Advantages of using a principles-based approach:
• Establishes a common understanding of risk across the
organization (e.g. business units, control functions, risk
oversight functions, senior management, the board)
• Anchoring around principles allows the organization to
focus on the core set of practices and utilities needed
rather than organizational silos
• Focuses management attention on what needs to be
done rather than on who reports on it or where it occurs
• Helps ensure business effectiveness, regardless of the
function, risk or regulation being addressed
• Better aligns with regulatory focus on
objectives-based approach
Intelligent Risk Management & Compliance Cost Reduction
Section 4
A framework for response
Take an incremental, pragmatic approach to identifying improvement (quick wins) within an
integrated framework
Governance – Provides leadership, consistency and accountability over the entire process. Critical roles (e.g. Internal Audit) are
preserved as centers of excellence leveraging shared processes to drive greater effectiveness and efficiency.
Governance
Foundational
Components
Core GRC
principles
Analysis &
Reporting
Objective setting
Foundational
Components
Form the basic
reference data and
standards/methodol
ogies used by all
participants in
the process.
Risk appetite and tolerance
Common Language
Roles and responsibilities
Data Aggregation
Policies and standards
Common
Organizational View
Risk and control assessment
Issues management and remediation
Data Analysis
Monitoring
Methodologies
Testing
Analysis &
Reporting
Metrics-based
information
enabling effective
management
response.
Data Presentation
Reporting and Analytics
Communications and Training
Technology
Technology – Supports the entire framework, creating process efficiency and more effective data management and reporting.
PricewaterhouseCoopers
13
Intelligent Risk Management & Compliance Cost Reduction
Section 4
A framework for response
Look for improvements along three practical avenues…
Three approaches
Questions to ask
•
Integrate within an oversight function
•
•
•
•
Integrate across oversight functions
•
•
•
Integrate within and across business units
PricewaterhouseCoopers
14
•
•
Have you identified the unique and distinct mandate for each
oversight function?
Have you aligned your risk assessments to specific business objectives?
Do you have a standardized way of approaching the requirements of
new regulation?
Do you know the full costs of each oversight function? Or, of each core
GRC principle (e.g. risk reporting)?
Does the organization have a consistent language and taxonomy of risk
descriptions/libraries ?
Are there multiple and distinct issues and control deficiency repositories?
Has the organization conducted an inventory of its risk and
control assessments?
Does senior management have concise documentation of its top risks,
and identified risk ownership among business leaders?
Can the business align its risk profile against acceptable risk tolerances?
Can business leadership justify its spend on controls, or show that the
spend has reduced control failure?
Intelligent Risk Management & Compliance Cost Reduction
Section 5
Competitive intelligence
We are seeing some sophisticated financial institutions making advances in integrating their risk management and
compliance activities.
Examples of recent responses
Core GRC Principles
Financial Institution A
Financial Institution B
Risk appetite and tolerance
Implementing a shared risk language
anchored in policies
Developing a risk tolerance model for
multiple risk classes
Roles and Responsibilities
Created a costing model to evaluate and
limit multiple responsibilities for CSA
Established a Risk Governance structure
Developed a Risk & Compliance Council
to tackle common issues
Policies and Standards
Streamlined corporate policies and
procedures framework
Rationalized 15-20 separate risk
assessments under a common platform
and process
Developed one risk assessment standard
and methodology for consistent scoring
across multiple assessments
Risk and
Control Assessment
Financial Institution C
Issues management
and remediation
Developed a shared issues repository for
audit and risk issues
Integrated deficiency databases and
created a standard reporting mechanism
Centralized issues tracking and
exceptions management process
Monitoring
Implemented global lower-cost
monitoring hubs on a shared
services basis
Unified monitoring of compliance
action plans
Developed KRI across all businesses
with Op Risk’s sponsorship
Testing
Developing a central testing utility for
financial and audit controls
Integrated independent testing/validation
processes, technologies and repositories
A testing “czar” has been appointed for
RCSA, Audit and AML
Reporting and Analytics
Mining data through electronic discovery
tools for Regulatory reporting,
investigations into subprinme, etc.
Created a dashboard of multiple
assessments across all BUs
Risk dashboard with a common set of
compliance and risk analytics
Communication
and Training
PricewaterhouseCoopers
15
Shared compliance and risk-awareness
training program
Intelligent Risk Management & Compliance Cost Reduction
Section 5
Competitive intelligence
Benefit
Value Proposition
Examples
Cost Control
Less spend on risk, compliance and control activities.
Example: Establish a standard BU risk assessment
methodology that integrates several assessments (SOX,
business continuity, vendor mgmt, new product, model
validation), creating risk reporting across enterprise, with
a practice view to meet regulatory requirements
After an initial phased investment, one institution is
estimating an estimated 10-20% reduction in spend
in 2009
Improved
Business Leverage
Reduced process fatigue due to coordinated activities by
control groups.
Business freed up to focus on revenue-enhancement.
Better Coordination
Control functions and business risk management improve
their coordination and sharing of information
Better able to focus their joint efforts on the areas of most
critical risks
Example: Businesses will be assessed a minimal number
of times by the internal risk, compliance and control
groups. Results in higher quality input and more time to
spend on revenue generating activities.
Example: A metrics-driven control health check of
individual businesses will be the product of a coordinated
effort that provides an improved ability to focus resources
where risk and control concerns exist.
Improved
Regulatory Response
Positions a better response to regulatory expectations of
a broader analytical underpinning for risk assessment,
monitoring and capital adequacy activities
Example: The risk impact of a new regulation (e.g.
identity theft red flags rule) was better evaluated by
reviewing output from existing BU assessments, and
incorporating into subsequent risk reviews
Better Visibility into
Risk/Control
Effectiveness
Senior management will have better information and
articulation of critical emerging risks and control issues
Example: Implementing risk reporting which integrates
data across all key control groups linked to critical risks
will provide a consolidated view of risk for management.
PricewaterhouseCoopers
16
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Leading U.S. global financial institution
Consolidation of AML risk monitoring activities through the use of outsourcing and global hubs
Critical client issues
• The client was undergoing
persistent difficulty in
maintaining consistent and
adequate AML monitoring
practices, and was facing
regulatory concerns about its
insufficient monitoring filters
and compromised data
integrity. Additionally, after
conducting an internal study,
the financial institution found
that the cost of running its
AML monitoring service in
the United States was
significantly higher than if it
were placed in locations with
lower labor costs in Europe
and Asia.
PricewaterhouseCoopers
17
PwC approach: The scope of our work included
• Worked with the financial institution to replace its current single-filter AML monitoring
process with three scenario filters to improve the ability to identify suspicious transactions.
• Moved the AML monitoring process to interim hubs in London and Hong Kong where the
team focused on the proactive reengineering of processes and procedures that would
result in more sophisticated AML monitoring and reduce the effort and cost required to
identify and analyze issues.
• Analyzed 12 months of historical data against the three scenario filters to address
regulatory requirements and determine whether any transactions in this timeframe were
suspect. Worked with the financial institution to develop a consistent monitoring approach,
processes and procedures to deploy to the strategic hubs.
• Added additional countries and an additional five filters to the monitoring process, bringing
the total scenarios to eight. The advanced AML monitoring process was migrated to the
two strategic global hubs.
Client results/benefits: The client realized approximately 60 percent labor savings in unit cost
by relocating its AML monitoring processes to lower-cost labor jurisdictions. Additionally, the
hub approach reduced the cycle times required to respond to issues.
• Helped the financial institution create two strategic AML monitoring hubs,
including building processes and procedures, hiring and training more than 60 new
resources and management, cleansing data feeds, and testing and debugging new
monitoring protocols.
• Lower-cost hubs were created on a shared-services basis to provide AML monitoring
services to all non-US countries where the financial institution conducts business.
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Leading investment bank
Lowering the cost of internal investigations through use of electronic discovery techniques
Critical client issues
• Our client was facing a
government investigation in
connection with the
packaging and selling of
subprime mortgages.
• Our client’s challenge is to
gather and analyze historical
information obtained from
various sources relating to
the attributes of the
underlying mortgages,
included in several
securitizations, and to
respond to the regulatory
officials in a robust and
objective manner.
PricewaterhouseCoopers
18
PwC approach: The scope of our work includes
• Implementation of electronic discovery tools and interrogation techniques into client
communication records, e-mail, and archived documents to respond to regulatory
requests regarding:
- The manner in which investment banks evaluated the credit quality of mortgages
before they were purchased, securitized and subsequently sold to investors;
- The relationships between mortgage originators, third-party due-diligence firms,
credit rating agencies and brokerage firms; and
- The disclosures made by investment banks to investors and rating agencies about
the risks associated with the underlying mortgages.
•
Focus on leveraging advanced electronic discovery tools for searching and archiving to
reduce the cost and effort of responding to complex regulatory requests in an
appropriate manner and time frame.
Client results/benefits: Through the use of levered discovery tools and techniques, the
client will be able to more efficiently and accurately respond to regulatory requests for data
and information.
• Cost savings are realized by eliminating duplicate efforts, reducing data
redundancies, and enhancing the regulatory discovery and response process in a
more efficient manner, utilizing far fewer manual processes and improved use of
advanced technologies.
• There is now a dramatic improvement in the consistency of data retrieval, and a far
quicker response to sensitive regulatory requests.
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Top ten US bank
Cost reduction actions through targeted integration of Governance, Risk and Compliance Activities
Critical client issues
• The client was seeking to
review its corporate
governance, risk and
compliance related activities
and assess cross-functional
efficiency and effectiveness
opportunities, which senior
management believed could
be derived through greater
cross-functional leverage,
clarity in roles and
responsibilities and
common understanding of
risk tolerance.
PricewaterhouseCoopers
19
PwC approach: The scope of our work included
• Facilitated completion of our iGRC principles based framework and proprietary
diagnostics to assess the People, Process, Technology and Information used to
execute around 10 common risk principles. Please refer to Section 4 for the core GRC
principles.
• Captured the costs for each function relative to each of the 10 principles. We
analyzed the activities of each function across the 10 principles and 4 efficiency
levers and documented the current state or risk governance across all functions and
business units.
• Identified opportunities for greater efficiency and leverage, role clarity and common
understanding of risk tolerance. We then developed actions plans, timelines and
business cases for each initiative.
Client results/benefits: By applying the iGRC framework and methodology, the client was
able to identify action plans for achieving key project objectives of common language,
efficiency and role clarity
• The iGRC framework and methodology helped the client identify $15-30 million in
potential annual cost reductions and agree high-level action plans and business cases
for pursuing integration improvement opportunities with respect to RCSA, Issues
Management, Risk Tolerance and Risk Governance.
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Top three global bank
Consolidation of multiple Risk and Control Self-Assessment Processes
Critical client issues
• The client sought to enhance
the risk and control selfassessment (RCSA) process
throughout its various
business sectors around the
globe to reduce the touchpoints to the business and
improve oversight and
control over the process.
This required a realignment
of the people, process,
technology and information
involved across the 17
independent RCSA
processes currently in place,
covering Global Operational
Risk, Sarbanes-Oxley
Section 302 and 404 (SOX),
all other regulatory reporting
requirements required by
business lines globally.
PricewaterhouseCoopers
20
PwC approach: The scope of our work included
• Application of the iGRC methodology and approached the project in three
phases, assessment of current state, design of future state, implementation planning
and support.
• Leveraging our deep technical and functional expertise to help the client define the
opportunities for integration, develop a desired end-state process for RCSA, define the
functional specifications for a technology solution, develop and roll out communications
and training to facilitate transition to the new integrated solution.
• Supporting a process and cost optimization initiative through the realization of the
benefits of a streamlined process and optimized use of resources.
Client results/benefits: This project is still underway today. As a result of this engagement,
it is expected that the client will have achieved
• Efficiency gains in the use of corporate and business unit resources in the RCSA
process that will result in projected savings of $10 to $15 million annually resulting from
elimination of systems and resources post implementation.
• Greater governance and control over the operational risk process
• Improved ability and speed to follow-up and resolve risk and control issues
• Increased optimization of controls.
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Global financial institution
ERM Framework Establishment
Critical client issues
• The client sought to
establish an Enterprise Risk
Management (ERM)
capability for a large and
growing part of their
business in order to better
drive efficiency, eliminate
duplication, and improve
visibility and management
across their key risks
and controls.
PricewaterhouseCoopers
21
PwC approach
• We used a principles-based approach to help the client identify an improved and
refined ERM framework and gain visibility into how the firm was addressing its key risk
and control activities.
• We identified the current ERM activities being performed by the various risk and
control functions, including risk identification, control testing and risk reporting.
• We made recommendations for improving their practices, eliminating duplication and
addressing weak points, and in addition, helped management perform a high level
assessment of risks and control effectiveness to get a first look at key issues.
Client results/benefits
• The development of the ERM framework helped the client’s key control functions and
business risk management improve their coordination and sharing of information.
• This work helped management identify areas of control redundancy and identify gaps
in key ERM activities that needed improvement.
• The client obtained a better ability to focus their joint efforts on the business’ top risks,
and a more unified methodology for reporting on risks to the board and senior
management.
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Major investment bank
Developing an integrated risk management and control process across multiple control functions
Critical client issues
• The client wished to design a
standard process to improve
coordination and activities
among control functions, e.g.
Compliance, Audit, SOX and
Operational Risk and to
standardize interaction with
the businesses
PricewaterhouseCoopers
22
PwC approach
• Leverage the PwC iGRC framework to:
a. Gain an understanding of the current activities performed by several control
functions and benchmark against industry practice;
b. Design a common process for conducting the firm’s risk management activities in a
more streamlined and coordinated fashion; and
c. Suggest alternatives for supporting technology and a single information repository.
Client results/benefits
• This work helped management work towards creating optimized risk and control
assessments, a single, unified language for risks and controls, and fewer business
touchpoints
• The work led to better informed, and risk-based, audit plans with a heavier emphasis
on risk-based approach to enterprise risks. The firm anticipates the ability to reduce the
time and effort required to conduct internal audits in subsequent cycles.
• Design of a uniform issues repository with a consistent approach for approaching
issues tracking and remediation, replacing multiple repositories that require redundant
time and effort from the control teams.
• Develop the business requirements necessary to house risk and control information in
one uniform technology for compliance, operational risk and audit data.
Intelligent Risk Management & Compliance Cost Reduction
Section 6 – Case studies
Major investment bank
Developing an outsourced model to support the Control Room trade monitoring and surveillance function
Critical client issues
• To remediate certain issues
included in a regulatory
settlement, the client agreed
to conduct a retrospective
review of hundreds of
thousands of trades in
certain employee and
employee-related accounts.
The review was designed to
identify the potential misuse
of material non-public
information (MNPI). PwC
designed a delivery model
for the statistical selection,
analysis, and reporting of the
transactions subject to
review. The overall costs of
the project were efficiently
managed through the use of
a blended pool of off-shore
and on-shore resources.
PricewaterhouseCoopers
23
PwC approach
• Assembled an integrated team of off-shore and on-shore resources to perform the
Control Room surveillance function on a retrospective basis.
• Developed a statistically sound and automated filtering process to remove transactions
or positions that were highly unlikely to be indicative of the misuse of material nonpublic information (MNPI).
• Executed an automated process to identify and review transactions and trades, and
used PwC’s proprietary case management tool to efficiently analyze, document, track
and report on the progress and findings from the case reviews.
Client results/benefits
• Provided management with a sound and reliable selection and review process that
would withstand the scrutiny of the regulatory authorities.
• Assisted client by efficiently performing and reporting the results of the case reviews
and, where necessary, escalating transactions for further consideration.
• Utilized PwC’s proprietary case management tools to provide real time assessments of
progress and findings.
• Managed the overall costs of the project through the use of an off-shore and on-shore
service delivery model.
Intelligent Risk Management & Compliance Cost Reduction
For further information, please contact
John Garvey
john.garvey@us.pwc.com
646-471-2422
Paul Mokdessi
paul.e.mokdessi@us.pwc.com
312-298-3347
Miles Everson
miles.everson@us.pwc.com
646-471-8620
Dennis Chesley
dennis.l.chesley@us.pwc.com
646-471-4009
PricewaterhouseCoopers
24
Intelligent Risk Management & Compliance Cost Reduction
www.pwc.com
© 2008 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member
firms of the network, each of which is a separate and independent legal entity.
The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional
advice and services. Before making any decision or taking any action, you should consult a competent professional adviser.
Related documents
Michael Wooldridge, Nick Jennings, “Intelligent Agents: Theory and
Michael Wooldridge, Nick Jennings, “Intelligent Agents: Theory and
see abstract
see abstract
Job Offer - strategy& (pwc network) - Consultant
Job Offer - strategy& (pwc network) - Consultant
With Risk Control!
With Risk Control!
The theory of multiple intelligences was proposed by Howard
The theory of multiple intelligences was proposed by Howard
SAMPLE COVER LETTER (EMAIL SAMPLE)
SAMPLE COVER LETTER (EMAIL SAMPLE)
Jan Ola Strandhagen Education: Msc in Industrial
Jan Ola Strandhagen Education: Msc in Industrial
表現系工学特論
表現系工学特論
Download