Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving.

Similar presentations

Presentation on theme: "Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving."— Presentation transcript:

1 Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving effectiveness Informational Presentation for Our Clients August 2008 PwC

2 PricewaterhouseCoopers 2 Intelligent Risk Management & Compliance Cost Reduction Table of contents SectionPage 1Point of view3 2Current situation5 3Regulatory considerations10 4A framework for response12 5Competitive intelligence15 6Case studies17

3 PricewaterhouseCoopers 3 Intelligent Risk Management & Compliance Cost Reduction Section 1 Point of view It is possible to significantly improve risk management and compliance effectiveness and lower costs – This may seem counterintuitive, but rationalizing the organizational structures, eliminating duplication and applying common sense generally leads to operational process improvements which result in better risk and compliance information at a lower cost. The last decade has seen an unprecedented increase in risk management spend – The functions that make up the risk management and compliance activities of firms have grown well beyond revenue and inflation rates, often times without demonstrable increased value to the organization. These functions have evolved largely independently from each other, leading to multiple organizations, risk universes, assessment methodologies, compliance activities and testing regimes. The costs of the risk management and compliance functions themselves are only a fraction of the true cost of risk and compliance activities – The true cost of implementation of the compliance and risk activities in the front, middle and back office processes is generally multiple times the cost of the risk management, audit and compliance departments themselves. We are seeing a consistent trend where simplification and reduction efforts in these functions lead to business efficiencies as well. The credit crisis has caused deep reflection as to the effectiveness of risk management & compliance in its current form – The Financial Markets disruption has created inter-related challenges for companies- e.g. valuations and risk, dealing with investigations and disputes, developing proper liquidity management capability, capital adequacy, dealing with regulatory oversight. Many organizations are now re-considering everything from organization, governance, roles, level of review, reporting and the like. Our conversation with the regulators has only reinforced the view that they are expecting significant changes. The challenge is how to enact those changes without triggering a new cost spiral. Moving quickly is imperative – There are two significant reasons to act quickly and intelligently in this area. First, there is a heightened regulatory focus on the horizon in the aftermath of the sub-prime crisis. If this sharpened focus occurs, it could translate into greater scrutiny of risk management functions and more difficulty in making meaningful efficiency gains in cost structures, organizations and approaches. Secondly, as financial institutions approach their next budget cycle, there is greater pressure for freezes or reductions in GRC costs while the responsibility and prominence of those functions has generally been increased over the last year. Both of these factors argue for moving quickly and decisively.

4 PricewaterhouseCoopers 4 Intelligent Risk Management & Compliance Cost Reduction Section 1 Point of view A fundamental re-think of the existing frameworks is needed – This is a difficult challenge. Risk and compliance are historically areas where cost cutting has not taken place. This is primarily due to increasing regulation (most recently largely SOX and AML rules) and fear of compliance and risk issues if cuts were made too deep. In other words, the risk/reward of reducing risk and compliance headcount and spending was heavily weighted to maintaining status quo. The increasing cost and demands on the business associated with these areas along with the recent risk management failures in the marketplace are causing financial institutions to fundamentally re-think their existing models and contemplate fundamental change. Financial institutions are beginning to organize around a core of common principles as opposed to the existing silos – A number of our clients have begun to move in this direction. Several have created common testing utilities, consolidated risk assessment methodologies and are moving towards rationalizing risk control self assessment processes and tools. More recently, the credit crisis has caused several institutions to take more radical actions such as moving towards integration of the credit and market risk functions. Progress is being made through agreement on these principles, alignment of the organization and the execution of pragmatic, incremental steps – Once the principles are agreed and the organizational roles clearly defined, the definition of specific simplification and cost reduction efforts around risk assessment, testing, planning, reporting and the like are the key to making consistent, sustainable progress. Technology is emerging as a key enabler – We are seeing technology being leveraged to reduce cost, enhance risk information access and improve efficiency in such diverse areas as legal discovery, risk control self-assessment efficiency, compliance monitoring, risk reporting/dashboards, AML alert filtering and other core risk and compliance functions. Modern sourcing practices for risk and compliance services are being applied to reduce costs – Leading firms are expanding their sourcing options for 3rd party specialized skills to assist audit, risk and compliance functions in efficiently and executing their roles. Routine risk management activities such as compliance audits, external information risk assessments, surveillance monitoring lookbacks, security reviews and the like are increasingly being outsourced to third-party providers with proper supervision. Where successful, senior management has committed to this new way of thinking and the accompanying cultural changes – The resistance to change in many institutions is strong. We have seen both successful and unsuccessful efforts in this area. The common thread in the successful clients has been the consistent commitment of senior management to make the tough decisions and articulate their program and the rationale behind it to employees, the board and regulators.

5 PricewaterhouseCoopers 5 Intelligent Risk Management & Compliance Cost Reduction Section 2 Current situation Accelerating rate of change and complexity Sophisticated products, unfamiliar markets and unprecedented volatility Rapid technological advances Accelerated rate and volume of change demands increased flexibility and anticipation New risk and accounting standards (Basel 2, fair value accounting) Increased regulatory oversight and uncertainty surrounding future regulatory landscape Regulatory implications stemming from the Senior Supervisors Group observations on the financial markets disruptions of , and the 2008 Treasury Blueprint Uncertainty on how to effectively relate to the 3 core regulatory objectives- market stability, safety and soundness, customer protection Big focus on managing liquidity risk more completely and effectively Fed regulation of investment banks, potential of additional regulation Focus on trading markets exposure and the possibility of internal fraud Increased number of relevant regulatory regimes for global institutions Likelihood of rise in enforcement activities and litigation Increased visibility and demands for transparency Stakeholders learn about unmanaged risk almost immediately (credit crisis, trading breakdowns) Management has little time to remedy the impact of a risk management failure Greater disclosure to the market relative to practices Places a premium on the ability to proactively identify, evaluate and manage risks Most C-level executives face a dilemma which can be characterized by increasing change, oversight, and transparency

6 PricewaterhouseCoopers 6 Intelligent Risk Management & Compliance Cost Reduction Section 2 Current situation Companies have historically responded by instituting independent governance risk & compliance (GRC) oversight functions and committees Increasing stakeholder demands + Expansion of Risk and Control Oversight Functions + Expanding Risks, Laws and Regulations = Business Fatigue Lack of coordination Duplicate efforts Risks falling through the cracks Competition for attention FSGPrivacyInfo Sec.Anti-FraudBCPSOXCreditAMLFCPAOp Risk Business Unit ShareholderThe BoardCommunity Rating Agencies Others Internal AuditComplianceRisk MgmtFinanceLegalIT

7 PricewaterhouseCoopers 7 Intelligent Risk Management & Compliance Cost Reduction Section 2 Current situation Financial institutions are realizing that they cannot sustain this ineffective and costly approach to managing risks AMR Research estimates that in 2008 organizations will top $32 billion on compliance spend Many of our financial services clients are reporting greater than 20% increase in overall costs, with an average of 16% per year 1 Most clients are reporting that they cannot cost effectively sustain this approach Others are concerned about the impact that future growth will have on an already fractured system Siloed approach is impeding standardization, scalability and speed to market Sub-prime crisis and many lessons learned reviews that firms have undertaken have highlighted the inadequacy of the current approach at many firms in terms of organization, reporting lines, risk appetite, risk monitoring and overall infrastructure In the current environment, new regulation is inevitable and this will carry additional cost as well Integration and rationalization of GRC functions is necessary to avoid another cost spiral and to seize future business opportunities and cost effectively manage new risks and compliance obligations 1 Financial Services Finance Executives Forum survey (2007)

8 PricewaterhouseCoopers 8 Intelligent Risk Management & Compliance Cost Reduction Section 2 Current situation What some of our financial institution clients are experiencing StakeholdersGRC Challenges Board & Audit CommitteeDifficulty in exercising their role of effective oversight into corporations risks Lack of visibility into potential landmines Difficulty in understanding breadth and implications of regulatory expectations Senior ManagementLack of a consistent or defined view on the level of risk the company is willing to accept Need better information and articulation of critical emerging risks and control issues Current risk information not sufficient to be a key factor in driving key corporate decisions Risk and Compliance Leadership Multiple and/or uncoordinated risk/control assessments Independent GRC oversight functions and committees, each focused on a specific GRC challenge Difficulty in responding to the next regulation in a coordinated fashion

9 PricewaterhouseCoopers 9 Intelligent Risk Management & Compliance Cost Reduction Section 2 Current situation What some of our financial institution clients are experiencing StakeholdersGRC Challenges Business Unit ManagementBusiness often views risk management as a bureaucracy that provides limited insight or tools Experiencing assessment fatigue, and is distracted from its core revenue generating activities Suffering losses or breakdowns in controls but feels like they spend a lot of money to identify and prevent breakdowns High volume/complexity of management reports that dont distill whats important Business has only informal or ad hoc approaches to managing risk Previous cost cutting actions have often been slash and burn headcount reductions that are reversed when the growth cycle returns Internal AuditBusinesses that feel over-audited or that audit focuses on the wrong areas Disjointed remediation and tracking of issues Lack of automated controls and/or too much time spent on evidence collection Risk and compliance information not suitable for driving intervention Challenges in proper internal valuation and validation of securities & portfolios

10 PricewaterhouseCoopers 10 Intelligent Risk Management & Compliance Cost Reduction Section 3 Regulatory considerations In our interactions with regulators and our clients, it is clear that the regulatory backlash to the sub-prime crisis is building and that this will have negative implications in a number of areas, including the cost structures of risk and compliance functions. These negative consequences will likely show up in areas such as increased reporting, more focused supervisory exams, more critical reports, findings and mandates for remediation. There is also likely to be a rise in enforcement actions and litigation. There has been a stronger focus on sound and internally coordinated enterprise risk management practices (particularly those put forward by the Senior Supervisory Group and the BIS). In this environment, real operational process improvements that result in better information on risk and compliance profiles should also result in cost reduction if carried out intelligently. Cost reduction should be a by-product, not the primary goal. Some Key Implications More regulation, greater regulatory scrutiny and costs are coming Financial institutions will need to deal with these challenges in the backdrop of very difficult economic times and severe pressure for cost cutting, notwithstanding the substantial risk management challenges that must be managed on a day- to-day basis for the foreseeable future. Any attempts to cut costs will need to be made in a careful manner, Much better enterprise risk oversight will be required Regulators will expect a unified view of the major risks facing the enterprise. They are starting to ask for evidence that the Board, Senior Management, and risk and control functions have similar views of the core enterprise risks facing the organization, and a unified mechanism for determining internal capital adequacy. Accountability for specific compliance mandates can not be delegated Regulators will encourage efforts to integrate, but will expect individual control functions to perform their expected role- for example, AML assessments need to produce specific information on AML risks

11 PricewaterhouseCoopers 11 Intelligent Risk Management & Compliance Cost Reduction Section 3 Regulatory considerations Some Key Implications Greatly expanded supervision of liquidity risk management The June, 2008 BIS guidance has expanded the supervisory powers over liquidity risk management. To limit the damage liquidity shortfall can have, on individual companies and systemically, a more integrated framework consisting of tolerance, risk identification, stress testing, reporting and disclosure will be necessary at each financial institution. More compliance training will be expected The regulatory expectation of across-the-board awareness of risk will require a great deal more spend on employee training, especially on compliance related issues Global organizations are expected to have similar approaches to risk management across their entire organization Home regulators will expect head office to lead globally, and demonstrate an affinity for local rules interpretations The race is on Firms will be held up to the best practices of their competitors- in other words, the bar is going up for demonstrating leading practice An integrated regulatory model will be supportive of an integrated GRC model A move towards a more integrated objectives-based regulatory scheme in the US would be supportive of integrating risk and compliance activity with an approach that focuses on results and core principles.

12 PricewaterhouseCoopers 12 Intelligent Risk Management & Compliance Cost Reduction Section 4 A framework for response Core GRC principles Objective setting Risk appetite and tolerance Roles and responsibilities Policies and standards Risk and control assessment Issues management and remediation Monitoring Testing Reporting and Analytics Communication and training We recommend using a Principles-Based Approach to analyze alternatives to integrating Governance, Risk and Compliance functions (iGRC) Advantages of using a principles-based approach: Establishes a common understanding of risk across the organization (e.g. business units, control functions, risk oversight functions, senior management, the board) Anchoring around principles allows the organization to focus on the core set of practices and utilities needed rather than organizational silos Focuses management attention on what needs to be done rather than on who reports on it or where it occurs Helps ensure business effectiveness, regardless of the function, risk or regulation being addressed Better aligns with regulatory focus on objectives-based approach

13 PricewaterhouseCoopers 13 Intelligent Risk Management & Compliance Cost Reduction Section 4 A framework for response Take an incremental, pragmatic approach to identifying improvement (quick wins) within an integrated framework Governance – Provides leadership, consistency and accountability over the entire process. Critical roles (e.g. Internal Audit) are preserved as centers of excellence leveraging shared processes to drive greater effectiveness and efficiency. Technology Analysis & Reporting Governance Technology – Supports the entire framework, creating process efficiency and more effective data management and reporting. Foundational Components Form the basic reference data and standards/methodol ogies used by all participants in the process. Analysis & Reporting Metrics-based information enabling effective management response. Core GRC principles Foundational Components Objective setting Risk appetite and tolerance Testing Issues management and remediation Communications and Training Policies and standards Roles and responsibilities Risk and control assessment Monitoring Reporting and Analytics Common Language Common Organizational View Methodologies Data Aggregation Data Analysis Data Presentation

14 PricewaterhouseCoopers 14 Intelligent Risk Management & Compliance Cost Reduction Section 4 A framework for response Look for improvements along three practical avenues… Three approachesQuestions to ask Have you identified the unique and distinct mandate for each oversight function? Have you aligned your risk assessments to specific business objectives? Do you have a standardized way of approaching the requirements of new regulation? Do you know the full costs of each oversight function? Or, of each core GRC principle (e.g. risk reporting)? Does the organization have a consistent language and taxonomy of risk descriptions/libraries ? Are there multiple and distinct issues and control deficiency repositories? Has the organization conducted an inventory of its risk and control assessments? Does senior management have concise documentation of its top risks, and identified risk ownership among business leaders? Can the business align its risk profile against acceptable risk tolerances? Can business leadership justify its spend on controls, or show that the spend has reduced control failure? Integrate within an oversight functionIntegrate across oversight functionsIntegrate within and across business units

15 PricewaterhouseCoopers 15 Intelligent Risk Management & Compliance Cost Reduction Section 5 Competitive intelligence We are seeing some sophisticated financial institutions making advances in integrating their risk management and compliance activities. Examples of recent responses Core GRC PrinciplesFinancial Institution AFinancial Institution BFinancial Institution C Risk appetite and toleranceImplementing a shared risk language anchored in policies Developing a risk tolerance model for multiple risk classes Roles and ResponsibilitiesCreated a costing model to evaluate and limit multiple responsibilities for CSA Established a Risk Governance structureDeveloped a Risk & Compliance Council to tackle common issues Policies and StandardsStreamlined corporate policies and procedures framework Risk and Control Assessment Rationalized separate risk assessments under a common platform and process Developed one risk assessment standard and methodology for consistent scoring across multiple assessments Issues management and remediation Developed a shared issues repository for audit and risk issues Integrated deficiency databases and created a standard reporting mechanism Centralized issues tracking and exceptions management process MonitoringImplemented global lower-cost monitoring hubs on a shared services basis Unified monitoring of compliance action plans Developed KRI across all businesses with Op Risks sponsorship TestingDeveloping a central testing utility for financial and audit controls Integrated independent testing/validation processes, technologies and repositories A testing czar has been appointed for RCSA, Audit and AML Reporting and AnalyticsMining data through electronic discovery tools for Regulatory reporting, investigations into subprinme, etc. Created a dashboard of multiple assessments across all BUs Risk dashboard with a common set of compliance and risk analytics Communication and Training Shared compliance and risk-awareness training program

16 PricewaterhouseCoopers 16 Intelligent Risk Management & Compliance Cost Reduction Section 5 Competitive intelligence BenefitValue PropositionExamples Cost ControlLess spend on risk, compliance and control activities. After an initial phased investment, one institution is estimating an estimated 10-20% reduction in spend in 2009 Example: Establish a standard BU risk assessment methodology that integrates several assessments (SOX, business continuity, vendor mgmt, new product, model validation), creating risk reporting across enterprise, with a practice view to meet regulatory requirements Improved Business Leverage Reduced process fatigue due to coordinated activities by control groups. Business freed up to focus on revenue-enhancement. Example: Businesses will be assessed a minimal number of times by the internal risk, compliance and control groups. Results in higher quality input and more time to spend on revenue generating activities. Better CoordinationControl functions and business risk management improve their coordination and sharing of information Better able to focus their joint efforts on the areas of most critical risks Example: A metrics-driven control health check of individual businesses will be the product of a coordinated effort that provides an improved ability to focus resources where risk and control concerns exist. Improved Regulatory Response Positions a better response to regulatory expectations of a broader analytical underpinning for risk assessment, monitoring and capital adequacy activities Example: The risk impact of a new regulation (e.g. identity theft red flags rule) was better evaluated by reviewing output from existing BU assessments, and incorporating into subsequent risk reviews Better Visibility into Risk/Control Effectiveness Senior management will have better information and articulation of critical emerging risks and control issues Example: Implementing risk reporting which integrates data across all key control groups linked to critical risks will provide a consolidated view of risk for management.

17 PricewaterhouseCoopers 17 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Leading U.S. global financial institution Consolidation of AML risk monitoring activities through the use of outsourcing and global hubs Critical client issues The client was undergoing persistent difficulty in maintaining consistent and adequate AML monitoring practices, and was facing regulatory concerns about its insufficient monitoring filters and compromised data integrity. Additionally, after conducting an internal study, the financial institution found that the cost of running its AML monitoring service in the United States was significantly higher than if it were placed in locations with lower labor costs in Europe and Asia. PwC approach: The scope of our work included Worked with the financial institution to replace its current single-filter AML monitoring process with three scenario filters to improve the ability to identify suspicious transactions. Moved the AML monitoring process to interim hubs in London and Hong Kong where the team focused on the proactive reengineering of processes and procedures that would result in more sophisticated AML monitoring and reduce the effort and cost required to identify and analyze issues. Analyzed 12 months of historical data against the three scenario filters to address regulatory requirements and determine whether any transactions in this timeframe were suspect. Worked with the financial institution to develop a consistent monitoring approach, processes and procedures to deploy to the strategic hubs. Added additional countries and an additional five filters to the monitoring process, bringing the total scenarios to eight. The advanced AML monitoring process was migrated to the two strategic global hubs. Client results/benefits: The client realized approximately 60 percent labor savings in unit cost by relocating its AML monitoring processes to lower-cost labor jurisdictions. Additionally, the hub approach reduced the cycle times required to respond to issues. Helped the financial institution create two strategic AML monitoring hubs, including building processes and procedures, hiring and training more than 60 new resources and management, cleansing data feeds, and testing and debugging new monitoring protocols. Lower-cost hubs were created on a shared-services basis to provide AML monitoring services to all non-US countries where the financial institution conducts business.

18 PricewaterhouseCoopers 18 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Leading investment bank Lowering the cost of internal investigations through use of electronic discovery techniques Critical client issues Our client was facing a government investigation in connection with the packaging and selling of subprime mortgages. Our clients challenge is to gather and analyze historical information obtained from various sources relating to the attributes of the underlying mortgages, included in several securitizations, and to respond to the regulatory officials in a robust and objective manner. PwC approach: The scope of our work includes Implementation of electronic discovery tools and interrogation techniques into client communication records, , and archived documents to respond to regulatory requests regarding: -The manner in which investment banks evaluated the credit quality of mortgages before they were purchased, securitized and subsequently sold to investors; -The relationships between mortgage originators, third-party due-diligence firms, credit rating agencies and brokerage firms; and -The disclosures made by investment banks to investors and rating agencies about the risks associated with the underlying mortgages. Focus on leveraging advanced electronic discovery tools for searching and archiving to reduce the cost and effort of responding to complex regulatory requests in an appropriate manner and time frame. Client results/benefits: Through the use of levered discovery tools and techniques, the client will be able to more efficiently and accurately respond to regulatory requests for data and information. Cost savings are realized by eliminating duplicate efforts, reducing data redundancies, and enhancing the regulatory discovery and response process in a more efficient manner, utilizing far fewer manual processes and improved use of advanced technologies. There is now a dramatic improvement in the consistency of data retrieval, and a far quicker response to sensitive regulatory requests.

19 PricewaterhouseCoopers 19 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Top ten US bank Cost reduction actions through targeted integration of Governance, Risk and Compliance Activities Critical client issues The client was seeking to review its corporate governance, risk and compliance related activities and assess cross-functional efficiency and effectiveness opportunities, which senior management believed could be derived through greater cross-functional leverage, clarity in roles and responsibilities and common understanding of risk tolerance. PwC approach: The scope of our work included Facilitated completion of our iGRC principles based framework and proprietary diagnostics to assess the People, Process, Technology and Information used to execute around 10 common risk principles. Please refer to Section 4 for the core GRC principles. Captured the costs for each function relative to each of the 10 principles. We analyzed the activities of each function across the 10 principles and 4 efficiency levers and documented the current state or risk governance across all functions and business units. Identified opportunities for greater efficiency and leverage, role clarity and common understanding of risk tolerance. We then developed actions plans, timelines and business cases for each initiative. Client results/benefits: By applying the iGRC framework and methodology, the client was able to identify action plans for achieving key project objectives of common language, efficiency and role clarity The iGRC framework and methodology helped the client identify $15-30 million in potential annual cost reductions and agree high-level action plans and business cases for pursuing integration improvement opportunities with respect to RCSA, Issues Management, Risk Tolerance and Risk Governance.

20 PricewaterhouseCoopers 20 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Top three global bank Consolidation of multiple Risk and Control Self-Assessment Processes Critical client issues The client sought to enhance the risk and control self- assessment (RCSA) process throughout its various business sectors around the globe to reduce the touch- points to the business and improve oversight and control over the process. This required a realignment of the people, process, technology and information involved across the 17 independent RCSA processes currently in place, covering Global Operational Risk, Sarbanes-Oxley Section 302 and 404 (SOX), all other regulatory reporting requirements required by business lines globally. PwC approach: The scope of our work included Application of the iGRC methodology and approached the project in three phases, assessment of current state, design of future state, implementation planning and support. Leveraging our deep technical and functional expertise to help the client define the opportunities for integration, develop a desired end-state process for RCSA, define the functional specifications for a technology solution, develop and roll out communications and training to facilitate transition to the new integrated solution. Supporting a process and cost optimization initiative through the realization of the benefits of a streamlined process and optimized use of resources. Client results/benefits: This project is still underway today. As a result of this engagement, it is expected that the client will have achieved Efficiency gains in the use of corporate and business unit resources in the RCSA process that will result in projected savings of $10 to $15 million annually resulting from elimination of systems and resources post implementation. Greater governance and control over the operational risk process Improved ability and speed to follow-up and resolve risk and control issues Increased optimization of controls.

21 PricewaterhouseCoopers 21 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Global financial institution ERM Framework Establishment Critical client issues The client sought to establish an Enterprise Risk Management (ERM) capability for a large and growing part of their business in order to better drive efficiency, eliminate duplication, and improve visibility and management across their key risks and controls. PwC approach We used a principles-based approach to help the client identify an improved and refined ERM framework and gain visibility into how the firm was addressing its key risk and control activities. We identified the current ERM activities being performed by the various risk and control functions, including risk identification, control testing and risk reporting. We made recommendations for improving their practices, eliminating duplication and addressing weak points, and in addition, helped management perform a high level assessment of risks and control effectiveness to get a first look at key issues. Client results/benefits The development of the ERM framework helped the clients key control functions and business risk management improve their coordination and sharing of information. This work helped management identify areas of control redundancy and identify gaps in key ERM activities that needed improvement. The client obtained a better ability to focus their joint efforts on the business top risks, and a more unified methodology for reporting on risks to the board and senior management.

22 PricewaterhouseCoopers 22 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Major investment bank Developing an integrated risk management and control process across multiple control functions Critical client issues The client wished to design a standard process to improve coordination and activities among control functions, e.g. Compliance, Audit, SOX and Operational Risk and to standardize interaction with the businesses PwC approach Leverage the PwC iGRC framework to: a.Gain an understanding of the current activities performed by several control functions and benchmark against industry practice; b.Design a common process for conducting the firms risk management activities in a more streamlined and coordinated fashion; and c.Suggest alternatives for supporting technology and a single information repository. Client results/benefits This work helped management work towards creating optimized risk and control assessments, a single, unified language for risks and controls, and fewer business touchpoints The work led to better informed, and risk-based, audit plans with a heavier emphasis on risk-based approach to enterprise risks. The firm anticipates the ability to reduce the time and effort required to conduct internal audits in subsequent cycles. Design of a uniform issues repository with a consistent approach for approaching issues tracking and remediation, replacing multiple repositories that require redundant time and effort from the control teams. Develop the business requirements necessary to house risk and control information in one uniform technology for compliance, operational risk and audit data.

23 PricewaterhouseCoopers 23 Intelligent Risk Management & Compliance Cost Reduction Section 6 – Case studies Major investment bank Developing an outsourced model to support the Control Room trade monitoring and surveillance function Critical client issues To remediate certain issues included in a regulatory settlement, the client agreed to conduct a retrospective review of hundreds of thousands of trades in certain employee and employee-related accounts. The review was designed to identify the potential misuse of material non-public information (MNPI). PwC designed a delivery model for the statistical selection, analysis, and reporting of the transactions subject to review. The overall costs of the project were efficiently managed through the use of a blended pool of off-shore and on-shore resources. PwC approach Assembled an integrated team of off-shore and on-shore resources to perform the Control Room surveillance function on a retrospective basis. Developed a statistically sound and automated filtering process to remove transactions or positions that were highly unlikely to be indicative of the misuse of material non- public information (MNPI). Executed an automated process to identify and review transactions and trades, and used PwCs proprietary case management tool to efficiently analyze, document, track and report on the progress and findings from the case reviews. Client results/benefits Provided management with a sound and reliable selection and review process that would withstand the scrutiny of the regulatory authorities. Assisted client by efficiently performing and reporting the results of the case reviews and, where necessary, escalating transactions for further consideration. Utilized PwCs proprietary case management tools to provide real time assessments of progress and findings. Managed the overall costs of the project through the use of an off-shore and on-shore service delivery model.

24 PricewaterhouseCoopers 24 Intelligent Risk Management & Compliance Cost Reduction For further information, please contact John Paul Miles Dennis

25 © 2008 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity. The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a competent professional adviser.

Download ppt "Intelligent Risk Management & Compliance Cost Reduction Creating a sustainable risk and compliance organization while reducing inefficiency and improving."

Similar presentations

Ads by Google