A leading US-based financial institution that offers services to retail consumers, corporations, and nonprofits through traditional and digital banking.
The bank wanted to upgrade the 1st and 2nd lines of defense for addressing operational risks, SOX compliance, and IT control validation.
Key requirements were:
- Testing and calibrating 2500+ controls, including 600 critical controls per the OCC guidelines
- Designing and refactoring the ERM framework to build operational risk resilience
- Updating the Enterprise Control Management Program to comply with the latest standards
Rapid prototyping of a bespoke digital solution to automate control sampling, clustering, and testing across the 1st and 2nd lines of defense.
Key solution delivered:
- Process mapping and control flow diagrams/narratives to find vulnerabilities
- Probabilistic sampling and modeling for assessing risks
- Digitally powered entity-level controls to support SOX compliance
- Customized automation logic to authenticate the data fields
- Global operating model to support scaled multi-shore delivery
- Rapid testing of over 2500 controls based on OCC parameters
- Continual updating of ECMP document and QA/QC methodology
- More efficient testing and validation process