Shared Services Setup of Key and Non-Key GLBA Control Testing for a US-Based Regional and Community Bank

Client Introduction

A leading US-based Regional and Community bank of USD 122 billion in asset size that offers services to retail consumers, corporations, and non-profits through traditional and digital banking.

Problem Statement

The bank had a deadline to complete the testing of key controls for the Gramm-Leach-Bliley Act (GLBA) before the internal due date to meet MRIA requirements and establish a Shared Services Setup for ongoing testing as a part of the exercise.

Key requirements:

  • Hire a team of ~25 qualified testers, supervisors, and managers in 3-4 weeks based in Atlanta, GA.
  • Onboard and train the team in one week.
  • Help control owners review controls, draft control descriptions, test the scripts, and make decisions.
  • Test ~150 key GLBA and non-key controls as a part of the 1st line-of-defense (information technology ITO and operations controls).
  • Conduct the test of design, including the test of one.
  • Conduct the test of effectiveness.
  • Management reporting to the stakeholders.
  • Review and provide recommendations on the Enterprise Control Management Program (ECMP) – IT document.

Solution Offered

  • Leveraged our Talent Acquisition engine accelerated by ClearedTalent to hire professionals from a pre-vetted talent community.
  • Completed the staffing of ~25 qualified control testers, supervisors, and managers with hands-on expertise and proficiency in testing the IT and operations controls and upskilled them within the timeline.
  • Coordinated with Control Owners to review each control’s evaluation against ECMP requirements and determined the controls.
  • Conducted Quality Control (QC) before testing based on the feedback received from Control Owners.
  • Determined control adequacy and evidence.
  • Developed a customized randomizer tool for sampling the controls.
  • Conducted GLBA peer-to-peer QA testing on 50% of the controls enabled by pre-defined QA checklists to demonstrate performance attributability.

Business Outcomes

  • Successfully met the internal audit obligations and established Shared Services setup.
  • Tagged 52 GLBA controls for retirement within the first 60 days.
  • Continual updating of ECMP document and QA/QC methodology.
  • Leveraged best practices from a Shared Services and Enterprise Risk Management perspective, such as:
    • Knowledge dissemination is based on existing digital knowledge repositories powered by Fluent (proprietary digital knowledge management solution).
    • Reporting of Service Levels as well as Control Effectiveness measures amongst others through Factum (proprietary digital dashboarding system).
    • Optimization of Control Testing and subsequent digitization by “Overlap Identification” and subsequent RPA implementation powered by Uipath~ 10 % efficiency benefits through Non-Value Add elimination in the testing processes.

Want learn how Anaptyss can rapidly deploy teams on your projects to meet compliance deadlines?

Write to us: [email protected]