Anonymous case study
Almost €66bn in total assets.
650+ customer service locations across Europe.
This case study presents one of RiskBusiness’ longest standing clients; a medium-sized banking institution headquartered in mainland Europe. Initially, RiskBusiness provided a risk advisory service for the firm, helping them to establish an RCSA, risk-profiling, KRI and scenario assessment framework, before rolling out several of the Graci modules to support the bank’s needs. Four years ago, the service was expanded to include the firm’s compliance function and, more recently, it adopted Graci’s Internal Loss Data Service.
Until November 2019, the bank had been using a legacy system developed in-house to manage its internal loss event data. Loss events reflect where a risk has manifested itself on the firm and usually resulted in either some form of financial loss, adverse efficiency impact, or an unexpected gain, although some firms may also elect to record data on so-called near misses. “It was a lot of data” explains the head of the bank’s operational risk policy framework. “It was a very complex project to map the data from one side into the other.” The initiative had to be completed while continuing to carry out all other business functions as normal, without disruption. “We did a migration and at the same time we were testing the product. We were working on two environments at the same time. Obviously, capacity was limited because we had a lot of other things to do and, I have to say, the team at RiskBusiness did a great job,” says our source.
Every operational risk and compliance department requires the ability to generate reports to present to management and senior executives. Having worked across two solutions for some time – which many financial institutions find themselves doing as legacy systems are phased out and new regulatory requirements brought in – our case study client was keen to move towards a more streamlined approach to data management and reporting, with everything in a single database. “It’s crazy to have two systems and maintain two sets of users, two hierarchies or organisation charts,” says our source. “The other system was robust but not flexible at all, so we couldn’t use it anymore; it couldn’t cater to our needs in terms of reporting.” With everything now in one place, the firm will be able to realise the true potential of its data going forward and reporting is now considered “a big asset” to the department.
Implementing the Internal Loss Data Service module has helped raised the profile of operational risk with senior management and other key stakeholders at the bank, providing a slicker, more user-friendly platform than the previous solution. “It’s a more modern system and it’s a decentralised way of recording data. In all of the countries in which we operate and all the subsidiaries of the subsidiaries, they all have users which have their credentials and they all go in and record what they have to record. It’s a bottom-up approach; everyone records and everyone has ownership of the data,” says our source.
Today’s regulatory landscape provides a challenging working environment for operational risk and compliance departments. The Graci solution has been developed with the growing pressures of regulatory compliance in mind, providing tools to help meet specific requirements, as our client explains: “It helps with many types of regulatory obligations: the stress test, the ICAAP, where we collect all of the scenario assessments, data, our internal losses reports. Every module has a regulatory aspect. For example, specific reporting has to be made to the regulatory authorities about what we outsource; the results of a very detailed assessment. Through the application, we have a register of all the outsourcers [we use], we have the exact engagements with each outsourcer as well as our regular assessments of this engagement and the risks identified.”
Efficiency was cited by the client as a key benefit of using a third-party vendor, rather than developing an in-house solution. IT departments within financial institutions are notoriously busy, often tasked with managing and maintaining both internal and customer-facing systems simultaneously. Instead, RiskBusiness cultivates a close collaborative relationship to ensure the system continues to meet requirements. If the client has an idea for an enhancement, or a new regulatory obligation comes into play, potential updates can be formally raised, then thoroughly tested and optimised before being implemented into the live environment.
Other plus points highlighted by our case study bank included a value-for-money price point, particularly taking into consideration post-pandemic budget management; and the flexibility and adaptable nature of the system.