Case Studies: NDB Bank

NDB Bank

Retail Bank

Colombo, Sri Lanka

LKR 550bn in assets and 600,000 customers


Graci Risk and Compliance modules

NDB Bank

NDB is a Sri Lanka-based bank founded in 1979. Until recently, operational risk was not a major focus for regulators in the country and NDB is believed to be one of the first banks to establish an official operational risk function.

Manual management of risk data at the bank was time consuming and inefficient, so implementation of a dedicated software solution was the logical next step for the firm. “We began by working with the bank to select modules focused around operational risk management,” explains RiskBusiness’ CEO Mike Finlay, who led the implementation of the system at NDB. “We later added compliance and are looking at expanding into other areas going forward.”

Leading the way

Most other local firms still do not have a dedicated GRC solution in place, so NDB is currently leading the way in its approaches to risk management. “The risk management system is advanced compared to other local banks,” confirms Sharmini Jayaweera, Deputy Manager of Operational Risk at NDB. The risk advisory services provided by RiskBusiness have also been essential as the bank’s risk maturity continues to develop. This has involved the RiskBusiness team (which is based in the UK) spending time in Sri Lanka. “They were very supportive with the implementation and still we get support from them,” says Jayaweera, “not just for the system, but also risk management advisory.”

Regulatory compliance

Mhiri Dias is Manager of the Compliance Department at NDB and a regular user of the Graci Compliance module. “We upload all the new external regulations on a quarterly basis; track the supervisory concerns arising from the regulator on a quarterly basis; track the internal policies of the bank on a monthly basis to ensure that they are reviewed in a timely manner and also use it to review actions relating to compliance and regulatory issues,” she explains. “We also use the Newsflash Library for internal reporting, whenever there are stories related to sanctions or that type of thing.”

The Newsflash module also helps informed risk mitigation measures, as Jayaweera (Operational Risk) explains: “We get all of the international news on major cyber threats and new technological issues. This helps us identifying potential risks in our internal processes which we may have missed, so that we can get our mitigation actions ready. We can flag a newsflash and send it across to respective stakeholders to be ready with action plans to mitigate such risks.”

Benefits of a third-party supplier having a team of experts on-hand to deal with technical issues and to provide guidance on how to best make use of the system has been invaluable as the bank’s risk-management and compliance functions evolve – and despite being based thousands of miles apart, the support provided is always efficient. “Whenever we have logged an issue they have been able to promptly address it,” confirms Dias. Priyantha Gamage, Assistant Vice President of Branch Operations at NDB was responsible for overseeing the procurement and implementation of the Graci system. He was looking for a solution that would be completely adaptable to the bank’s changing needs. “When we went into the Graci system we saw lot of flexibility; you can set up the system the way you want,” he says. “To be very frank, we learned a lot from Mike. The support was tremendous.”