There is no one-size-fits-all digital strategy for businesses. Each business selects strategies that will improve how and why work is done as well as strategies that fits the internal culture of the business.

The latest case study by 360factors reveals how one bank successfully selected risk technology that enables the CRO to align risk analysis and insight with the bank’s overall strategic objectives. The case study covers the whole process and provides us an inside view of how an actual mid-sized bank made a successful case and strategy to digitally transform the bank.

During the bank’s strategic planning process, the CRO evaluated the process gaps, data silos and accountability disparities associated with legacy enterprise risk management methods and determined that a digital transformation was needed to support the bank’s multi-year strategic plan. The problems that needed to be solved in the digital transformation were categorized into three domains:

  1. Loss Avoidance Issues
  2. Operational Efficiency Gaps
  3. Information Obstacles

The problems in each domain were further categorized into three main problems:

  1. Process Gaps
  2. Data Silos
  3. Accountability Disparity

Loss Avoidance Issues

Loss avoidance is the primary purpose of enterprise risk management. It thus became the most important perspective when looking at potential digital solutions that could be implemented in the bank.

Manual monitoring, evaluation and communication of regulatory changes, exam activities, risk assessments and complaints management results in overly complicated and inefficient processes. Click To Tweet

Process Gaps

There was a major process gap in managing regulatory risks. Compliance tests and audits were the only two processes which the bank could rely on and both the processes took too many resources. The bank found out about problems whenever compliance tests and audits were performed periodically. This arrangement meant that a problem in the risk management processes could go undetected until the next scheduled compliance test or audit.

Data Silos

The bank often had all the data it would need to be able to detect a problem early, but the data was all siloed in different departments and disparate systems. The data was spread across multiple documents, spreadsheets, email threads, and other files. Data stored in disparate systems did not allow mapping between risks and KRIs, KPIs, and controls to continuously evaluate full compliance, thus compounding regulatory risk.

Accountability Disparities

A lack of formalized process for the review and documentation of changes to business processes, controls, policies, and procedures created a risk of financial losses from missing or ineffective control activities. A department may change a process without realizing its ramifications on another process in another department, the same risk may be treated as separate risks by separate departments, or any other similar situation could result in a disparity in accountability and monitoring.

Operational Efficiency Gaps

Process Gaps

Manual monitoring, evaluation and communication of regulatory changes, exam activities, risk assessments and complaints management resulted in overly complicated and inefficient processes. These tasks were inordinately labor intensive which meant that by the time the tasks were completed, and the report was generated, the data in the report was already outdated.

Data Silos

Risk assessments were performed using Word and Excel, and exam activities were manually performed using Excel with tracking using email, which were time consuming and error prone. Additionally, business intelligence reporting had little correlation analysis. The reports took too long to make and there was no efficient way to quickly see the aggregate results of reporting from different departments or teams. All the intelligence and insights had to be manually unearthed.

Accountability Disparities

Risk mitigation activities were not assigned, tracked, or reported effectively nor was there an audit trail of enterprise risk management activities. Risk ownership can result in better performance because each employee understands their responsibilities clearly. A manual risk management system meant that the responsibilities were vague, and performance was thus less than ideal.

Information Obstacles

Process Gaps

A major vulnerability in manual risk management was that aggregation and correlation of risks was performed manually, and there was little visibility into specific risks. This meant that it was not possible to have a view of all the risk activities and metrics of the bank. This lack of visibility causes management issues because management would only find out about problems if they were reported.

Data Silos

Analysis of assessment results, risks, controls, and more could not be performed, which limited the ability to effectively monitor for gaps. There were major obstacles to efficiency in any type of analytical activity because the analyst would first have to collect information from multiple sources and then standardize it so it can be compared.

Accountability Disparities

There was no formalized tracking and reporting of risks impacting strategic initiatives, and therefore no scenario analysis could be performed. In addition, change initiative risks were not tracked, monitored, evaluated, and reported.

Learn More in Our Case Study

Want to get a more in-depth view of how mid-sized banks can achieve operational excellence through digital transformations? Download the latest case study The Journey from Legacy ERM to Real-Time Risk Analytics to learn more.