Objective

To integrate risk management across 10 business units and five risk domains. 

Key Challenge

The client lacked a standardised approach for managing policy life cycles. Design, development and implementation of policies and control standards were done in silos across business lines. Different risk areas structured policy flows differently. For example, Wholesale Credit and Market Risk were more product-based, whereas Operational Risk and Compliance were divisional/business-unit-based. The lack of any standardised approach created additional challenges, including:

• Inability to make comparisons between global perspective versus region-centric policies (some policies are better split by region than division);
  
• Inability to factor in risk appetite to determine a group risk appetite framework (ensuring the policy captures risk appetite changes and sets the boundary for business operations).
  

CRISIL's Solution

CRISIL designed a group-wide policy governance framework and implemented it across 10 business units and six risk domains (Operational Risk, Credit Risk, Compliance, Market Risk, Interest Rate Risk in the Banking Book (IRRBB) and Finance). This included:

• Designed the end-to-end policy life cycle, including ownership, three lines of defence, monitoring and assurance;
  
• Policy stakeholder mapping for change management and communication;
  
• Assessment and review of 60+ group-wide policy artefacts and control standards, including design of policy control and compliance metrics;
  
• Policy compliance analytics to identify controls failures and key data challenges to enhance compliance.

Questions

Looking for high-end research and risk services? Reach out to us at: