Objective

Upgrade risk and compliance controls for the wealth management arm of a big Australian bank in order to address critical deficiencies and meet regulatory obligations. The objective of the engagement was a complete end-to-end transformation of exiting business process to address:

• Inadequate assurance on the effectiveness of the compliance control environment;
• Uncertainty surrounding responsibilities and accountabilities across business functions;
• Lack of evidence-based assurance to support executive management attestation of compliance.
  

CRISIL's Solution

• Documented and modelled the process architecture via process charts;
• Mapped the complete compliance and risk universe, i.e. entity-obligation/risk business unit view;
• Documented controls (key and non-key) and mapped to respective processes in (L0 – L3) process flowcharts;
• Tested the controls effectiveness as per the compliance framework with evidences documented in the Governance, Risk and Compliance (GRC) tool;
• Performed obligation assessments and defined remediation plans in the GRC system tool;
• Developed executive management reporting through the entity compliance plan.

Client Impact

• Defined process and control architecture with clear alignment to approximately 1,000 regulatory obligations;
• Articulation of the licensed entity obligations – control linkage with the GRC system to enable proactive attestation of the entity’s compliance plan for 12 licensed entities;
• Integrated the process architecture and GRC tools to monitor the compliance environment on a real-time basis.
  

Questions

Looking for high-end research and risk services? Reach out to us at: