Being aware of our track record in constructing reliable and effective risk frameworks we were approached by our client in the payments industry who was undergoing a merger of four separate payment businesses. They sought our assistance in developing a new Enterprise Risk Management Framework, which would then be presented to their regulators for review and assessment.
Our task was to accomplish this within a six-month timeframe to facilitate our client’s acquisition of their new license.
Working closely with the Risk Integration Director, C-Suite executives, and Heads of Risk for each business, we embarked on designing, building, and implementing the new Enterprise Risk Management Framework (ERMF).
Our approach involved incorporating the best components from each business’s existing framework to create an optimal solution.
During the implementation phase, we performed the following key activities:
- Designed and agreed upon the creation of a new Risk Matrix and Risk Taxonomy, tailored to the requirements and structure of the new entity.
- Collaborated with Board members to identify their top strategic risks.
- Provided guidance to the C-Suite and Non-Executives on best practices in risk management.
- Developed new Risk Registers for each Business Directorate in collaboration with the respective C-Suite members.
- Assisted senior management in formulating Risk Appetite Statements, designing measurements, thresholds, and tolerances, and aligning them with Strategic Objectives. This included identifying Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs).
- Drafted new procedures for conducting Risk Assessments, Control Testing, Horizon Scanning, and managing 1st and 2nd Line Risk.
- Designed and built new Risk Dashboards, risk reporting mechanisms, Risk and Control Self-Assessments (RCSAs), and Incident Management processes.
- Provided training to 1st and 2nd line teams to ensure a smooth transition and knowledge transfer.
Following the completion of the framework, we continued to support the 1st and 2nd line risk teams in various activities such as;
- conducting Risk Register reviews (including systemic ecosystem risks)
- mapping controls for RCSAs
- identifying and rating emerging risks,
- and managing Risk Dashboards for reporting to Risk Executive Committees, Operations Committees, Risk Committees, and the Board.
One of the biggest challenges we faced was collaborating with the four Heads of Risk, who had invested significant time and effort in developing their own frameworks. We worked closely with them to ensure a collaborative approach that respected their contributions.
When the new framework was presented to regulators, we were delighted to receive their “non objection” response, indicating their approval of the framework. This successful outcome facilitated our client in obtaining their new license, demonstrating the effectiveness of our framework-building expertise.
To learn more about how our expertise in building effective frameworks can benefit your organization, please contact us. We are ready to support you in achieving regulatory compliance and enhancing your risk management capabilities.