Introduction
Challenges
Siloed teams: This bank lines of business operate in the siloed process where IT business partners do not collaborate with Model Risk Management teams and other frontline lines of business. This creates inefficiencies and cost the enterprise in operational cost to manage EUCT tools.
Inefficient Monitoring and Reporting: The lack of developing reporting capabilities for IRM leads to a lack of visibility for managing EUCTs across the enterprise. Implementation of KRI/KPIs requires IRM to streamline data across the multiple source systems and ensure the completeness and accuracy of the data that is being ingested for reporting.
Lack of Risk and Control Self-Assessment (RSCA): This exercise is used to identify and assess various risk types faced by the enterprise. The exercise is performed by IRM collaborating with business partners and self-identify potential risk and issues and manage such risk in the centralized issue repository.
Implementation
Direct Collaboration: To tackle these challenges, this bank implemented an RSCA program and established annual RSCA exercise that is performed annually by IRM and business partners.
Enhanced Governance for EUCT risk management: The enterprise implemented a quarterly governance process that allows collaboration with both business and IT partners for addressing risk pertaining to EUCTs and identifying opportunities for potential EUCT retirement and managing such tools in a technology application.
Enhanced IRM monitoring and reporting capabilities: Model Risk Management team developed KRI/KPI reports and reviewed them on a quarterly basis in order to gain understanding of potential EUCT risks for various lines of business. Through developing KRIs/KPIs, IRM has oversight of all lines of business throughout the EUCT lifecycle from Identification through retirement.
Results
Enhanced Oversight Efficiency and reduction of EUCT Risk: The initiative led to an enhanced oversight over the various EUCT lifecycles across the enterprise. This met internal Audit requirements for an Enhanced EUCT risk management program. This has streamlined the process for identifying EUCT risk and remediation required to manage the risk within the enterprise risk appetite.
Improved Collaboration: The establishment of a collaborative environment between risk managers and technology teams resulted in the elimination of the number of EUCTs across the enterprise. This has lead to the bank reducing operational cost such as headcount, and cloud service cost across the enterprise. Furthermore, by managing both Model and EUCTs in a centralized repository system of record has enhanced the enterprise approach to managing EUCTs and enhanced reporting capabilities.
Conclusion
This banks comprehensive approach for managing EUCT risk has yielded significant benefits including enhanced reporting efficiency, improved collaboration, reduction of headcount, and improved collaboration between all three lines of businesses across the enterprise. This case study exemplifies the critical importance of integrating business processes with technology solutions to create further collaboration with all lines of defense across the enterprise and managed EUCT risk in a centralized repository.