Case study at-a-glance
- Background: Bank ABC, incorporated as Arab Banking Corporation B.S.C., is an international bank headquartered in Manama, Kingdom of Bahrain.
- GRC Challenge: Operational risk, internal audit and compliance each managed their processes on separate legacy systems and in Excel spreadsheets for some processes. It was labor-intensive to get a centralized overview of non-financial risk exposure and all related issues and action plans.
- Solution: Implement an integrated GRC solution for operational risk, internal audit and compliance to align processes and methodologies.
- Benefits: Real-time holistic view of non-financial risks across all units. Standardized and enhanced Management Information from a single source of data. Systematic tracking of progress against issues to drive accountability. More time spent on actual risk management rather than laborious data churning.
An integrated GRC solution to manage risk and control performance in one platform
Bank ABC is an international bank headquartered in the Kingdom of Bahrain. Its network spreads across five continents, covering countries in the Middle East, North Africa, Europe, the Americas and Asia. Founded in 1980 and listed on the Bahrain Bourse, the bank is a leading provider of Trade Finance, Treasury, project and structured finance, syndications, corporate and institutional banking as well as Islamic banking services and retail banking.
The main objectives for implementing the new GRC platform were to:
- Provide management with a real-time view of their non-financial risk exposure company-wide
- Build a single repository of all processes, risks, controls, incidents, issues, obligations and assessments
- Adopt a unified risk language
Each control function had its own requirements, in addition to the overall company objectives:
- For the compliance team, it was important to be able to systematically track, assign applicability and assess risks related to key regulatory obligations group-wide. Functionalities needed to include a key obligations register, compliance risk assessments, compliance monitoring, and control self-assessments with centralized group oversight capabilities.
- The risk team’s main requirement was to further enhance their group-wide risk register for all non-financial risks. To support this requirement, the solution must perform risk assessments and collect and report Key Risk Indicators (KRI) with more advanced reports and dashboards.
- Within the audit department, the new GRC solution had to fully support the end-to-end audit process for increased efficiency. This includes maintenance of the audit universe, planning, preparation, work paper management, reporting, and finding and issue tracking.
Gaining a real-time and holistic view of risks
With the SAI360 GRC solution in place, Bank ABC now uses integrated GRC technology within one platform that is shared by the different control functions. Manual processes have been replaced and previous silo-based solutions have been decommissioned.
Bank ABC now has a more holistic view on their risks across all units and more transparency since there is a central view of the issues across all locations. In addition, there have been efficiency gains as there is one common tool between the different departments.
The tool also facilitates risk and control self-assessments at a process level using a uniform risk rating methodology. This enables enhanced centralized oversight on the number of issues per process.
A continuous partnership
Bank ABC values the ongoing partnership with the SAI360 team. “All three functions said they would make the same choice again if they had to start over. There has been very good cooperation between Risk Management, Internal Audit and Compliance in terms of defining the requirements and the execution of the project”, said Olivier Nijland, Vice President, Group Head of IT Risk at Bank ABC.
“There was a strong buy-in from Senior Management and a good level of support from the SAI360 team, mainly from the consultancy side,” he said.
Bank ABC is maturing its processes further with the continuous support of its integrated GRC platform. The company is enhancing the current version of the technology through SAI360 software upgrades to take full advantage of the latest functionality available.
This upgraded functionality promotes ease of use and features intuitive user interfaces. Finally, the company is optimizing the use of reporting capabilities and will consider areas such as a complaints register, policy management and automated feeds for KRIs in the future.