As the world grapples with the impacts of COVID-19, financial institutions are being challenged unlike ever before. In this rapidly shifting operating environment, we’ve seen these institutions take swift action to support government programs, address client needs, and create an effective remote employee workforce. Addressing these needs required urgent and dramatic changes that will have long-lasting impacts.
As the dust has now begun to settle, and the requirement for urgent action lessens, there is a growing need for financial institutions to take a step back and undertake a review of the processes and related controls implemented in recent months. The aim is to ensure control gaps in recently implemented processes are identified and mitigated in the ‘new normal’ business as usual environment.
Driving Factors
The financial services industry has experienced a significant magnitude of change that has occurred in a very short period of time. Three key driving factors of change stand out.
1. Enabling Government Relief Programs
As part of massive government intervention, several programs have been created to help support people and businesses in need. And for a number of these programs, the government has used the banking system as the approval and distribution network for this support. Banks were pushed to react rapidly as government programs were announced. Seemingly, and in some cases quite literally overnight, processes and technology enablers related to application, approval, distribution, monitoring and reporting were developed and implemented.
While the greatest possible care and diligence was taken to support these changes, they were quickly put in place and there is an opportunity to revisit the processes and related controls, and address additional risks that may not have been initially identified. Fraudulent applications, need for government reporting, and capital monitoring are just a few of the changes that are important examples.
2. A Swift Response to Addressing Client Needs
Alongside government intervention, financial institutions have been aggressively developing solutions to assist clients in these unprecedented times. Amidst organization-wide responses, we have seen two primary focus areas. Unsurprisingly, the first has been the easing of client’s financial commitments through payment deferrals on credit products. The second lies within the realm of providing substantially enhanced digital access to services.
In addressing these important needs, many new processes have been put in place across dozens of products and services. In a rush to better serve clients in a time of physical distancing, new digital access services have been established with record speed. While there is no question due diligence was taken during implementation, it is now time to revisit the policies, procedures, risk assessments, and control frameworks to assure management that risks are effectively mitigated.
3. Ensuring an Effective and Compliant Remote Workforce
The third big change in response to COVID-19 is the shift to Working From Home (WFH) for most employees. Prior to COVID-19, WFH was certainly an option for many employees, however there stood a long-held belief that certain categories of internal employees in financial institutions must perform their roles on premises. COVID-19 changed the status quo.
Previously held views around leadership, risk, compliance, culture, and access, that may have restricted WFH in the past, have now been turned upside down as entire on-site groups shifted to WFH overnight. In fact, despite the novelty and disruption, many have reported measurable improvements in productivity and there are signs over the long term, employees are going to want to increase the amount of time they spend working from home. With this significant shift in how and where people work, new controls need to be considered, and existing processes augmented to ensure the WFH workplace remains compliant and productive.
Why Review These Recently Put in Place Processes & Controls?
There is no question that well thought out processes and controls play a significant role in mitigating and managing risk. In the normal course of our work with North American financial institutions, we spend a lot of time assessing, developing, and enhancing process and control frameworks. This work is often related to processes and controls that were developed with great thought over long periods of time. However, in our experience, we consistently see:
- Controls that do not reflect current technology capabilities and/or information access;
- Controls developed in isolation; and
- Processes that are not well mapped across all lines of defense.
In the business environment created by COVID-19, financial institutions have undertaken tremendous efforts to support their clients and employees. We do recognize that sound, ‘in the moment’, approaches to risk mitigation and control frameworks have been created along the way to secure the viability of our financial system. In fact, we believe that much can be learned from the lighter touch controls and monitoring that have proven effective.
However, as we look forward, there is a critical need for a serious second look at the processes and the preventative and detective controls put in place, as well as a review of the monitoring processes employed to ensure that the new and enhanced processes are effective and sustainable.
So, do the processes and controls implemented amid the demands of the COVID-19 crisis effectively mitigate risk? We recommend asking three key questions to determine the answer:
- Do we have the right balance of preventative vs. detective controls?
- What controls can/should we automate to better mitigate and monitor risk?
- Have management controls and escalation points been appropriately tested since implementation?
COVID-19 has thrust a massive amount of change onto financial institutions. The impacts have highlighted the cracks in business continuity planning, have accelerated digitization by years, and transformed remote working. With these changes, financial institutions are facing an increasingly complex risk environment and we believe the current crisis will act as a catalyst for regulators and financial institutions in reevaluating processes, controls, monitoring and oversight.
Optimus SBR’s Financial Services Practice
Optimus SBR is an implementation-focused firm that specializes in cross-functional experience in process redesign, controls, organizational alignment, strategy development, and project management. With over 150 consultants in our Financial Services Practice we bring deep experience across all sectors of the financial services industry. Our responsive, execution-focused approach is valued by North America’s largest banks, insurers, asset managers and pension funds.
If you found this helpful, give us a call, or send us a note.
Carolyn Kingaby, Senior Vice President and Practice Lead
Carolyn.Kingaby@optimussbr.com
416.649.9219
Peter Snelling, Senior Vice President
Peter.Snelling@optimussbr.com
416.649.9128
Bill Carrigan, Director
Bill.Carrigan@optimussbr.com
416.276.2635
4 Essential Steps to Enhance Your Organization’s Data Capabilities: A Roadmap for Success
Realize the full potential of your data and gain a competitive edge by following this 4-step approach to maximize the value of your data.
Navigating the Future: How Canadian Leaders Can Forge Resilient Strategies in the ESG Landscape
By adapting a proactive approach leaders can effectively navigate the complexities of the evolving ESG landscape and foster trust in an increasingly conscientious market.
Securing the Future: How Canadian Businesses Can Prepare for 2024’s Cyber Security Challenges
In 2024, cyber security is not just a technical issue – it’s a business imperative central to all Canadian organizations, irrespective of size or sector. According to the Canadian Centre […]
Developing Early Career Talent: 5 Strategies for Success
A robust and effective early career talent development program is essential for companies looking to grow their future leaders from within.
Privacy Law 25: Five Essential Priorities to Drive Success for Canadian Financial Institutions in 2024
By prioritizing these six key areas and taking the necessary actions, organizations can build trust and confidence among consumers, while ensuring compliance with both current and future Canadian privacy regulations.
Power BI vs Tableau – Which is Better?
Although Tableau and Power BI are similar business intelligence tools, there are key differences that organizations should be aware of when considering analytical requirements.
Unleashing the Potential of IFRS 17 Through Effective Process Documentation
To effectively implement IFRS 17, insurers must carefully assess their existing processes and determine how the new IFRS 17 processes can replace or integrate with them.
