Optimus Think

The Driving Need to Reassess Processes & Controls Related to COVID-19 Responses


As the world grapples with the impacts of COVID-19, financial institutions are being challenged unlike ever before. In this rapidly shifting operating environment, we’ve seen these institutions take swift action to support government programs, address client needs, and create an effective remote employee workforce. Addressing these needs required urgent and dramatic changes that will have long-lasting impacts.

As the dust has now begun to settle, and the requirement for urgent action lessens, there is a growing need for financial institutions to take a step back and undertake a review of the processes and related controls implemented in recent months. The aim is to ensure control gaps in recently implemented processes are identified and mitigated in the ‘new normal’ business as usual environment.

Driving Factors

The financial services industry has experienced a significant magnitude of change that has occurred in a very short period of time.  Three key driving factors of change stand out.

1. Enabling Government Relief Programs
As part of massive government intervention, several programs have been created to help support people and businesses in need. And for a number of these programs, the government has used the banking system as the approval and distribution network for this support. Banks were pushed to react rapidly as government programs were announced. Seemingly, and in some cases quite literally overnight, processes and technology enablers related to application, approval, distribution, monitoring and reporting were developed and implemented.

While the greatest possible care and diligence was taken to support these changes, they were quickly put in place and there is an opportunity to revisit the processes and related controls, and address additional risks that may not have been initially identified. Fraudulent applications, need for government reporting, and capital monitoring are just a few of the changes that are important examples.

2. A Swift Response to Addressing Client Needs
Alongside government intervention, financial institutions have been aggressively developing solutions to assist clients in these unprecedented times. Amidst organization-wide responses, we have seen two primary focus areas. Unsurprisingly, the first has been the easing of client’s financial commitments through payment deferrals on credit products. The second lies within the realm of providing substantially enhanced digital access to services.

In addressing these important needs, many new processes have been put in place across dozens of products and services. In a rush to better serve clients in a time of physical distancing, new digital access services have been established with record speed. While there is no question due diligence was taken during implementation, it is now time to revisit the policies, procedures, risk assessments, and control frameworks to assure management that risks are effectively mitigated.

3. Ensuring an Effective and Compliant Remote Workforce
The third big change in response to COVID-19 is the shift to Working From Home (WFH) for most employees. Prior to COVID-19, WFH was certainly an option for many employees, however there stood a long-held belief that certain categories of internal employees in financial institutions must perform their roles on premises. COVID-19 changed the status quo.

Previously held views around leadership, risk, compliance, culture, and access, that may have restricted WFH in the past, have now been turned upside down as entire on-site groups shifted to WFH overnight. In fact, despite the novelty and disruption, many have reported measurable improvements in productivity and there are signs over the long term, employees are going to want to increase the amount of time they spend working from home. With this significant shift in how and where people work, new controls need to be considered, and existing processes augmented to ensure the WFH workplace remains compliant and productive.

Why Review These Recently Put in Place Processes & Controls?

There is no question that well thought out processes and controls play a significant role in mitigating and managing risk. In the normal course of our work with North American financial institutions, we spend a lot of time assessing, developing, and enhancing process and control frameworks. This work is often related to processes and controls that were developed with great thought over long periods of time. However, in our experience, we consistently see:

  • Controls that do not reflect current technology capabilities and/or information access;
  • Controls developed in isolation; and
  • Processes that are not well mapped across all lines of defense.

In the business environment created by COVID-19, financial institutions have undertaken tremendous efforts to support their clients and employees. We do recognize that sound, ‘in the moment’, approaches to risk mitigation and control frameworks have been created along the way to secure the viability of our financial system. In fact, we believe that much can be learned from the lighter touch controls and monitoring that have proven effective.

However, as we look forward, there is a critical need for a serious second look at the processes and the preventative and detective controls put in place, as well as a review of the monitoring processes employed to ensure that the new and enhanced processes are effective and sustainable.

So, do the processes and controls implemented amid the demands of the COVID-19 crisis effectively mitigate risk? We recommend asking three key questions to determine the answer:

  1. Do we have the right balance of preventative vs. detective controls?
  2. What controls can/should we automate to better mitigate and monitor risk?
  3. Have management controls and escalation points been appropriately tested since implementation?

COVID-19 has thrust a massive amount of change onto financial institutions.  The impacts have highlighted the cracks in business continuity planning, have accelerated digitization by years, and transformed remote working.  With these changes, financial institutions are facing an increasingly complex risk environment and we believe the current crisis will act as a catalyst for regulators and financial institutions in reevaluating processes, controls, monitoring and oversight.

Optimus SBR’s Financial Services Practice

Optimus SBR is an implementation-focused firm that specializes in cross-functional experience in process redesign, controls, organizational alignment, strategy development, and project management. With over 150 consultants in our Financial Services Practice we bring deep experience across all sectors of the financial services industry.  Our responsive, execution-focused approach is valued by North America’s largest banks, insurers, asset managers and pension funds.

If you found this helpful, give us a call, or send us a note.

Carolyn Kingaby, Senior Vice President and Practice Lead

Peter Snelling, Senior Vice President

Bill Carrigan, Director

Optimus Think