Audit & Assurance
Remediation of Enterprise Risk Management FRB MRA
Advised internal audit on validation of various provisions of ERM program to satisfy a Federal Reserve Board MRA for a multi-national, U.S.-based institution
Spearheaded a team of global risk experts partnering with internal audit of a large, U.S.-based multinational financial institution in response to a Matters Requiring Attention (MRA) directive issued by the Federal Reserve Board (FRB). The core objective was to uplift the institution’s enterprise risk management (ERM) capabilities and establish a long-term risk-management culture and target operating model aligned to G-SIB standards.
The team first reviewed and challenged the proposed remediation plan and provided design feedback on the capabilities for various risk programs within the plan, including operational risk, compliance, legal, and board oversight. The team’s review and challenge of the plan yielded vast improvements and clearer outcomes, milestones, and deliverables to meet the objectives of the firm’s ERM commitments to the FRB. The team was also tasked with formulating appropriate success measures, sustainability principles, and evidence of sustainability for ERM plan capabilities to meet regulatory expectations and industry best practices globally. The team also assisted in assessing the organizational change management impacts of the plan and designing change management activities to sustainably implement the plan’s capabilities, including sufficient resources/talent, training, and oversight/governance.
The team also advised on relevant risks to the institution and challenged the updated risk taxonomy, challenged and provided substantive QC design feedback on the processes, controls, and governing documents for various aspects of the plan and ERM program to provide consistent standards and governance within each risk discipline, as well as board oversight of the entire plan and updated ERM program, and recommended risk-data-driven board reporting improvements to better reflect the firm’s material risks across all global jurisdictions.
To better position the internal audit team to validate the remediation plan and updated ERM capabilities, the team also articulated best-in-class QC design testing methodologies and test scripts to assess the individual capabilities within the plan.
Finally, the team provided guidance on the institution’s issues management program design, taxonomized the firm’s existing issues according to the updated risk taxonomy and new ERM framework, and provided guidance on future issue taxonomization under the new framework and updated risk taxonomy.
This engagement helped establish a roadmap for success for all facets of the institution’s ERM program, positioning it to implement and sustain integrated, globally aligned, robust, data-driven risk management capabilities to meet future supervisory expectations with greater confidence and clarity. Throughout this exercise, the team identified opportunities for tools, technologies, and processes to better link and aggregate the firm’s overall risk profile and execute a holistic, data-driven ERM program and culture globally.