Case Studies

Create and Launch Operating Model and Risk Management Enhancements to Address Regulatory Findings

We were the driving force behind the design and delivery of enhancements to remediate regulatory findings of the operating model and risk management framework for the international arm of a large US-based bank.

The Challenge

The client was a large US bank with international operations that needed to address regulatory findings on operational risk management in the second line risk function.

The Process

Our regulatory expertise coupled with our international experience meant that we could hit the ground running. We reviewed the regulatory findings to understand how they related to the client’s international operational risk function, while getting up to speed on what was underway or completed as part of an overall company regulatory reset.

Our team completed a comprehensive current state assessment of the second line operational risk activities in the client’s international regions, covering nine countries. We created a prioritized gap analysis for each region against regulatory expectations and the client’s newly published risk management framework.

As part of this effort, we completed over 20 concurrent projects and covered 18 different risk types from technology to business continuity to financial reporting. Once the analysis was complete, we defined all remediation activity.  The team built a comprehensive and highly detailed suite of implementation and change management plans, including a fully defined second line risk operating model.

Prior to implementing the new target model, we made the following enhancements:

  • Updates to corporate policy and procedures
  • A suite of enhanced international-specific procedures
  • International operational risk training materials
  • Operational risk reporting, committees and governance framework
  • Engagement models across all international regions and functions
  • Enhanced international approach to risk type and function coverage
  • Second line operational risk oversight routines
  • We delivered a detailed fully defined second line risk operating model.


We evidenced all regulatory commitments, which fully satisfied the auditors. Our work was subsequently shared across the organization as an example of excellence to be followed.


Have a question about this article?