Background
- SIRA was performed at the decentralized level of integral processes, which led to irrelevant scope discussions and also negative sentiment towards SIRA within the bank;
- The scope was broader than just integrity risks (SIRA also covered prudential risks, for example);
- Previous SIRAs do not yet contain a proper organizational overview;
- There was a lack of a thorough list of risk scenarios;
- Not all relevant stakeholders and many non-relevant stakeholders were involved;
- The SIRA could not be used as a steering document by senior management.
- This bank asked Compliance Champs to facilitate the SIRA for the entire bank and also to set up a thorough procedure (including roles and responsibilities) so that the organization could eventually start working on this independently.
Solution
In line with the client’s needs and the gaps identified in the SIRA, Compliance Champs has introduced and implemented a recalibrated procedure within the bank. This procedure has been discussed in advance with key stakeholders within the bank from the first, second and third line of defense and finally approved by the competent risk committee.
Ultimately, this procedure resulted in a SIRA report that can be used as a steering document by the bank’s senior management and the responsible owners in the first and second line. Compliance Champs not only focused on how SIRA could be aligned with external requirements and market standards, but also how the SIRA could be implemented more efficiently.
Results
Some improvements made:
- Placing prudential risks out of scope, so that the scope only covered integrity risks;
- Executing SIRA at the organization-wide level instead of at the process level;
- Drawing up an organizational overview so that the risk analysis is supported as much as possible with qualitative and quantitative data;
- Defining granular risk scenarios for each integrity risk area
- Risk analysis is carried out in various workshops with relevant stakeholders, which has led to good discussions and a more unambiguous risk view within the organization;
- Thorough substantiation of the risk scores, so that these scores are reproducible and objectified as much as possible;
- The facilitating role regarding the SIRA is slowly being transferred from second-line to first-line;
- The SIRA procedure is described in a formal policy document that also describes the various roles and responsibilities of the first, second and third line. This created more ownership at the first line.
- Further standardization of SIRA by creating templates which will result in significant time and cost savings.
The final report has been positively assessed by the senior management, Compliance, and the external auditor. The further formalization and standardization of SIRA within the bank has ensured that the next SIRA can be implemented more effectively efficiently and that the permanent organization can continue independently. Senior management have a detailed picture of the most important integrity risks and shortcomings in control measures, so that appropriate adjustments can be made.
Conclusion
In addressing the SIRA challenges at a major Dutch bank, Compliance Champs successfully recalibrated the process, focusing on integrity risks and ensuring regulatory compliance. By standardizing and formalizing the procedure, the bank can now conduct future assessments independently, saving time and costs. Key improvements included narrowing the scope, involving relevant stakeholders, and creating detailed risk scenarios. The resulting SIRA report provided senior management with clear insights into integrity risks and control measures. This intervention has not only enhanced the bank’s risk management but also paved the way for potential automation of the SIRA process.
Would you like to know how we can help you with your SIRA challenges? Please contact us.
