Compliance, Operational and Financial Risk teams face complex challenges in creating appropriate “control” environments. Many factors impact and influence our ability to provide valuable oversight and insight to the discrete risks we face daily. These include:
✓ Increasing transactional volumes
✓ Required transactional data existing on numerous platforms and systems
✓ Inconsistent data formats
✓ Manually intensive monitoring and testing protocols that yield little or
no value to our business partners
The Manual Approach
To a certain extent, many organizations are still auditing and reviewing financial and transactional data manually. It is still very common for risk management functions to utilize “flat files” (and yes – Excel spreadsheets) in an effort to pinpoint potential issues. While surveillance and monitoring efforts are needed, these manual approaches are marginally effective at best. Even more troubling is that in many instances - Compliance, Operational and Financial Risk teams aren’t exactly sure which “behaviors” they are trying to identify. Outside of standardized scenario analysis, what other anomalies and trends are in need of review and investigation?
The logical next step in solving these issues is to implement automation of internal processes. This can eliminate duplication of efforts and significant time spent slicing and dicing information manually. That said, we all know how hard it is to get prioritized in the IT Project queue. Most IT resources are allocated to revenue generating projects and initiatives. Unless a project is regulator-mandated or your organization is “out of compliance,” it’s not likely you’ll go to the top of the list. This is not something we like to hear in the risk management space – but it’s the reality of the world we live in (especially in a tough economic cycle).
Question: What are the chances of getting IT resources allocated to embed “tests” into production systems?
Answer: Not likely!
Next Question: What are the chances if your requirements are not fully vetted or pinned down?
Answer: I can think of a couple of colourful metaphors. However, I will refrain and keep it clean. So all I will say is - Good Luck!
Without internal IT support to build and support functionality, more and more organizations are turning to vendor based solutions. Since most organizations are seeking a “magic pill” or “panacea” or “one stop shopping” to solve all of our risk management oversight issues, they often look at mainstream solutions that are expensive, oversized, inflexible or are not designed to address the specific issues their organization is trying to solve. Organizations can find themselves “over-buying” and wind up not implementing many of the features of a platform. It’s tough enough to build a business / use case for these tools, without the danger of purchasing costly but unneeded functionality.
Compliance Risk Concepts recently partnered with Nomos Software, an innovative technology company that builds testing protocols for business and customer data. With the Nomos solution in place, an organization can quickly and economically build lightweight web-based applications that automate the testing and monitoring executed manually by risk management, operations, compliance and audit professionals on a daily or other periodic basis.
Additionally, the Nomos solutions provides complete transparency and visibility, enabling risk professionals to have “behind-the-scenes” access to the logic and parameters utilized in each of the testing and monitoring protocols.
Not a problem! Nomos can roll out small changes to the tests very rapidly while the overall requirements are pinned down. Once finalized, the suite of tests and monitoring protocols can be integrated into straight-through processing systems to provide a fully automated solution set.
The Nomos solution can be used for any file-based financial or transactional data. Examples of use cases include:
✓ Payments
✓ Corporate Actions
✓ Securities and Derivatives Transactions
✓ Any other types of information that needs to be tested,
monitored or audited.
CRC and Nomos work closely together to provide a seamless integration of testing and monitoring protocols into an organization’s production financial and transactional data.CRC works with the client to define core data requirements, scenarios and tests, red flags, use cases, issues management and resolution. Once defined, Nomos will create a testing protocol that enables the client to evolve their once manual testing / monitoring environment into an automated and efficient process.
If you would like to learn how you could automate your manual testing / monitoring environment, please feel free to reach out to us directly to set up a complimentary discovery meeting with CRC and Nomos. You may contact us by email at mavnet@compliance-risk.com or by telephone at (646) 346-2468.
