The focus of all organizations and leaders this year has, rightfully so, been to protect its customers and employees. Over 90% of the workforce is now working remotely, outside the boundaries of the traditional office, while customers forge ahead into uncertainty. Indeed the world now looks very different from what it did at the start of the year. But one thing is clear: this is the new normal.
But as financial services institutions (FSI) look to overcome ongoing challenges to managing risk, the need to improve governance and exert control over processes and activities remains critical. Add in digital transformations, upgrades to aging technology, and dealing with increased regulatory scrutiny, there is immense pressure on governance, risk, and compliance (GRC) teams. Between 2019 and 2020, regulatory fines and penalties on FSIs have exceeded over $11 billion, largely due to financial crimes, a lack of adequate supervisory controls, and governance and risk management failures.
Managing GRC in our new normal requires a new approach. Detailing the interconnectedness of people, process, technology, and data is crucial to mitigating risk, improving compliance, and aligning governance with business goals. Leveraging artificial intelligence, computer vision, and deep learning models, also known as process intelligence, is now an important tool in the toolkit for the GRC practitioners, and officers across multiple lines of defense.
Where Process Intelligence Makes the Difference
Only by understanding the reality of your business processes can you be effective in improving internal controls. FortressIQ decodes work to provide the detailed current-state assessments, which give you the process intelligence to make data-driven decisions. It captures tasks at the most granular level, with no bias or digital blind spots. It works across all applications, through each department across the enterprise, and for every single process. It’s also faster and less expensive than traditional process mapping and mining methods, yet provides much higher accuracy to reduce rework and accelerate improvements.
Process intelligence provides GRC a powerful tool, and extends into financial crime, audit and assurance, operations, lending, and many other areas requiring execution of manual, repeatable tasks and usage of multiple systems and applications. With a deeper understanding of how your business actually works, strategic and tactical changes can be implemented effectively and efficiently, and with better oversight.
Converting Process Risk into Data Transparency
Below are key areas where process intelligence helps FSIs understand their current-state processes at the most granular level, and which can be leveraged effectively at scale:
- Enterprise-wide Risk Management (ERM): Process intelligence provides a detailed understanding of end-to-end processes at the enterprise level across key functional areas. This detail improves how risks are identified, captured, aggregated, and reported. Specifically, end-user computing tools are identified to highlight when and where manual workarounds occur. Examples include complex compilation and computation tasks performed by Risk Management, Operations, Finance, and Treasury to calculate market risk, credit risk, liquidity risks, capital and liquidity ratios, and more. Additionally, these granular process insights can then be leveraged for operational risk and control self-assessments (RCSA).
- Data Governance: To ensure effective management of BCBS standards, the Data Management office can leverage process intelligence to track which data points are captured manually. That’s essential to running the business and managing risks. Understanding the key sources of data (internal or external, such as regulatory websites or third-party data) and how the data is consumed (data inputs and outputs) within the organization can be tracked and measured.
- Compliance Risk Management: Compliance officers can leverage process intelligence to ensure adequate procedures are in place for process governance. In addition, simplified and standardized regulatory reporting processes. For example, a leading FSI mapped its trade reporting (blue sheets) processes, which included heavy user intervention and dependency on multiple applications and platforms, to execute regulatory requests. The number of regulatory requests had quadrupled in just a few months due to market volatility, which slowed down efforts and created a constant backlog. Within 7 days of deploying FortressIQ, and without disruption or utilization of a compliance officer’s time, the FSI was able to map end-to-end processes from request receival to submission. Compliance is now fully aware of the current state procedures and its complexities, and the output is being used as a business requirement document for process re-design and automation.
- Internal Controls: By understanding business processes at the most granular level, as well as detailing how key applications and platforms are used at the user level, internal controls can be strengthened and validated by all lines of defense. The procedure documentation, analytics, and insights can then be leveraged by Compliance, Risk Management, and Internal Audit to understand processes, manage risks, and validate and strengthen internal controls.
Process Intelligence for Every Line of Defense
Process intelligence brings visibility into each line of defense within an FSI by following the human and the process instead of application logs or consultant interviews. Advanced computer vision, machine learning, and artificial intelligence capture every process step quickly and accurately, with zero integration and universal compatibility. This automated business process discovery, modeling, and documentation surfaces data and insights unattainable with traditional methods, but instantly usable by GRC across their purview and across the enterprise.
Process Intelligence is a valuable tool that uncovers the real usage of all governance, risk and compliance workflow tools and technologies. FSIs require transparency above all, and FortressIQ delivers real-time, data-driven insights that create a detailed map of your business – across all applications, through each department, and for every single process.
We can help your GRC efforts, too. Just click here to let us know how to get in touch.