Back to How We Help Clients

Operational Risk, Compliance, and Controls

Organizations face growing threats due to non-financial risks—from compliance and misconduct to technology failures and operational errors. We provide enterprise-wide tactical and transformative solutions to manage these risks.

Any institution that has failed to manage its non-financial risks knows that the impact can be even more serious than more-familiar financial risks. The effects can encompass direct losses, such as fines, litigation, and remediation expenses from compliance lapses, or indirect damage to reputation and the business model from employee misconduct or failure to pass supervisory requirements.

Today’s non-financial risks cut across divisions and functions, often requiring enterprise-wide solutions. We are uniquely positioned to help our clients develop these solutions, with distinctive knowledge and deep experience across all risk disciplines, combined with a broad record of impact with senior executives undertaking major corporate transformations. In the past 24 months, we have served 8 of the top 15 banks globally on non-financial risk transformations. We employ classical enablers, combined with advanced analytics and proprietary methodologies and tools. We address issues as broad as fixing the three lines of defense or compliance organizations and as targeted as stress-testing clients’ operational risk models for compliance. In addition, we help our clients manage risks created by third-party vendors and have strengthened our clients’ resistance to cyber-attacks.

How we help clients

1. Transform non-financial risk management by establishing a comprehensive, end-to-end transformation program.

  • We have developed a best-in-class framework and tool kit for managing non-financial risk, including determining the risk appetite and strategy, as well as organization and governance; implementing key risk processes, tools, and systems; and creating a strong risk culture. We can also create a customized framework to respond to specific client needs efficiently.
  • Our structured and calibrated approach to operational risk stress testing, supported by our expert team of former regulators, is proven to help institutions comply with regulatory mandates such as the Comprehensive Capital Analysis and Review in the United States.

2. Improve compliance and controls.

  • We take an integrated approach to compliance, helping our clients’ address regulatory mandates, while simultaneously creating business value.
  • Furthermore, we help clients develop and implement risk and control assessment (R&CM) frameworks, implementing a unified risk taxonomy as the basis for systematic risk identification, with consistent and homogeneous components. We work with top management teams to drive this R&CM in the first and second lines of defense; and to ensure company-wide R&CM grids are aligned with the risk appetite, focusing relentlessly on mitigation.
  • Our advanced analytical capabilities, such as machine learning, help clients do predictive analysis to detect and prevent fast-moving and sophisticated criminal activities, such as money laundering and rogue trading.

3. Enhance technology risk management.

  • We help organizations establish IT risk management groups, and help these groups deliver on their mandate to manage increased exposures to technology risk.
  • Our advanced digital tools include an online platform called the “Cyber Risk Matrix,” which examines an organization’s information assets, prioritizes top risks, analyzes gaps in controls, and develops a remediation plan for them.

Featured experts

Stuart Breslow

Partner, New York

Piotr Kaminski

Senior Partner, New York

Daniel Mikkelsen

Senior Partner, London

Kate Robu

Partner, Chicago

FEATURED CAPABILITY

Cyber Solutions

Identifies areas of cybersecurity vulnerabilities in a company’s strategy, operations, and controls, and creates a roadmap of mitigation initiatives

Impact story

Demonstrating impact through the three lines of defence

Supporting a global bank in defining the three lines of defence and enhancing risk controls

Transforming a global bank's approach to operational risk

Redefining operational risk management and controls for a global bank

Related Insights