Regulators expect financial institutions to treat controls frameworks as integral to risk management. No longer just a compliance formality, controls must be embedded into daily business operations, with clear ownership across the lines of defense. This shift is driven by past control failures and the rise of new risks like cyber threats and third-party exposure. Financial institutions are expected to maintain transparent, adaptable frameworks that support proactive risk mitigation and informed decision-making. A strong controls environment is now seen as a strategic asset, essential to resilience, accountability, and trust.
The challenge
Our client was subject to regulatory notice which resulted in our client having to restrict its new business activities until the control gaps were addressed.
To support the relaunch, the bank needed assurance about the robustness of its control environment, including a comprehensive review of its control environment, including Financial Crime, Fraud, Conduct, Credit, Payments, and Third-Party Risk Management controls.
Capco was engaged to deliver a structured controls assurance and enhancements initiative covering the following:
- Controls identification – Identifying the key controls required to support a controlled return to markets for the business banking products.
- Controls register – Creating controls register that describes the key controls and provides evidence of the supporting procedures that underpin how the controls work in practice.
- Design effectiveness assessment – Completing detailed ‘design effectiveness’ testing to assess the quality of the current controls documentation and documenting observations and recommendations to support a controls enhancement plan.
- Operating effectiveness assessment – Sampling controls for ‘operating effectiveness’ testing, to provide an in-depth understanding of how the selected controls work in practice and to inform the controls enhancement plan
- Risk & controls dashboard – Designing a comprehensive risk and controls key risk indicator (KRI) dashboard to support Senior Management in discharging their oversight accountabilities.
- Future state controls framework – Articulating the future state ‘Controls Environment’ that would embed the control enhancements into BAU, including the Bank’s governance, reporting and oversight arrangements.
How we helped
To address the client’s regulatory and operational requirements, Capco mobilized a cross-functional team comprising of specialist across Financial Crime, Fraud, Non-Financial Risk, Credit, Controls Framework and Reporting experts. The team had a wealth of industry experience and technical skills to support reviewing, documenting and testing controls, as well as optimizing and rationalizing control frameworks.
The team completed a multi-faceted review of the control environment, including:
- Developed the client’s control universe.
- Standardized the articulation of evidence-based controls across risk domains to ensure consistency, traceability, and alignment with regulatory expectations.
- Conducted analysis to assess the design effectiveness for all documented controls.
- Compiled a comprehensive list of observations and recommendations to inform a controls enhancement plan.
- Conducted sample testing to assess the operating effectiveness of selected controls.
- Designed the Bank ‘Controls Environment’, including outlining an enhanced operating model, governance and KRIs to support senior management oversight.
- Supported the senior client team in engagement with the UK Conduct regulator ahead of going back on sale.
Value delivered
The Bank‘s long-standing control weaknesses were improved and they were able to better understand its control universe and the Bank’s senior management obtained the necessary MI to discharge their oversight accountabilities. Through this engagement, Capco added tremendous value via the following:
- Control rationalization – Rationalized ~90% of the Banks 800 controls to identify the key controls that support the controlled operation of the Bank.
- Evidence-based control register – Created an evidence-based controls register that will enable the Bank to have a comprehensive and consistent basis to identify key controls to support business operations, including reporting, testing and ongoing risk management.
- Testing framework – Defined a comprehensive approach to evidence-based control testing, which reduces subjectivity, is scalable and sets a path for future automation.
- Provided robust assurance – To ensure the effectiveness of the banks control framework, including helping to create a prioritized controls enhancement plan.
- Regulatory engagement support – Supported senior management in engaging the UK Conduct regulator, to demonstrate the maturity of the control environment and articulate a clear path for future controls enhancement.