To reduce the risk of losses, improve processes and controls, and protect its reputation with customers and regulators, HypoVereinsbank set out to streamline its risk and control assessment processes.
By using IBM® OpenPages® to enhance its risk and control assessment workflows, HypoVereinsbank has been able to automate reporting processes and simplify tracking for over 3,000 internal controls.
Boostsefficiency through automating risk and control self-assessment processes
33% reductionin personnel requirements thanks to better use of existing resources
Newinsight into risks and controls helps to identify gaps and resolve glitches quickly
Business challenge story
For major financial institutions, risk and control management is a serious business. If significant risks remain unidentified and uncontrolled, the consequences can be severe: not only financial losses and regulatory penalties, but also damage to the organization’s reputation and to customers’ trust.
HypoVereinsbank, Member of UniCredit, is one of the leading German financial service providers and sees risk and control management as one of its most important responsibilities. The senior management team wanted to get a more accurate and comprehensive overview of risk and control self-assessment across the organization, and also saw new opportunities to improve efficiency and facilitate processes.
Armin Konetschny, Head of Process Architecture and Control Management at HypoVereinsbank, explains: “We have a robust set of risk and control management procedures in place. To ensure that operations always comply with these policies, we perform internal audits of all process controls once a year, examining around 3,000 controls across various processes each time.
“For example, if a customer provides his or her name to open a new account, we verify the data exchanged between the front-office employee talking to the customer and the back-office person updating the system. By rigorously checking important details like this along the process chain, we can substantially optimize our processes and data quality.”
In the past, HypoVereinsbank used spreadsheets to perform these process control risk assessments. To gather information on individual process controls, the assessment team asked staff in different roles (including process owners, subprocess owners, operational risk managers and the operational units) to evaluate the performance and mitigation potential of each control. The assessment team then compiled information from all the spreadsheets to establish which process controls were effective in reducing risk, and to identify areas for improvement.
The bank saw an opportunity to replace this spreadsheet-based process with a less time- and resource-intensive workflow.
Enlisting expert support
HypoVereinsbank evaluated various solutions for operational risk and control management, and was impressed by the scope and vision of IBM OpenPages Governance, Risk and Compliance (GRC). Armin Konetschny elaborates: “We selected IBM OpenPages GRC because we wanted a standard solution that would provide a future-proof foundation not only for our risk and control self-assessment process, but for a whole category of requirements across departments and processes.
“It was important to us to build on an extensible product that we could leverage in more than one context, helping us to standardize on a small set of powerful risk and control management tools and make the most of our knowledge and investment.”
Joining forces with the IBM Services team, HypoVereinsbank connected the risk and control self-assessment to its operational process management system: ARIS from Software AG. Thanks to this integration, the risk and control management workflows in IBM OpenPages can take advantage of the existing process information.
Armin Konetschny comments: “To track around 3,000 internal controls more efficiently and effectively, we needed a seamless interface between process management and the self-assessment of our controls. Interlocking those systems more tightly seemed like a big challenge, but IBM Services helped us complete the task quickly and expertly.”
Now, the bank uses IBM OpenPages GRC to evaluate its controls along processes across all departments. To enable more comprehensive risk and control management reporting, the bank established connections between risks and controls that it can report on at different levels of granularity, depending on the audience.
This capability means that different groups of users within the bank – from senior management to process owners – have a crystal-clear view of risks and controls across their areas of responsibility. If a matter requires further investigation, they can easily drill down into the data to view it in fine detail.
For staff across all departments who submit feedback using the self-assessment tool, the IBM solution provides an even more intuitive, user-friendly interface, making the job as painless as possible.
Armin Konetschny adds: “Since many users only need to log into the solution to perform assessments once a year, usability was a key concern. OpenPages GRC makes it very easy for everyone to report on their process controls and review their responsibilities.”
Achieving huge time savings and massive productivity gainsWith one annual process control assessment under its belt, HypoVereinsbank is already witnessing productivity gains from deploying the IBM solution.
“With OpenPages, our processes are more efficient than our previous workflows,” remarks Armin Konetschny. “Around 300 people take part in the self-assessment each year. In the past, it took them more time to complete each test – now, it’s just a few minutes. This time quickly adds up, and the overall savings for the bank are considerable.”
The administration of the self-assessment procedures has also been streamlined and automated more comprehensively. Armin Konetschny confirms: “We have been able to utilize our available resources more effectively. Using OpenPages means we need 33 percent fewer staff resources to manage the risk and control self-assessment process overall.”
Introducing automation has also improved data quality, sharpening the bank’s accuracy further in assessing risks and controls. Moreover, it has enabled the bank to identify areas for improvement more easily.
Armin Konetschny elaborates: “OpenPages GRC helps us discover which controls for various processes are most effective, so we can optimize our control set and develop best practices. As a result, we can mitigate risk even more effectively and minimize overheads.”
In addition, the bank benefits from a more standardized approach to risk, control and process reporting. Senior managers can generate reports that include data from multiple perspectives in a more consolidated view, making it even easier to gain a quick and comprehensive overview.
Armin Konetschny concludes: “With support from IBM Services, we completed this transformation project on time and within budget. Whenever questions emerged, we sat down together and found a good solution for everyone. Having seen the benefits of IBM OpenPages, we are eager to help other parts of the UniCredit Group achieve similar time and cost savings.”
About HypoVereinsbank, Member of UniCredit
HypoVereinsbank is a member of UniCredit, a major financial services institution headquartered in Italy. One of the leading players in the German banking market, HypoVereinsbank employs more than 12,000 people across around 300 branches nationwide.
Take the next step
IBM Watson Financial Services uses the cognitive power of Watson to drive deeper customer engagement, new experiences and augment the management of regulatory compliance. For more information about how IBM Watson Financial Services is transforming banks and financial institutions with cognitive computing, visit ibm.com/watson/financial-services. Additionally, get the latest banking insights by following us on Twitter at @IBMBanking, on our blog at ibm.com/blogs/insights-on-business/banking and join the conversation #IBMBanking.
View more client stories or learn more about IBM Watson Platform