Fintech Company Strengthens Its Lines of Defense With LockpathDownload
About this Case Study
This Fintech Company created robust first and second lines of defense with Lockpath, leading to improved self-identified issues (SII), substantial decreases in internal audit
- Financial Technology
- Number of employees:
- A lack of self-identified issues (SII) results in depressed internal audit ratings and organizational doubt.
- Robust first and second lines of defense lead to improved SII, substantial decreases in internal audit findings and late issues, and new business opportunities.
Read the Case Study
Challenge: Demonstrating Accountability and Ownership at the First Line
When a fintech company was looking to make a jump to consumer-facing technology, they knew they had to take a closer look at their processes for identifying, mitigating, and reducing risk to expand their offerings.
They already had a strong internal audit program that identified breakdowns and gaps within the organization. However, these issues were not always getting the attention they deserved across the rest of the organization. Management of risks associated with day-to-day operational activities was weak, leading to low audit ratings. Stakeholders were concerned whether the business could make risk-based decisions necessary to safely implement cutting-edge fintech.
In response, the organization’s management committee charged their risk management function with building a traditional three-lines of defense program: operational management defending against risk on the first line, risk management and compliance functions on the second line, and internal audit on the third. This meant cultivating accountability and ownership at the first line of the business, where risks are introduced to the organization. It required standing up a true second-line defense reporting to the Chief Risk Officer. Most important, it necessitated a risk culture in which everyone is responsible for identifying and reporting issues.
Solution: Selecting Lockpath To Support Processes and Build Workflows
To meet this mandate, they started by plotting processes and mapping out how they wanted to manage self-identified issues (SII) and risks. They quickly recognized the importance of utilizing a purpose-built solution. “Rather than investing more resources into the problem, we needed a platform to support the policy management process itself,” says their Director of Risk Management. “We extensively reviewed the available solutions on the market and found Lockpath was the right fit for us.”
The key to their decision was Lockpath’s ability to centralize and automate processes. “We knew that centralization would be essential for us, ensuring policies and procedures were updated on time, with the correct review, and documentation for these decisions,” he recalls. Internal auditing also found value in a centralized approach, which enabled them to easily access the policies, standards, and procedures they would be auditing against. Automatic notifications helped owners and stakeholders meet deadlines and increase accountability.
They were able to build records right into Lockpath’s platform, resulting in the capture of additional information for root cause analysis and addressing emergent issues. The organization also developed new workflows that allowed executives to accept some risks when appropriate, and dashboards that helped first-line defense employees take increased ownership.
Results: Improved Audit Ratings, Lower Costs, and an Informed Risk Culture
Empowered by Lockpath’s platform, their Risk Management team was able to improve their internal audit ratings by identifying and remediating issues at the very first line of the business. Now, first-line employees own and manage operational risks. They conduct risk assessments, participate in risk roundtables, and receive training on how to use the dashboards and tools available to them.
They also implemented second lines of defense, including Ethics and Compliance, Operational Risk Management, Business Continuity, and Privacy Officers, all reporting up to the Chief Risk Officer. These changes led to a substantial decrease in the number of internal audit findings and issues to remediate. After an initial anticipated increase in self-reported issues, they also saw decreases in SII as the organization became better at proactively managing risks.
Leveraging Lockpath’s capabilities helps reduce the number of resources required to drive success. According to their Director of Risk Management, “without Lockpath automating our process management, we would certainly need to double the resources to ensure our identified issues are seen through to completion manually.”
Most importantly, they created a risk-aware culture built around prioritizing and adopting the work they put into their lines of defense. “Organizationally, we believe that every employee is a risk manager. Regardless of role, we each have business objectives and take actions that introduce risks. This message has helped our organization mature in terms of our risk culture.”
Ultimately, this fintech company demonstrated that it was a well-managed organization capable of making sound risk-based decisions, giving its management committee the confidence to proceed with the implementation of their new consumer-facing solution.
For this organization, smart, successful risk management – paired with the power of Lockpath’s platform – resulted in transformational innovation, enabling future developments that they predict “will help us continue to be competitive within our industry.”
Using risk management to make your business a competitive force – that’s the power of Lockpath.
NAVEX’s GRC software and compliance management solutions support the integrated risk, ESG and compliance management programs at more than 13,000 organizations worldwide.