The Challenge
Outsourcing management and processes are not compliant with regulatory requirements. BAFIN audit findings in this and other areas, special auditor appointed and restrictions on customer growth already imposed (fine). Previous project for redesign of outsourcing management process behind schedule. The Eraneos team was brought in to support all process participants in the operational implementation and execution of the new process.
The approach
Establishment of a valid data basis of the third-party contracts and restart of the initial process with classification. Gap analysis of the redesigned process steps for their compliance with all regulatory requirements. Workshops with the OSM team and the 2nd LoDs1 (Compliance, Data Protection, …) especially for risk analysis along the Non-Financial-Risks (NFR). Performing needed adjustments of strategy, processes and the bank’s set of written instructions2 parallel to ongoing execution. Coordination and functional support of the execution of the new process for all current and new contracts. Setting up KPI/KRI Systematics for Third-Party Provider Monitoring. Supporting the rebuilding of the internal OSM: databases, reports, control frameworks, …. Support BAFIN reporting (proof of concept, proof of effectiveness).
The result
Fast Deregistration of the most serious audit findings in the area of outsourcing management. Implementation of a compliant outsourcing management (strategy, written order, processes). Accelerated rollout across the units involved in the process. Execution of the new process including renegotiation and approval for the majority of contracts. Foundation established for third party management, risk monitoring and needed control framework.