Breach Management, Checklists and
A London-based asset management firm with £631 Billion assets under management (AUM); the firm is classified as a large CASS firm as per the FCA’s classifications and is the asset management arm of a large Japanese banking group, servicing both retail and institutional investors.
Using spreadsheets and other disparate resources to record incidents and breaches and to manage the firm’s risk control matrix.
The firm had previously implemented Axiom’s CASS regulatory platform (as described above) to replace its Excel-based approach to compliance. On realising the efficiency savings offered by the CASS solution, the firm opted to rollout elements of Axiom’s core governance and risk platform to manage its risk control matrix and to record and manage operational issues and breaches.
Prior to implementing Axiom, the firm relied on spreadsheets across multiple lines of business and departments. The firm is regulated by the FCA (and other regulatory bodies) and is therefore subject to, and must evidence compliance with, various regulatory handbooks (including SYSC, COBS, DISP, COLL, GDPR, JMLSG, & AML). The firm had several key requirements, some of which are listed below:
an incident management solution with fully configurable data fields to support multiple regulations and rule types,
user-configured workflows to support different breach investigation and remediation protocols,
a multi-dimensional mapping feature to enable users to link related artefacts to each other i.e. rules to controls, processes to risks, and controls to risks,
access to a library of rules and regulatory handbooks, and industry standards,
functionality to manage firm-wide controls and testing, and
configurable management information dashboards.
Replacing the firm’s reliance on Excel spreadsheets and SharePoint with Axiom’s comprehensive governance and risk platform
Following detailed analysis with key stakeholders in the risk and compliance teams, we started the implementation project by rolling out an instance of the Axiom platform configured with the relevant fields and workflows to reflect the breach recording and remediation protocols of the various lines of business/departments in scope.
Departments were also given access to an up-to-date feed of the relevant regulatory handbooks and industry standards to address the firm’s requirement to map incidents and breaches to the related rules. For example, the Compliance Team had access to a suite of chapters from the FCA Handbook (including COBS and SYSC) and the InfoSec Team access a library of GDPR rules and ISO Standards, all maintained in the system.
Axiom’s regulatory checklist functionality, and governance and risk features, were also implemented to support the firm’s control testing process, ensuring that controls remained effective in mitigating the risks for which they were designed.
Having transposed its spreadsheet-based matrix into Axiom, the relevant workflows were rolled out across the business to track operational activities required to remedy failed or ineffective controls.
The firm now has access to an automated digital library of regulatory handbooks; it has replaced paper-based checklists and spreadsheets with a real-time view of its risk control environment and is able to generate the required management information and indicators to support its governance and regulatory reporting obligations.