OpRisk and ICS at the bank Vontobel
Vontobel, a global investment advisor with strong roots and a solid capital base, specializes in asset management for private clients and institutional investments as well as investment banking.
“At Vontobel, we actively shape the future. We create and pursue opportunities with determination. We master what we do – and we only do what we master. This is how we get our clients ahead.”
Fast facts (as of December 2018)
- Founded in 1924
- Locations: Headquarters in Zürich, 26 branches worldwide
- Approx. 2,000 employees
- Client assets: Approx. CHF 247.3 billion
Growing company banks on sustainable software solution
Operational risk management (OpRisk) and the internal control system (ICS) were previously mapped in an Excel and Access solution, which had been developed in house. Over the years, the system had become impractical and needed to be replaced.
- The work involved for the responsible business department rapidly grew due to the company's growth and increasing international business
- Excel files had to be consolidated manually in regular intervals
- The department had to collect and process all information as the sole hub
- Multiple workshops were hosted just to collect information
Developing the target system
In order to meet the challenging market requirements and promote active risk management, the bank saw the need to improve transparency, consistency and efficiency. To optimize these criteria sustainably, it began its search for a software solution that not only supported its current requirements, but also offered attractive possibilities for ongoing development. The main requirements included:
- Application ownership within the business department
- Local data entry
- Standard solution with flexible customizations (e.g. in risk and control self-assessments)
- Simple, intuitive usage
- Reasonable implementation time
- Easy access to the data for analytics and a connection to the existing reporting tool
Selection of the GRC software platform risk2value
At the end of the software evaluation process, the decision-making panel selected the GRC platform risk2value from avedos.
“We first started with OpRisk and ICS in risk2value knowing very well that other areas can follow and the extensible, future-proof system is a safe investment.” Michele Luongo, Head Operational Risk, Executive Director
- risk2value not only fulfilled the necessary criteria but impressed the panel with its many advantages.
- High flexibility for implementing individual ideas (e.g. workflow design) in the system
- Straight-forward technical integration
- Modern look and feel, intuitive usability
- Direct access to the BI database
- Geocultural ties to avedos
Following a successful project, which was finished in budget and on time in Spring 2018, risk2value went into operation. The feedback from the employees who work with the system has been very positive. This is primarily due to the solid prep work from the department, which offered workshops, created a user manual, and set up a telephone hotline.
“Working with the tool is really a pleasure because it is straightforward, intuitive and modern.” Michele Luongo, Head Operational Risk, Executive Director
Benefits and advantages of risk2value
The implementation of the GRC software fulfilled the high expectations at Vontobel:
- Transparency: More comprehensive information, faster data availability, improved analytic capabilities
- Consistency: Single point of truth (i.e. central access to all data at any time through an authorization system), common methodology
- Efficiency: Larger scope with the same resources, faster way to collect information for faster responses and higher agility, lighter burden on the first line by avoiding redundant queries, less effort required for coordination between the second and third lines
In addition, the department has been able to reduce the number of hosted workshops by 75-80%. This saves a great deal of time so it can focus on its core responsibilities.
The GRC platform has gotten off to a great start and the positive experiences throughout the three lines of defense are paving the road to further levels of GRC maturity. In the next step, Vontobel will implement the General Data Protection Regulation (GDPR) in risk2value. Other potential use cases include:
- IT and cybersecurity
- Business continuity management
- Stronger integration of qualitative and quantitative information to enrich RCSAs with indicators, losses, etc. and support evaluations
- Automated control assessments with the help of indicators used as “sensors” in combination with AI
risk2value has laid the foundation for Vontobel to integrate information from various GRC applications and profit from well-founded decisions across the company.