Highlights
- Built a new compliance platform for a big four bank.
- Ensured continuous and automated business and security compliance monitoring.
- Reduced reliance on manual checks, significantly lowering costs.
- Gained internal attention within the bank, with plans to integrate it across the business.
The Problem
The complexities of the financial landscape, coupled with growing scrutiny from various auditors, have made it increasingly challenging for institutions to maintain their compliance posture.
A big four bank was battling these challenges, trying to keep their systems in check and uphold business rules while also seeking to reduce their reliance on manual checks. The demand for low operational costs added another layer of difficulty to the scenario. Traditional methods for ensuring compliance, which primarily relied on manual checks, were neither cost-effective nor efficient enough to meet these new challenges.
The Opportunity
In the financial sector, the ability to maintain robust compliance is vital, given the increasing regulatory scrutiny. However, the challenge is amplified when attempting to reduce costs and manual labour. This presents an opportunity for developing an automated compliance monitoring solution, which not only ensures adherence to compliance norms but also makes the process cost-effective and scalable. In embracing such a solution, financial institutions like our client can effectively and efficiently manage their compliance posture while keeping operational costs low.
The Solution
Mantel Group worked alongside the bank to develop a tailored solution that enabled continuous compliance monitoring. The solution assessed the monitoring systems and coverage, filled in gaps, validated risk monitoring and management procedures against the organisation’s policies, and ensured scalability to achieve the stated goals.
The benefits of this solution were as follows:
- Automatic evidence provision from various security systems to guarantee compliance.
- Regular automated checks against financial and business data to maintain constant compliance.
- Continuous assessment of the platform via automated checks, flagging non-compliance issues on dashboards.
- Sampling of current controls to ensure correct configuration, enforcement, monitoring, and remediation.
Our Approach
The first step was to partner with the bank to gain an understanding of their unique compliance challenges, system architecture, and operational policies.
Next, the Mantel Group team and the bank began collaboratively designing the compliance platform. This involved planning the integrations with their data lake, cloud platform, and various security systems.
The third step involved establishing continuous compliance monitoring, a process which involved assessing the existing monitoring systems, identifying the gaps in assurance from automation outputs, and reviewing the associated operational processes.
The solution then implemented automated evidence collection from various security systems to provide assurance that the systems were compliant.
Automated checks were then set up to run against the bank’s financial and business data, ensuring that compliance was being maintained at all times.
The platform was then set up for continuous assessment. This involved running various automated checks and surfacing any issues of non-compliance on dashboards against their respective assets.
The final step in the process was the technical implementation of controls. The current controls were sampled and confirmed to be configured, enforced, monitored, and remediated correctly, with exceptions reviewed in line with the Line 2 cloud controls guidance, the internal technical controls framework, and GCP best practices.
Following the successful implementation of the solution, it attracted attention within the bank, leading to plans for wider integration across the business, offering a continuous automated compliance view for the entire organisation.