WHAT RISKS ARE YOU WILLING TO TAKE? HOW WILL YOU MITIGATE THEM?

Banks are under close scrutiny to keep perceived risks in line with the risks they’re actually taking. An effective risk appetite framework accurately reflects the risks you’re willing to take in the course of normal business. It also defines your boundaries while outlining how you’ll maintain them through policies, controls and monitoring to prevent breaches.

Most in the industry agree that a framework such as this is necessary. However, there is no standard solution that a bank can implement to satisfy regulatory requirements. As a result, most banks are still reactive, responding to the best of their abilities based on traditional manual processes and disparate data sources.

CSC’s extensive experience with managing governance, risk and compliance (GRC) includes assessing risk appetite frameworks, defining appropriate business models, implementing standard regulatory monitoring and reporting, and identifying needed capabilities and systems (e.g., operational risk management, liquidity management).

Working together with best-in-class alliance partners, we help financial institutions optimize for capital adequacy requirements and improve risk control effectiveness, transparency and accountability across the enterprise.

CSC’S GRC FRAMEWORK AND PLATFORM CSC provides an end-to-end framework and platform within a structured approach, including:

Risk Appetite and Framework Assessment CSC helps banks identify and mitigate high-priority risks and develop coherent risk assurance strategies. Our Risk Appetite and Framework Assessment analyzes existing risk frameworks, taking into account regulatory provisions, corporate risk appetite and risk culture. The resulting risk assessment report creates a framework for your risk appetite, including policies and key risk indicators (KRIs).

Business Impact Analysis Each potential change to banking operations requires a thorough analysis. CSC’s seasoned consultants follow a proven methodology to achieve accurate impact analyses for every environment, defining

GRC FRAMEWORKAND PLATFORM

Banks have to mitigate a

number of risks that can take

many forms. For example, the

LIBOR scandal and constant

headlines of fraud and mis-

selling have made operational

risk a bigger concern than

credit risk, especially as firms

have more complex operations,

numerous processes and a

greater need for control. No

wonder there’s more regulatory

enforcement activity today.

According to a report by the

Boston Consulting Group, U.S.

and European banks paid nearly

$65 billion in penalties and fines

in 2014, about 40% more than

in 2013, which was the previous

high. Forrester Research

predicts that a single corporate

risk event in the near future will

lead to record losses of more

than $20 billion.

A Governance, Risk and Compliance Solution for Banking and Capital Markets

Regional CSC Headquarters

The Americas +1.703.876.1000 (United States)

Asia, Middle East, Africa +65.6809.9000 (Republic of Singapore)

Australia +61(2)9034.3000 (Australia)

Central and Eastern Europe +49.611.1420 (Germany)

Nordic and Baltic Region +45.36.14.4000 (Denmark)

South and West Europe +33.1.55.707070 (France)

UK, Ireland and Netherlands +44.020.3696.3000 (United Kingdom)

© 2015 Computer Sciences Corporation. All rights reserved. Creative Services MD_8027a-16 05/2015

and quantifying key gaps while determining scope, options and capabilities. The Business Impact Analysis delivers a heat map of gaps to future needs and recommendations on change priorities.

Integrated GRC Management CSC helps banks design and implement an effective, integrated GRC framework and platform for specific risks or enterprise-wide capabilities. This includes application modernization and shortlisted GRC software hosting to enable an integrated risk management capability.

Data Sourcing and Extraction Dependence on multiple data sources presents major difficulties for banks seeking to analyze accurate, consistent and adaptable data. CSC builds banking data management capabilities on effective, low-cost storage infrastructures. We source, extract, structure and validate data to satisfy risk management requirements. Deliverables from Data Sourcing and Extraction engagements include a data dictionary and inventory, data governance and standards, and a data lake model. In addition, these services are enabled on an ongoing basis through an as-a-service engagement model.

Reporting and Attestations Regulators are expecting banks to enhance the accuracy, timeliness, completeness and adaptability of their reporting capabilities. This means that ad hoc reporting must be available on demand. CSC provides banks with best-practices expertise in redesigning business processes and IT architectures for improved reporting and attestations. We develop and optimize the output submitted to regulators and other stakeholders, delivering a defined reporting suite with configurable external and internal reporting output. Ongoing maintenance, management and support are enabled through as-a-service models.

GRC ALLIANCE PARTNERS AxiomSL AxiomSL provides regulatory reporting and risk management solutions to the financial services industry. The company empowers financial institutions to meet regulatory reporting and risk requirements across multiple regulators and jurisdictions. axiomsl.com

MetricStream MetricStream provides enterprise-wide GRC and quality management solu-tions for global corporations in diverse industries, contributing to the alliance an expertise in enterprise risk, risk data aggregation and regulatory response. metricstream.com

GRC FRAMEWORK AND PLATFORM

WHY CSC? THE RIGHT MIX TO MAXIMIZE BUSINESS VALUE

GRC Expertise across consulting, technology, business processes and agile methodologies

Next-Gen Technology Consulting leveraging data analytics, mobility, cybersecurity, cloud and application modernization

International Banking Experience with local specialization for banking clients in 69 countries

Faster Time to Value from prebuilt, tested reference architectures, reusable artifacts, templates and methodologies

Partner Ecosystem of right-fit capabilities from a network of market-leading specialist and niche partners

Technology Independence to deliver best-of-breed solutions, from open source to global partners

Comprehensive Data Life-Cycle Management for everything from legacy data warehouses to ad-vanced visualization

Purpose-Fit Industrialized Solutions based on deep banking and business- process experience

Full Life-Cycle Approach using our shape-transform-manage modules to deliver business outcomes faster