68% Reduction in Time to Complete Risk Governance Related Actions with Essential Framework Rebuild

Optimised operational risk management following the implementation of a bespoke solution, improving monitoring and speeding up incident resolution.


Business issue

Operational risk is a key consideration in the financial services industry. All companies must have systems in place to demonstrate an awareness and management of all risks and what steps are in place to mitigate these risks. They must also be able to demonstrate that they have the regulatory capital available to continue trading for the benefit of their customers.


Through this project, the customer targeted a unified approach to handling operational risks, enabling the two businesses to merge effectively and achieve ongoing success for the future. They needed a solution that would enable them to move away from the existing legacy systems as they could not provide a cohesive solution to the businesses’ challenges. Any solution must enable the customer to closely monitor risks, controls, breaches and incidents for the purposes of safeguarding the business and maximising success. If not managed effectively, the company exposes itself to potentially disastrous outcomes, such as financial losses or reputational damage.

Another key consideration was a solution that could be customised and changed to incorporate bespoke concepts as the business and its requirements develop. The customer approached Katalyze Data, experts in risk, compliance and governance, as the partner of choice for this project.

Katalyze Data Solution Delivered

With just eight months to design and implement an effective solution, the Katalyze Data team had to work quickly to formalise a company-wide risk governance and compliance framework. In response to the customer’s needs, Katalyze Data implemented a solution that provided a range of benefits.

Complex framework redesign: The implementation of an entirely new operational risk framework, fit for purpose for the combined organisation, to further their capabilities and allow analysts to effectively monitor and manage risks, controls, breaches and incidents as they arise. This comprised:

  • Implementation of a brand new, web-based solution (SAS® Governance and Compliance Manager) to manage all elements of organisational risk. This was to ensure a uniform, timely response in accordance with industry-wide regulations, such as GDPR and IFRS 17.
  • A collection of new, responsive web forms to enable collection and management of data along predefined workflows.
  • A comprehensive scoring system to monitor key statistics and insights associated with all risks, controls, breaches and incidents. This includes understanding the likelihood of a risk occurring; the seriousness of impact; identifying which departments would be impacted; and assessing the form any risk outcome would take.
  • User alerting framework to regularly notify users of upcoming deadlines to ensure a timely response to incidents. Additionally, regular reporting of recent logged incidents and breaches, providing managers with an overview of all that have been raised. This reporting system is highly bespoke and user friendly, including pre-built report templates.
  • New modules available, to expand existing operational risk capabilities once appropriate.

Solution training: Katalyze Data wrote and delivered bespoke training to enable users to maximise the value generated from their new solution.


This new operational risk solution has enabled the customer to generate substantial improvements in the way it manages its operational risk, including:

  • The average time taken to complete governance-related tactical change actions reduced by 68% thanks to close monitoring and proactive decisioning.
  • The average time taken to react to and resolve GDPR breaches decreased to six hours, giving confidence that 100% of the potential data incidents logged are being managed in accordance with legislation.
  • Quarterly assessments that previously took one hour to complete, reduced to just eight minutes.
  • The capacity to begin investigating 86% of potential GDPR breaches within just half an hour


Executive Summary


  • Merger of two businesses with disparate approaches to operational risk management
  • Outdated legacy systems
  • Stringent industry regulation relating to operational risk
  • Implementation of a brand-new operational risk governance framework
  • User alerts as deadlines approach
  • Highly bespoke, in-memory reporting tool
  • Ready-to-use-reports
  • Average time taken to complete governance-related tactical change actions reduced by 68%
  • Average time to react to and rectify GDPR breaches decreased to six hours
  • Time taken to perform quarterly assessment of operational risks reduced from one hour to eight minutes
  • Fully customisable structure and workflows to correspond with corporate requirements
  • Sophisticated risk scoring
  • Compliance with industry regulation, avoiding potential fines of up to €20m or 4% of annual turnover
  • Consistent, easy-to-interpret reporting for easy detection of issues or changes in organisational behaviour
  • Automated alert system to prevent any potential breaches – this ensures all incidents are managed effectively to avoid negative business implications
  • A fully unified approach to operational risk, whilst reflecting the differences between the two businesses


Back to Insights

Talk to us about how we can help