Facing an imminent regulatory deadline for new compliance controls and challenged by the lack of quick and easy technological answers, a global financial services provider compliance team went in search of alternatives.
The control requirements were complex and changing, but time and budget constraints ruled out a custom-coded solution. Given the urgency to act, the company decided to focus on the enterprisewide Microsoft SharePoint platform that it already had in place, hoping to extend its capabilities to address the compliance requirement without starting from scratch. To accomplish this, management knew it needed to bring in an agile team of experts to work in tandem with company staff to develop a fast and flexible solution. It reached out to Protiviti’s SharePoint team for assistance.
The proposed approach involved leveraging native features of the company’s SharePoint platform and extending them with Nintex, a third-party workflow management tool that enables rapid automation of business processes. The approach meant the team could work quickly to deliver a solution that would 1) address the immediate regulatory requirements, 2) scale to an enterprise level and 3) require minimum amounts of coding, debugging and software approvals.
Protiviti’s compliance experts worked with the SharePoint technology team to advise the organization throughout the implementation of the proposed technical solution, ensuring all compliance needs were addressed in the process.
In the end, the company’s existing SharePoint platform stored all important data and forms while integrating with key line-of-business systems of record. Nintex provided a no-code solution to enhance the SharePoint platform with a rules-based risk assessment and a scoring engine that enables the company to assess the quality of risk management.
An important aspect of the project was the melding of internal and external expertise to maximize speed and efficiency. Protiviti’s SharePoint experts and the client’s staff formed a joint team, which enabled them to collaborate and communicate effectively and accelerate dramatically the prototype development. The close interaction allowed for rapid, iterative development, with changes and course corrections made along the way. Freed from the normally lengthy approval process by virtue of the prototype status of the development and deploying agile development techniques more characteristic of a startup, work progressed quickly in small manageable stages, or “sprints.” This approach led to the development of a fully functional prototype in just six weeks.
The high level of user engagement and feedback during the development cycle resulted in a tool that not only met functional specifications, but also fit the user environment with a degree of precision that would have been difficult for a third party to achieve from the outside. More important, the solution met the requirements of the regulators and helped address the immediate compliance issues.
The financial services provider and Protiviti are currently working together to expand the concept into a more robust, permanent solution. Specifically, the client now has a process for aggregating and cross-referencing risk data from disparate sources, effectively assessing the nature of those risks and prioritizing them by risk profile. Additional workflows have been set in place to follow up on issues and ensure implementation of action items.
One of the key success factors in this story was the high degree of client engagement and support, beginning with the tone at the top. Senior management was fully behind this effort and very engaged from the earliest stages of the process. The team of internal subject-matter experts provided critical understanding and guidance on business processes and different categories of regulatory risk. Finally, there was the exceptional degree to which the client and consultant became a joint project team.
Another success factor was allowing the methodology and framework to evolve in real time and treating the technology as an integral part of the solution, as opposed to an afterthought. As Protiviti worked to modify the company’s SharePoint environment to support the compliance need, client stakeholders validated that the technology would indeed facilitate their processes. This closed loop of feedback and iteration among process, methodology, people and technology started on the first day and lasted throughout the project.
Financial services providers spend significant time, money and energy addressing risk and compliance issues. This provider’s commitment to collaboration, real-time feedback and agile improvements resulted in a project that met every initial requirement and exceeded expectations.