Regulatory Remediation

Developing and executing strategic and resolution-driving lookback and remediation programmes through automation and data analytics.

We partner help you aggregate and improve the quality of your existing tools, technologies and capabilities related to lookback reviews and customer remediation. We employ practical methodologies to address complex lookback and remediation efforts to effectively resolve legal, regulatory and operational issues.

Our team responds to regulatory requests in an agile and efficient manner, enabling you to drive business growth and innovation.

Our team responds to regulatory requests in an agile and efficient manner

Our Regulatory remediation services

Pro Document Consent

Regulatory Remediation

Assist institutions that require remediation using our proven methodology. Providing remediation with the recipients in mind is critical to evaluating comprehensively the customer impact, sufficiency of the strategy and design, and delivery of a positive customer experience.

Pro Briefcase

Reviews/Monitoring and Testing

Review processes and controls and conduct reviews of accounts or transactions for purposes of identifying control deficiencies and potential exceptions (including customer harm).

Pro Document Stack


We conduct lookback reviews, often manually of transactions, accounts, files, calls and other records for the purposes of identifying potential customer harm and the degree of customer harm.

Pro Building office

Lookback Strategy and Programme Design

Design, execution and validation of lookback reviews and customer remediation by issue management lifecycle elements. We provide actionable steps to effectively address lookback reviews and remediation-related requirements and considerations.

Pro Document Files

Lookback Execution

Carry out end to end strategic, operational and technological aspects of lookback review and customer remediation efforts, including project management, requirement documentation, implementation of tools and procedures, and resources to execute customer remediation

Pro Location Globe

Lookback Validation

Validate customer remediation efforts in accordance with regulatory requirements and expectations. These services range from assisting business-line management, risk management, compliance or internal audit function leaders with their oversight responsibilities to serving in the role of an independent reviewer/monitor....


Our approach

The process to resolve regulatory issues requiring remediation is universally complex.  It requires careful consideration and a clear approach and methodology to demonstrate that all relevant factors are identified and appropriately addressed.  It also demands thoughtful communication with an organisation’s regulators that is not only responsive but practical in its alignment with the operational realities of resolving the issue.

Protiviti offers multiple solutions to our clients related to their regulatory remediation efforts, supported by experienced professionals that have delivered on our proven methodologies powered by data and supportive technologies, including:

  • Developing regulatory responses and effectively managing negotiation of regulatory actions;
  • Self-assessing issues to evaluate the extent of the impact and inform regulatory responses and negotiations;
  • Planning corrective actions, including customer remediation;
  • Testing controls and transactions;
  • Designing and providing resources to execute lookback reviews,  as well as the deployment of enabling workflow-based tools; 
  • Conducting data analytics;
  • Providing oversight of project management activities; and
  • Credibly challenging and validating regulatory responses as well as issue resolution plans and their execution.

We assist clients throughout the lifecycle of a regulatory matter, including  with establishing a governance and risk management framework for managing such matters

By assisting our clients with designing and implementing well-executed governance and risk management processes, we enable our clients to capably identify, resolve, remediate, track and report issues in such a way that not only meets regulatory expectations but more broadly meets the expectations of key stakeholders, including shareholders and importantly, customers and the market.

In facilitating the planning, execution and validation of our clients’ resolution of regulatory matters, including those involving customer remediation, our experienced professionals employ practical, proven methodologies. We help our clients develop and implement regulatory remediation strategies (both simple and complex) that enables appropriate oversight of the response to and resolution of regulatory matters.

To manage the competing priorities of timeliness and thoroughness that clients often face in regulatory remediation efforts, we routinely assist s with developing and managing communications with their regulators.  Leveraging the subject matter experience of our professionals, many of whom have worked as regulators previously, we provide additional perspective to our clients in the development of practical responses that meet regulatory expectations as well as manage business objectives and client experiences.

Our clients benefit also from our subject matter expertise across products, services, and processes (such as mortgage servicing, student lending, and payments), as well as with various regulatory requirements (such as BSA/AML and sanctions and fair and responsible lending), and risk management.  Our professional experience is both broad and deep allowing us to provide clients with unparalleled support in managing the regulatory remediation process.

Our overall goal is to help our clients respond to regulatory issues in an effective and efficient manner, with a focus managing risk, regulatory relations, and customer experience.


Mark Burgess
Mark is a managing director and Protiviti’s risk and compliance solution lead. With over 17 years of risk and regulatory compliance experience in the financial services industry, he has a proven track record delivering deep insights for his clients. Mark has spent a ...
Matt is a managing director in Protiviti Australia’s risk and compliance team and is responsible for leading the delivery of best practice solutions across Protiviti’s key clients. Matt is the national financial services industry lead, also leading the Protiviti ...

Featured insights

Case Studies

Our client, despite an ever-increasing number of consumer remediation initiatives, had no enterprise-wide standards governing how these projects should be managed. Additionally, regulatory reporting around remediation activities was not produced timely or consistently, and no formalised oversight of projects existed. Collectively, these problems prompted regulatory criticism of the program and led to increasing pressure to centralise the management of issues requiring remediation, whether identified internally or by regulators

We were engaged to help the client develop an enterprise-wide consumer remediation program and establish job aids to assist business users in meeting the new requirements. The reporting environment was also analysed to determine how the process could become more robust, informative, and efficient

We assembled a team consisting of regulatory compliance experts and leveraged regulatory guidance, standards, and industry best practices to develop a consumer remediation policy to serve as the cornerstone for the client’s program; job aids were then developed based upon the requirements of the approved policy.

We delivered a comprehensive consumer remediation program, complete with active oversight of in-progress and recently completed projects, job aids to be used by business users, and a set of business requirements to create enhanced reporting (including trend analysis) for management and regulators. The client successfully presented program materials to its regulators to demonstrate progress in consumer remediation practices.  Lead time to produce the quarterly report of remediation activities dropped from over three months to one month. Finally, the presentation of and training on program materials provided to business users was cited by the client’s leadership as the “gold standard” to be used during future program implementations. 

A global financial services company internally identified irregularities around adverse action letters that it had issued to applicants and so engaged us to assist with a formal evaluation of its systems, processes and procedures, identifying potential control weaknesses, and scoping the extent of the customers likely affected by control weaknesses in multiple consumer lending business lines. The client also requested a “look-back” review to identify and remediate affected customers.

We evaluated systems, processes and procedures to identify potential control weaknesses and scope of affected customers within three lending channels. We developed the methodology by which to identify affected customers, review application records, and generate new or revised adverse action notices. Lastly, we managed the review of the affected accounts, including the updates to loan origination systems and generation of new or revised adverse action notices, where appropriate. 

We provided the client with a documented methodology to provide an auditable trail of the scoping and execution of the lookback review, including critical decisions and assumptions, data integrity testing, and reconciliations. We also provide detailed review criteria and decision documents to address identified issues and guide the remediation efforts (both physical file review and data-driven procedures to identify affected applicants). Customers impacted were identified and remediated timely, and by also identifying other related control weaknesses, we enabled our client to make important prospective changes to its control environment. 

A multinational financial services corporation faced regulatory consent orders requiring remediation to affected customers who had purchased multiple types of add-on products. We evaluated the completeness of the client’s remediation strategy, its adherence to the consent order and remediation plans, and manner in which remediation was technically executed and provided to affected customers. 

We credibly challenged the client’s proposed remediation plans prior to submission to the regulators versions by holding walk-through meetings to understand remediation approach, corrective actions, key limitations encountered, and key decisions made, reviewing supporting materials, and evaluating the way the client articulated its remediation strategy for completeness and accuracy.  

After the client received non-objection from its regulators, we reviewed the technical manner in which the client executed its stated remediation strategy, including through re-performance of the client’s data analytics to identify the population of affected customers and calculation of remediation due and transaction testing to validate these processes as well as the way the remediation was provided and serviced. 

During fieldwork, we established regular reporting to senior management and the Boards of Directors regarding our progress and observations. The client received non-objection regarding the remediation plans submitted to its regulators. At the conclusion of our work, we provide the client with a written assessment of the reasonableness, completeness, and consistency of its execution of its remediation plans.