The next leap in systematic integrity risk analysis | Regulatory Risk | Deloitte Netherlands

Blog

The next leap in systematic integrity risk analysis

SIRA as a strategic tool

Integrity risks in financial services are rapidly evolving. The regulatory and business environments have become more volatile and unpredictable. In this five-part blog series on Systematic Integrity Risk Analysis (SIRA), we guide you through the latest developments in the field of integrity risks. Focusing on the strategic use of SIRA and the new insights this will provide your organization.

By Manon van Bakel en Sebastiaan van der Weide

The right approach

From paper construct to positive boost: efficiently employing SIRA in your organization

With the right approach SIRA can be an effective strategic tool instead of an administrative burden. But what is the right approach? That is what this blog series is about.

Systematic integrity risk analyses (SIRAs) have been an important focus area of the Dutch Central Bank (DNB) since 2015. In a recent outlook DNB stated that it too often sees "discrepancies between paper SIRAs and institutions' day-to-day ethical operational management and their enactment of the gatekeeper role." DNB found, for example, that several banks don’t include integrity risks as a result of organizational changes in their SIRA, while they are required to do so.

As a result of its findings DNB intends to "closely scrutinise how institutions put the outcome of their SIRA into practice in terms of the risk assessments that they make and the risk controls that they implement." The central bank will review documentation, such as the most recent SIRAs, and perform on-site research to assess the actual effectiveness of the risk and control framework.

SIRA as a box ticking exercise

In the past few years organizations invented more controls for the range of integrity risks and seemed to implement SIRA as a box ticking exercise. But if you perceive SIRA like that, you miss its point. If approached properly, SIRA can be an effective strategic tool that will help you to safeguard your ethical operational management and to prevent you from inadvertent involvement in financial and economic crime.

SIRA can further be utilized for short- and long-term value creation and for a risk-based approach for other processes such as transaction monitoring, first and second line monitoring and control testing.

Four steps for using SIRA as a strategic tool

In this blog series we will dive deeper into using SIRA as an effective strategic tool and explain what steps you should take to use it as such. The first step is to thoroughly define your integrity risk appetite. Only having an overarching risk appetite is insufficient; you have to define precisely which risks you are not willing to take. Risk appetite defined in both a qualitative and quantitative sense is the foundation of SIRA as a value-adding strategic mechanism.

A data driven approach consisting of proper data management and high-quality data is crucial if you want to use SIRA effectively for strategic decision making. To avoid the scoring of risks soly based on professional judgement, data should have a supportive role in objectively scoring your integrity risks. This data is both internal and external data—e.g. industry developments, regulatory changes, future trends.

The ultimate goal should be a real-time monitoring dashboard that is accessible to all relevant stakeholders. That dashboard gives you (and them) a comprehensive overview of significant changes in data, residual integrity risks, control effectiveness and additional necessary mitigating measures. This allows you to improve your strategic and risk-based decision making.

This brings us to the final—though never really final —step of SIRA: continuous improvement. Output of a SIRA should be the input for every subsequent SIRA. This ensures that lessons learned are taken into account at every next step of development and that the systematic aspect of SIRA is embedded into your organization.

Start now

Following these steps will bring your SIRA to a higher maturity level with a more comprehensive scope. Then SIRA will give you insight into a broader range of integrity risks than ever before; it will help you improve your compliance risk management activities and to gain more insight into the characteristics of your organization.

SIRA can help you to address all the challenges that are presented by the rapidly changing financial market and regulatory landscape. So what are you still waiting for?

In our next blog we will dive deeper into defining your risk appetite. Deloitte developed a SIRA methodology that can help your organization to use SIRA as an effective strategic tool. Want to know more? Please download the brochure.

SIRA: clear insight into your integrity risks

More information?

For more information please contact our experts via their contact details below.

Did you find this useful?