intelligent risk management & compliance cost reduction creating a sustainable risk and...

Intelligent Risk Management & Compliance Cost Reduction

Creating a sustainable risk and compliance organization while reducing inefficiency and improving effectiveness

Informational Presentation for Our ClientsAugust 2008

PricewaterhouseCoopers2


Table of contents

Section Page

1 Point of view 3

2 Current situation 5

3 Regulatory considerations 10

4 A framework for response 12

5 Competitive intelligence 15

6 Case studies 17



Section 1Point of view• It is possible to significantly improve risk management and compliance effectiveness and lower costs – This

may seem counterintuitive, but rationalizing the organizational structures, eliminating duplication and applying common sense generally leads to operational process improvements which result in better risk and compliance information at a lower cost.

• The last decade has seen an unprecedented increase in risk management spend – The functions that make up the risk management and compliance activities of firms have grown well beyond revenue and inflation rates, often times without demonstrable increased value to the organization. These functions have evolved largely independently from each other, leading to multiple organizations, risk universes, assessment methodologies, compliance activities and testing regimes.

• The costs of the risk management and compliance functions themselves are only a fraction of the true cost of risk and compliance activities – The true cost of implementation of the compliance and risk activities in the front, middle and back office processes is generally multiple times the cost of the risk management, audit and compliance departments themselves. We are seeing a consistent trend where simplification and reduction efforts in these functions lead to business efficiencies as well.

• The credit crisis has caused deep reflection as to the effectiveness of risk management & compliance in its current form – The Financial Markets disruption has created inter-related challenges for companies- e.g. valuations and risk, dealing with investigations and disputes, developing proper liquidity management capability, capital adequacy, dealing with regulatory oversight. Many organizations are now re-considering everything from organization, governance, roles, level of review, reporting and the like. Our conversation with the regulators has only reinforced the view that they are expecting significant changes. The challenge is how to enact those “changes” without triggering a new cost spiral.

• Moving quickly is imperative – There are two significant reasons to act quickly and intelligently in this area. First, there is a heightened regulatory focus on the horizon in the aftermath of the sub-prime crisis. If this sharpened focus occurs, it could translate into greater scrutiny of risk management functions and more difficulty in making meaningful efficiency gains in cost structures, organizations and approaches. Secondly, as financial institutions approach their next budget cycle, there is greater pressure for freezes or reductions in GRC costs while the responsibility and prominence of those functions has generally been increased over the last year. Both of these factors argue for moving quickly and decisively.



Section 1Point of view• A fundamental re-think of the existing frameworks is needed – This is a difficult challenge. Risk and compliance

are historically areas where cost cutting has not taken place. This is primarily due to increasing regulation (most recently largely SOX and AML rules) and fear of compliance and risk issues if cuts were made too deep. In other words, the risk/reward of reducing risk and compliance headcount and spending was heavily weighted to maintaining status quo. The increasing cost and demands on the business associated with these areas along with the recent risk management failures in the marketplace are causing financial institutions to fundamentally re-think their existing models and contemplate fundamental change.

• Financial institutions are beginning to organize around a core of common principles as opposed to the existing silos – A number of our clients have begun to move in this direction. Several have created common testing utilities, consolidated risk assessment methodologies and are moving towards rationalizing risk control self assessment processes and tools. More recently, the credit crisis has caused several institutions to take more radical actions such as moving towards integration of the credit and market risk functions.

• Progress is being made through agreement on these principles, alignment of the organization and the execution of pragmatic, incremental steps – Once the principles are agreed and the organizational roles clearly defined, the definition of specific simplification and cost reduction efforts around risk assessment, testing, planning, reporting and the like are the key to making consistent, sustainable progress.

• Technology is emerging as a key enabler – We are seeing technology being leveraged to reduce cost, enhance risk information access and improve efficiency in such diverse areas as legal discovery, risk control self-assessment efficiency, compliance monitoring, risk reporting/dashboards, AML alert filtering and other core risk and compliance functions.

• Modern sourcing practices for risk and compliance services are being applied to reduce costs – Leading firms are expanding their sourcing options for 3rd party specialized skills to assist audit, risk and compliance functions in efficiently and executing their roles. Routine risk management activities such as compliance audits, external information risk assessments, surveillance monitoring lookbacks, security reviews and the like are increasingly being outsourced to third-party providers with proper supervision.

• Where successful, senior management has committed to this new way of thinking and the accompanying cultural changes – The resistance to change in many institutions is strong. We have seen both successful and unsuccessful efforts in this area. The common thread in the successful clients has been the consistent commitment of senior management to make the tough decisions and articulate their program and the rationale behind it to employees, the board and regulators.



Section 2Current situation

Accelerating rate of change and complexity

• Sophisticated products, unfamiliar markets and unprecedented volatility• Rapid technological advances• Accelerated rate and volume of change demands increased flexibility and anticipation• New risk and accounting standards (Basel 2, fair value accounting)

Increased regulatory oversight and uncertainty surrounding future regulatory landscape

• Regulatory implications stemming from the Senior Supervisors Group observations on the financial markets disruptions of 2007-8, and the 2008 Treasury Blueprint

• Uncertainty on how to effectively relate to the 3 core regulatory objectives- market stability, safety and soundness, customer protection

• Big focus on managing liquidity risk more completely and effectively• Fed regulation of investment banks, potential of additional regulation• Focus on trading markets exposure and the possibility of internal fraud• Increased number of relevant regulatory regimes for global institutions• Likelihood of rise in enforcement activities and litigation

Increased visibility and demands for transparency

• Stakeholders learn about unmanaged risk almost immediately (credit crisis, trading breakdowns)• Management has little time to remedy the impact of a risk management failure• Greater disclosure to the market relative to practices• Places a premium on the ability to proactively identify, evaluate and manage risks

Most C-level executives face a dilemma which can be characterized by increasing change, oversight, and transparency




Companies have historically responded by instituting independent governance risk & compliance (GRC) oversight functions and committees

Increasing stakeholder demands

+Expansion of Risk and Control Oversight Functions

+Expanding Risks, Laws and Regulations

=• Business Fatigue• Lack of coordination• Duplicate efforts• Risks falling through

the cracks• Competition

for attention

FSGPrivacy Info Sec.Anti-Fraud BCPSOX CreditAML FCPA Op Risk

Business Unit

Shareholder The Board CommunityRatingAgencies

Others

Internal AuditComplianceRisk MgmtFinanceLegalIT




Financial institutions are realizing that they cannot sustain this ineffective and costly approach to managing risks

• AMR Research estimates that in 2008 organizations will top $32 billion on compliance spend• Many of our financial services clients are reporting greater than 20% increase in overall costs, with an average of 16%

per year1

• Most clients are reporting that they cannot cost effectively sustain this approach• Others are concerned about the impact that future growth will have on an already fractured system • Siloed approach is impeding standardization, scalability and speed to market• Sub-prime crisis and many “lessons learned” reviews that firms have undertaken have highlighted the inadequacy of

the current approach at many firms in terms of organization, reporting lines, risk appetite, risk monitoring and overall infrastructure

• In the current environment, new regulation is inevitable and this will carry additional cost as well

Integration and rationalization of GRC functions is necessary to avoid another cost spiral and to seize future business opportunities and cost effectively manage new risks and compliance obligations

1Financial Services Finance Executives Forum survey (2007)




What some of our financial institution clients are experiencing

Stakeholders GRC Challenges

Board & Audit Committee

• Difficulty in exercising their role of effective oversight into corporation’s risks

• Lack of visibility into potential landmines• Difficulty in understanding breadth and implications of regulatory

expectations

Senior Management • Lack of a consistent or defined view on the level of risk the company is willing to accept

• Need better information and articulation of critical emerging risks and control issues

• Current risk information not sufficient to be a key factor in driving key corporate decisions

Risk and Compliance Leadership

• Multiple and/or uncoordinated risk/control assessments • Independent GRC oversight functions and committees, each focused on a

specific GRC challenge

• Difficulty in responding to the next regulation in a coordinated fashion




What some of our financial institution clients are experiencing

Stakeholders GRC Challenges

Business Unit Management

• Business often views risk management as a bureaucracy that provides limited insight or tools

• Experiencing “assessment fatigue”, and is distracted from its core revenue

generating activities • Suffering losses or breakdowns in controls but feels like they spend a lot

of money to identify and prevent breakdowns• High volume/complexity of management reports that don’t distill what’s

important• Business has only informal or ad hoc approaches to managing risk• Previous cost cutting actions have often been “slash and burn” headcount

reductions that are reversed when the growth cycle returns

Internal Audit • Businesses that feel over-audited or that audit focuses on the wrong areas • Disjointed remediation and tracking of issues • Lack of automated controls and/or too much time spent on evidence

collection• Risk and compliance information not suitable for driving intervention• Challenges in proper internal valuation and validation of securities &

portfolios



Section 3Regulatory considerations

In our interactions with regulators and our clients, it is clear that the regulatory backlash to the sub-prime crisis is building and that this will have negative implications in a number of areas, including the cost structures of risk and compliance functions. These negative consequences will likely show up in areas such as increased reporting, more focused supervisory exams, more critical reports, findings and mandates for remediation. There is also likely to be a rise in enforcement actions and litigation. There has been a stronger focus on sound and internally coordinated enterprise risk management practices (particularly those put forward by the Senior Supervisory Group and the BIS).

In this environment, real operational process improvements that result in better information on risk and compliance profiles should also result in cost reduction if carried out intelligently. Cost reduction should be a by-product, not the primary goal.

Some Key Implications

More regulation, greater regulatory scrutiny and costs are coming

Financial institutions will need to deal with these challenges in the backdrop of very difficult economic times and severe pressure for cost cutting, notwithstanding the substantial risk management challenges that must be managed on a day-to-day basis for the foreseeable future. Any attempts to cut costs will need to be made in a careful manner,

Much better enterprise risk oversight will be required

Regulators will expect a unified view of the major risks facing the enterprise. They are starting to ask for evidence that the Board, Senior Management, and risk and control functions have similar views of the core enterprise risks facing the organization, and a unified mechanism for determining internal capital adequacy.

Accountability for specific compliance mandates can not be delegated

Regulators will encourage efforts to integrate, but will expect individual control functions to perform their expected role- for example, AML assessments need to produce specific information on AML risks



Section 3Regulatory considerations

Some Key Implications

Greatly expanded supervision of liquidity risk management

The June, 2008 BIS guidance has expanded the supervisory powers over liquidity risk management. To limit the damage liquidity shortfall can have, on individual companies and systemically, a more integrated framework consisting of tolerance, risk identification, stress testing, reporting and disclosure will be necessary at each financial institution.

More compliance training will be expected

The regulatory expectation of across-the-board awareness of risk will require a great deal more spend on employee training, especially on compliance related issues

Global organizations are expected to have similar approaches to risk management across their entire organization

Home regulators will expect head office to lead globally, and demonstrate an affinity for local rules interpretations

The race is on

Firms will be held up to the best practices of their competitors- in other words, the bar is going up for demonstrating leading practice

An integrated regulatory model will be supportive of an integrated GRC model

A move towards a more integrated objectives-based regulatory scheme in the US would be supportive of integrating risk and compliance activity with an approach that focuses on results and core principles.



Section 4A framework for response

Core GRC principles

• Objective setting• Risk appetite and tolerance• Roles and responsibilities• Policies and standards• Risk and control assessment• Issues management and remediation• Monitoring• Testing• Reporting and Analytics• Communication and training

We recommend using a Principles-Based Approach to analyze alternatives to integrating Governance, Risk and Compliance functions (iGRC)

Advantages of using a principles-based approach:• Establishes a common understanding of risk across the

organization (e.g. business units, control functions, risk oversight functions, senior management, the board)

• Anchoring around principles allows the organization to focus on the core set of practices and utilities needed rather than organizational silos

• Focuses management attention on what needs to be done rather than on who reports on it or where it occurs

• Helps ensure business effectiveness, regardless of the function, risk or regulation being addressed

• Better aligns with regulatory focus on objectives-based approach




Take an incremental, pragmatic approach to identifying improvement (quick wins) within an integrated frameworkGovernance – Provides leadership, consistency and accountability over the entire process. Critical roles (e.g. Internal Audit) are preserved as centers of excellence leveraging shared processes to drive greater effectiveness and efficiency.

Technology

Analysis & Reporting

Governance

Technology – Supports the entire framework, creating process efficiency and more effective data management and reporting.

Foundational Components Form the basic reference data and standards/methodologies used by all participants in the process.

Analysis & Reporting Metrics-based information enabling effective management response.

Core GRC principles

FoundationalComponents

Objective setting

Risk appetite and tolerance

Testing

Issues management and remediation

Communications and Training

Policies and standards

Roles and responsibilities

Risk and control assessment

Monitoring

Reporting and Analytics

Common Language

Common Organizational View

Methodologies

Data Aggregation

Data Analysis

Data Presentation




Look for improvements along three practical avenues…

Three approaches Questions to ask

• Have you identified the unique and distinct mandate for each oversight function?

• Have you aligned your risk assessments to specific business objectives?

• Do you have a standardized way of approaching the requirements of new regulation?

• Do you know the full costs of each oversight function? Or, of each core GRC principle (e.g. risk reporting)?

• Does the organization have a consistent language and taxonomy of risk descriptions/libraries ?

• Are there multiple and distinct issues and control deficiency repositories?

• Has the organization conducted an inventory of its risk and control assessments?

• Does senior management have concise documentation of its top risks, and identified risk ownership among business leaders?

• Can the business align its risk profile against acceptable risk tolerances?

• Can business leadership justify its spend on controls, or show that the spend has reduced control failure?

Integrate within an oversight function

Integrate across oversight functions

Integrate within and across business units



Section 5Competitive intelligence

We are seeing some sophisticated financial institutions making advances in integrating their risk management and compliance activities.

Examples of recent responses

Core GRC Principles Financial Institution A Financial Institution B Financial Institution C

Risk appetite and tolerance Implementing a shared risk language anchored in policies

Developing a risk tolerance model for multiple risk classes

Roles and Responsibilities Created a costing model to evaluate and limit multiple responsibilities for CSA

Established a Risk Governance structure Developed a Risk & Compliance Council to tackle common issues

Policies and Standards Streamlined corporate policies and procedures framework

Risk and Control Assessment

Rationalized 15-20 separate risk assessments under a common platform and process

Developed one risk assessment standard and methodology for consistent scoring across multiple assessments

Issues management and remediation

Developed a shared issues repository for audit and risk issues

Integrated deficiency databases and created a standard reporting mechanism

Centralized issues tracking and exceptions management process

Monitoring Implemented global lower-cost monitoring hubs on a shared services basis

Unified monitoring of compliance action plans

Developed KRI across all businesses with Op Risk’s sponsorship

Testing Developing a central testing utility for financial and audit controls

Integrated independent testing/validation processes, technologies and repositories

A testing “czar” has been appointed for RCSA, Audit and AML

Reporting and Analytics Mining data through electronic discovery tools for Regulatory reporting, investigations into subprinme, etc.

Created a dashboard of multiple assessments across all BUs

Risk dashboard with a common set of compliance and risk analytics

Communication and Training

Shared compliance and risk-awareness training program



Section 5Competitive intelligence

Benefit Value Proposition Examples

Cost Control Less spend on risk, compliance and control activities.

After an initial phased investment, one institution is estimating an estimated 10-20% reduction in spend in 2009

Example: Establish a standard BU risk assessment methodology that integrates several assessments (SOX, business continuity, vendor mgmt, new product, model validation), creating risk reporting across enterprise, with a practice view to meet regulatory requirements

Improved Business Leverage

Reduced process fatigue due to coordinated activities by control groups.

Business freed up to focus on revenue-enhancement.

Example: Businesses will be assessed a minimal number of times by the internal risk, compliance and control groups. Results in higher quality input and more time to spend on revenue generating activities.

Better Coordination Control functions and business risk management improve their coordination and sharing of information

Better able to focus their joint efforts on the areas of most critical risks

Example: A metrics-driven control health check of individual businesses will be the product of a coordinated effort that provides an improved ability to focus resources where risk and control concerns exist.

Improved Regulatory Response

Positions a better response to regulatory expectations of a broader analytical underpinning for risk assessment, monitoring and capital adequacy activities

Example: The risk impact of a new regulation (e.g. identity theft red flags rule) was better evaluated by reviewing output from existing BU assessments, and incorporating into subsequent risk reviews

Better Visibility into Risk/Control Effectiveness

Senior management will have better information and articulation of critical emerging risks and control issues

Example: Implementing risk reporting which integrates data across all key control groups linked to critical risks will provide a consolidated view of risk for management.



Section 6 – Case studiesLeading U.S. global financial institution

Consolidation of AML risk monitoring activities through the use of outsourcing and global hubs

Critical client issues• The client was undergoing

persistent difficulty in maintaining consistent and adequate AML monitoring practices, and was facing regulatory concerns about its insufficient monitoring filters and compromised data integrity. Additionally, after conducting an internal study, the financial institution found that the cost of running its AML monitoring service in the United States was significantly higher than if it were placed in locations with lower labor costs in Europe and Asia.

PwC approach: The scope of our work included• Worked with the financial institution to replace its current single-filter AML monitoring

process with three scenario filters to improve the ability to identify suspicious transactions.

• Moved the AML monitoring process to interim hubs in London and Hong Kong where the team focused on the proactive reengineering of processes and procedures that would result in more sophisticated AML monitoring and reduce the effort and cost required to identify and analyze issues.

• Analyzed 12 months of historical data against the three scenario filters to address regulatory requirements and determine whether any transactions in this timeframe were suspect. Worked with the financial institution to develop a consistent monitoring approach, processes and procedures to deploy to the strategic hubs.

• Added additional countries and an additional five filters to the monitoring process, bringing the total scenarios to eight. The advanced AML monitoring process was migrated to the two strategic global hubs.

Client results/benefits: The client realized approximately 60 percent labor savings in unit cost by relocating its AML monitoring processes to lower-cost labor jurisdictions. Additionally, the hub approach reduced the cycle times required to respond to issues.• Helped the financial institution create two strategic AML monitoring hubs,

including building processes and procedures, hiring and training more than 60 new resources and management, cleansing data feeds, and testing and debugging new monitoring protocols.

• Lower-cost hubs were created on a shared-services basis to provide AML monitoring services to all non-US countries where the financial institution conducts business.



Section 6 – Case studiesLeading investment bank

Lowering the cost of internal investigations through use of electronic discovery techniques

Critical client issues• Our client was facing a

government investigation in connection with the packaging and selling of subprime mortgages.

• Our client’s challenge is to gather and analyze historical information obtained from various sources relating to the attributes of the underlying mortgages, included in several securitizations, and to respond to the regulatory officials in a robust and objective manner.

PwC approach: The scope of our work includes• Implementation of electronic discovery tools and interrogation techniques into client

communication records, e-mail, and archived documents to respond to regulatory requests regarding:- The manner in which investment banks evaluated the credit quality of mortgages

before they were purchased, securitized and subsequently sold to investors;- The relationships between mortgage originators, third-party due-diligence firms,

credit rating agencies and brokerage firms; and- The disclosures made by investment banks to investors and rating agencies about

the risks associated with the underlying mortgages.

• Focus on leveraging advanced electronic discovery tools for searching and archiving to reduce the cost and effort of responding to complex regulatory requests in an appropriate manner and time frame.

Client results/benefits: Through the use of levered discovery tools and techniques, the client will be able to more efficiently and accurately respond to regulatory requests for data and information.• Cost savings are realized by eliminating duplicate efforts, reducing data

redundancies, and enhancing the regulatory discovery and response process in a more efficient manner, utilizing far fewer manual processes and improved use of advanced technologies.

• There is now a dramatic improvement in the consistency of data retrieval, and a far quicker response to sensitive regulatory requests.



Section 6 – Case studiesTop ten US bank

Cost reduction actions through targeted integration of Governance, Risk and Compliance Activities

Critical client issues• The client was seeking to

review its corporate governance, risk and compliance related activities and assess cross-functional efficiency and effectiveness opportunities, which senior management believed could be derived through greater cross-functional leverage, clarity in roles and responsibilities and common understanding of risk tolerance.

PwC approach: The scope of our work included• Facilitated completion of our iGRC principles based framework and proprietary

diagnostics to assess the People, Process, Technology and Information used to execute around 10 common risk principles. Please refer to Section 4 for the core GRC principles.

• Captured the costs for each function relative to each of the 10 principles. We analyzed the activities of each function across the 10 principles and 4 efficiency levers and documented the current state or risk governance across all functions and business units.

• Identified opportunities for greater efficiency and leverage, role clarity and common understanding of risk tolerance. We then developed actions plans, timelines and business cases for each initiative.

Client results/benefits: By applying the iGRC framework and methodology, the client was able to identify action plans for achieving key project objectives of common language, efficiency and role clarity• The iGRC framework and methodology helped the client identify $15-30 million in

potential annual cost reductions and agree high-level action plans and business cases for pursuing integration improvement opportunities with respect to RCSA, Issues Management, Risk Tolerance and Risk Governance.



Section 6 – Case studiesTop three global bank

Consolidation of multiple Risk and Control Self-Assessment Processes

Critical client issues• The client sought to enhance

the risk and control self-assessment (RCSA) process throughout its various business sectors around the globe to reduce the touch-points to the business and improve oversight and control over the process. This required a realignment of the people, process, technology and information involved across the 17 independent RCSA processes currently in place, covering Global Operational Risk, Sarbanes-Oxley Section 302 and 404 (SOX), all other regulatory reporting requirements required by business lines globally.

PwC approach: The scope of our work included• Application of the iGRC methodology and approached the project in three

phases, assessment of current state, design of future state, implementation planning and support.

• Leveraging our deep technical and functional expertise to help the client define the opportunities for integration, develop a desired end-state process for RCSA, define the functional specifications for a technology solution, develop and roll out communications and training to facilitate transition to the new integrated solution.

• Supporting a process and cost optimization initiative through the realization of the benefits of a streamlined process and optimized use of resources.

Client results/benefits: This project is still underway today. As a result of this engagement, it is expected that the client will have achieved• Efficiency gains in the use of corporate and business unit resources in the RCSA

process that will result in projected savings of $10 to $15 million annually resulting from elimination of systems and resources post implementation.

• Greater governance and control over the operational risk process• Improved ability and speed to follow-up and resolve risk and control issues • Increased optimization of controls.



Section 6 – Case studiesGlobal financial institution

ERM Framework Establishment

Critical client issues• The client sought to

establish an Enterprise Risk Management (ERM) capability for a large and growing part of their business in order to better drive efficiency, eliminate duplication, and improve visibility and management across their key risks and controls.

PwC approach• We used a principles-based approach to help the client identify an improved and

refined ERM framework and gain visibility into how the firm was addressing its key risk and control activities.

• We identified the current ERM activities being performed by the various risk and control functions, including risk identification, control testing and risk reporting.

• We made recommendations for improving their practices, eliminating duplication and addressing weak points, and in addition, helped management perform a high level assessment of risks and control effectiveness to get a first look at key issues.

Client results/benefits• The development of the ERM framework helped the client’s key control functions and

business risk management improve their coordination and sharing of information.• This work helped management identify areas of control redundancy and identify gaps

in key ERM activities that needed improvement.• The client obtained a better ability to focus their joint efforts on the business’ top risks,

and a more unified methodology for reporting on risks to the board and senior management.



Section 6 – Case studiesMajor investment bank

Developing an integrated risk management and control process across multiple control functions

Critical client issues• The client wished to design a

standard process to improve coordination and activities among control functions, e.g. Compliance, Audit, SOX and Operational Risk and to standardize interaction with the businesses

PwC approach• Leverage the PwC iGRC framework to:

a. Gain an understanding of the current activities performed by several control functions and benchmark against industry practice;

b. Design a common process for conducting the firm’s risk management activities in a more streamlined and coordinated fashion; and

c. Suggest alternatives for supporting technology and a single information repository.

Client results/benefits• This work helped management work towards creating optimized risk and control

assessments, a single, unified language for risks and controls, and fewer business touchpoints

• The work led to better informed, and risk-based, audit plans with a heavier emphasis on risk-based approach to enterprise risks. The firm anticipates the ability to reduce the time and effort required to conduct internal audits in subsequent cycles.

• Design of a uniform issues repository with a consistent approach for approaching issues tracking and remediation, replacing multiple repositories that require redundant time and effort from the control teams.

• Develop the business requirements necessary to house risk and control information in one uniform technology for compliance, operational risk and audit data.



Section 6 – Case studiesMajor investment bank

Developing an outsourced model to support the Control Room trade monitoring and surveillance function

Critical client issues• To remediate certain issues

included in a regulatory settlement, the client agreed to conduct a retrospective review of hundreds of thousands of trades in certain employee and employee-related accounts. The review was designed to identify the potential misuse of material non-public information (MNPI). PwC designed a delivery model for the statistical selection, analysis, and reporting of the transactions subject to review. The overall costs of the project were efficiently managed through the use of a blended pool of off-shore and on-shore resources.

PwC approach• Assembled an integrated team of off-shore and on-shore resources to perform the

Control Room surveillance function on a retrospective basis. • Developed a statistically sound and automated filtering process to remove

transactions or positions that were highly unlikely to be indicative of the misuse of material non-public information (MNPI).

• Executed an automated process to identify and review transactions and trades, and used PwC’s proprietary case management tool to efficiently analyze, document, track and report on the progress and findings from the case reviews.

Client results/benefits• Provided management with a sound and reliable selection and review process that

would withstand the scrutiny of the regulatory authorities.• Assisted client by efficiently performing and reporting the results of the case reviews

and, where necessary, escalating transactions for further consideration. • Utilized PwC’s proprietary case management tools to provide real time assessments of

progress and findings. • Managed the overall costs of the project through the use of an off-shore and on-shore

service delivery model.



For further information, please contact

John Garvey [email protected]

646-471-2422

Paul Mokdessi [email protected]

312-298-3347

Miles Everson [email protected]

646-471-8620

Dennis Chesley [email protected]

646-471-4009

www.pwc.com© 2008 PricewaterhouseCoopers LLP. All rights reserved. "PricewaterhouseCoopers" refers to PricewaterhouseCoopers LLP or, as the context requires, the PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and independent legal entity.

The information contained in this document is provided 'as is', for general guidance on matters of interest only. PricewaterhouseCoopers is not herein engaged in rendering legal, accounting, tax, or other professional advice and services. Before making any decision or taking any action, you should consult a competent professional adviser.