CART Model Risk Project Management
We supported the CART model risk management and model development change management team in project plan execution and reporting and change management, including the alignment of model development plans to existing plans. We were also responsible for execution support of the CART work stream, including monitoring key focus areas, all the way through to completion.
CART Operational Risk
Operational risk change initiatives were put in place to enhance the US Bank Holding Company operational risk policies and processes across third-party risk, BCP/DR, information risk, RCSA, event management,issue management, and reporting. We supported the SAP GRC platform strategic planning and preparations for alignment with the global program for selection of an implementation partner.
Community Reinvestment Act Project Management
In an effort to ensure a satisfactory rating on the 2014-2016 CRA exam period, we implemented a project plan and management process across all CRA efforts. The effort resulted in an enhanced level of coordination and predictability for the CRA projects, an updated CRA dashboard to view CRA low- and moderate-income loans, project execution and executive reporting.
Retail Risk Compliance Governance, QA, Third-Party
We worked closely with first line of defense control teams to define, document, and operationalize document administration, new productand business activities (NPBA), strategic and reputational risk, QAframework and third-party risk, which included the span of vendor identification, onboarding, risk assessment, and termination. The team prepared an inventory of applicable regulatory requirements.
Risk Data Aggregation Analysis
Our program management and analyst support challenged and enhanced the work plan for risk data aggregation and risk reporting (RDARR) regulatory requirements for BCBS 239 (Basel Accord data governance). We delivered a recommended approach for BCBS 239 compliance and the creation of a robust data management environment.
Sales Practices Assessment
We developed, deployed, and executed the overall MRA 4 investigation program - a three-year look-back at customer sales practices within the SBNA CBB division. We developed a risk-based methodology and approach that efficiently and comprehensively reviewed and assessed more than four million accounts for sales practices employee misconduct. Our testing services included more than 30,000 accounts investigated for potential misconduct in a 22-day period.
MRA PMO Support
Program management and analyst support was given to coordinate and manage MRA-related work stream planning, staffing, status and milestone reporting. The role functioned within the change management organization to support key MRA stakeholders who reported to senior management via the existing PMO structure.
IT Information Security Support and Vulnerability Assessment
Our deep technical subject matter expertise supported the bank in the analysis and performance of security reviews of vulnerabilities. We prioritized remediation efforts based on vulnerabilities actively being targeted by malware, ransomware, exploit kits, and threat actors in the wild. We also performed vulnerability notification, triage, and remediation tracking and performed Q&A on vulnerability reports and remediation. We maintained metrics, reporting, and dashboards of vulnerabilities.
AML Quality Assurance Management
The QA testing manager role was part of an AML project, which involved redesigning application interfaces for onboarding systems. The manager worked with stakeholders to develop the program-wide testing scope, approach and testing strategy, as well as supervised the coordination within the SIT and UAT cycle for technology and the LOBs. The QA testing analyst role was also part of the AML project. The QA analyst oversaw day-to-day activities, as well as the creation of UAT plans, test case creation, test case review, and test execution activities.The analyst also contributed to the development of the program-wide test strategy, E2E UAT plan and pilot plan, and prepared daily test management reports and metrics.
We provided senior subject matter experts to determine the implementation approach for an update of the privacy policies for SBNA and SC. The team had the overall responsibility of evaluating and creating the required policy updates, as well as formulating and overseeing the implementation and reporting approach, not to mention coordinating the rollout schedule.
IT Controls Audit
We provided deep technical subject matter experts to support the bank in analysis and performance of internal audit testing, and supply advice on how to improve information security management. Focus areas included:systems development and program change controls, network and firewall security, operating system security and backup, as well as restore and records retention.