What was the challenge?
In late 2017 the Bank of England (the Bank) took over direct delivery of the Clearing House Automated Payment System (CHAPS) and is now fully responsible for managing payment risks system-wide. CHAPS is one of the largest High Value Payment Systems (HVPS) in the world, with a volume of c.200k transactions at a value of c.£320 billion received daily. A new internal function was established to oversee risk management policies and methodologies as an independent challenge to the Bank’s 1stLine of Defence. To transform towards this model and mature end to end risk management practices, the Head of Division commenced a transformation programme in mid 2018.
Moorhouse have been supporting the HVPS Risk Transformation since October 2018 to create and embed end to end risk management ways of working and align to other Bank functions. We joined to provide specific subject expertise in areas including cybersecurity strategy; third party risk management; and risk tooling improvements operating in a complex internal and external stakeholder landscape. As the programme progressed support was later extended to cover Project Management & PMO activity, helping to provide further programme rigour and satisfy the growing stakeholder reporting requests.
How did we help?
We supported the design and implementation of change that would enable end to end risk management. Initially, our PMO team completed a gap analysis of the Risk Management policy that triggered the transformation. This provided clarity on complete and remaining scope, which was then managed with an agreed change control process. This analysis supported the rebaselining of 7 workstream plans with re-affirmed deliverables, these new plans were then governed with a common planning and tracking process that automatically rolled-up summaries for senior level reporting. This was overseen through PMO support, maintaining consistent programme controls across all workstreams and working with staff subject matter leads to provide control around delivery.
Across the workstreams we also:
Implementation (Transition): Worked with BAU teams to design and own the running of a change management approach for the transition of transformation activity delivering into operations in a safe and controlled way.
Cybersecurity Risk: Revised the Cybersecurity strategy paper working with stakeholders to align on expectations.
Cybersecurity Incidents: Built a framework for CHAPS that brought together Bank-wide incident frameworks, increasing their relevance to CHAPS and supporting them in being in a proactive position to respond and recover during an incident.
Third Party Risk: Supported co-ordination of a pilot with a sample of banks on their third-party risks and lead on communication throughout, preparing analysis of responses and highlighting systemically important Critical Service Providers (CSP).
Risk Management Tooling: Delivered a demonstrable Proof of Concept for a new risk management tool, established strong relationships with technology teams and defined a requirement catalogue for a production-ready solution.
Moorhouse have embedded their knowledge into the wider Bank team of specialists and supported the Bank in enhancing its risk management approach:
- Embedded effective assurance over the transformation and BAU transition, interfaced across the organisation to support scope sign off, clarified remaining work to be delivered BAU and reaffirmed deliverables.
- Completed a pilot exercise with participant banks to surface their third-party risk exposure, our analysed findings have led to the creation of a plan to develop a tool that will support the thematic analysis of risks going forwards.
- Surfaced insight that will support the client in making a decision on next steps on their risk management tooling solution with a robust set of requirements aligned to their Target Operating Model.
- Embedded a robust transition approach that has been tested with early deliverables successfully handed over to BAU.
- Provided the client Transformation Lead with the capacity to focus on the more strategic challenges and priorities facing the Programme.
For more information please email firstname.lastname@example.org