under the direction of a dedicated Remediation Program Manager and the establishment of an 11-pillar

framework that contains elements from the FRB SR08-08 policy statements to support a comprehensive

approach to sustainability within the areas of risk management, data quality, and compliance oversight, along

The methods employed to develop an effective program to remediate regulatory compliance issues included the

use of a risk-based triage approach to the prioritization of compliance issues, advanced data analytics to conduct

root cause analysis on unresolved issues, and the implementation of a hybrid execution model that employed

both Agile and Waterfall methodologies, which resulted in the significant reduction of issues associated with

high-risk areas of exposure and improved closure rates. By 2018, the banks had remediated all outstanding

regulatory orders from both the FRB and OCC preventing the imposition of substantial fines and ensuring

As major global financial institutions, these banks play an integral role in the world economy through its

extensive scope and variety of financial products. Throughout history, the stability of the bank's practices and

risk management policies has helped humankind through many financial crises, including 2008 and many of the

challenges created by the COVID-19 pandemic. The bank have been designated by the Financial Stability Board

(FSB) and the Basel Committee on Banking Supervision (BCBS) as the Top Three G-SIBs, meaning that it is

critical for preventing systemic financial contagion. Because these operates in various sectors, the bank have to

manage highly diverse and complex portfolios, so any regulatory issues will affect many other financial

institutions as well. Therefore, the continued adaptation of compliance frameworks and risk control processes

during the ongoing impacts related to COVID-19, and the manner in which the Bank's effective risk management

has positively impacted the economy's overall recovery efforts. To continue addressing operational risks through

compliance with G-SIB requirements, the Bank will need to maintain increased capital buffers and superior risk

governance practices, to ensure continued compliance with all relevant regulatory authorities (including the Bank

Secrecy Act). Therefore, for both the Bank and the financial services sector in general, ongoing development of

As of the beginning of 2010, all G-SIBs were subject to increased oversight by US regulatory authorities

(including the Federal Reserve and OCC). Some examples of this increased scrutiny have included Citigroup's

2013 Consent Order for violating anti-money laundering requirements, which was resolved in 2011, and

JPMorgan Chase's related penalty that was resolved in 2025. Along with citigroup's recent 2020 order requiring

The Remediation Program Manager led a comprehensive programme to facilitate the completion of the Bank's

consent orders from the OCC and FRB, similar to Citigroup's programme between 2013 and 2020 that addressed

enhancements and improvements to the Anti-Money Laundering (AML) and Risk functions of their business.

Key characteristics of the programme included targeted fixes of compliance-related items, the use of analytics

for data quality improvements that were similar in nature to Wells Fargo's remediating initiatives, and the

establishment of monitoring systems that are intended to ensure continued compliance, similar to JPMorgan's

enhancement of their internal controls. The position required multiple disciplines to work together to coordinate

with different constituencies including senior management and regulatory compliance teams, so that gaps

identified could be remediated properly and closure could be attained and be sustainable with regard to

practice remediation that was similar in nature to Wells Fargo's 2016 OCC requirements; a Compliance Specialist

directed a large-scale effort to validate millions of accounts, resulting in a resolution of non-compliance and

establishing preventative controls. Finally, the establishment of internal control improvements similar in nature

to JPMorgan's 2011-2015 actions was accomplished by directing IT and Data Team members to develop and

implement real-time Risk Dashboards as a means to track commitments and provide assurance against recurrence

The structure of the remediation programme was setup as eleven governance pillars that accounted for all aspects

of regulatory compliance from criticism through to integration of sustainable controls the expectation of the

enterprise was that all regulatory expectations would be clearly articulated, managed and monitored. The eleven

pillars cover the governance, compliance risk management, policies, data reporting, technology, monitoring,

Regulatory Compliance. Each significant regulatory gap was clearly defined for each Pillar, with Defined

Milestones and Metrics Established to Track Remediation Commitments Linked to the Elements of the SR08-

08 The remediation programme used data analytics driven methods and structured project management to

The primary focus of the project was to use advanced data analytics to identify root causes and confirm the

findings of the data analysing methodology with a view to decreasing the number of False Positives for AML

via transaction profiling an agile and waterfall project management approach was embraced by the project to

combine waterfall milestones for regulatory reporting with agile sprints for rapid prototyping. Systemic control

analysis was performed to improve preventative controls using mature assessment in alignment with the OCC

heightened standards and focus on regulatory gap analysis that disassembled consent orders to align over 500 of

the commitments with elements of FRB SR08-08, and to bring together Stakeholders Associated to Resource

displays strategic approaches to address these challenges such as hybrid project management and data analytics

and the practical elements chronicled in the article and will demonstrate that compliance gaps which exist are

similar to g-sibs in years prior to 2022 so clearly this article will provide valuable insight on how to manage

developing a centralized findings management system can create an environment of accountability and enable

In addition, The Bridgeforce Guide also emphasizes the need for sufficient resources to consolidate large

volumes of initial data and use that initial data as a foundation for developing additional data-management

solutions through the use of ongoing analysis to support regulatory compliance against future strategic plans.

Deloitte has outlined initiatives that provide the foundation for integrated risk management as well as a

framework for enhanced scalability and sustained regulatory trust through the utilization of a three-pillar

One significant aspect of implementing integrated regulatory/performance management solutions through the

framework of the Three-Pillar model may entail advanced auditing technology and methods, which in turn may

focus on the importance of establishing a governing framework with established governance principles/standards

and a principles-based approach to remediation; however, it lacks sufficient quantifiable quality measures as

well as legal compliance regarding the level of intensity of enforcement of the principles and standards.

Collectively, these resources highlight the critical roles that governance, analytics, and sustainability play in the

The KPMG whitepaper highlights design standards that give flexibility to the remediation process and promote

equitable outcomes, thus enhancing trust. However, it cautions that the increased variety of designs or methods

can lead to a greater potential for legal liability and that there is a limited number of ways to measure success.

The BIS working document takes [7] a retrospective view of the modified regulatory environment following the

financial crisis, offers evidence for the sustainability of these reforms based on the use of data, and provides

thoughtful criticism of regulatory policy and the lack of tools that translate to operational metrics. Both

documents point to the principles that all stakeholders will need to work collectively and jointly validate changes

to establish trust and support consistency among the principles of good governance in the design of risk analytics

to develop compliant regulatory frameworks. Further information can be found on the Journal of Financial

The white paper provides alternative approaches and techniques for financial services remediation models. It

provides insight into how leading firms like MV Solutions, McKinsey, KPMG and Protiviti have designed their

The MV Solutions approach focuses on developing standardized procedures for how customers and regulators

McKinsey model utilizes analytics for customer tiered analyses (risk grouping) and backlog prioritization by

analyzing users, allowing them to significantly reduce their time spent on remediation and increase customer

satisfaction through the best use of human capital. However, the McKinsey model requires complete, accurate

KPMG outlines five core principles for effective remediation by stressing timeliness and customer-centricity in

designing and implementing effective remediation solutions, with the addition of establishing robust governance

of the remediation process. The advantages of this particular methodology is that is provides regulatory agencies

with the confidence needed for them to effectively administer penalties. However, there is a lack of quantitative

Protiviti uses the technology-enabled execution and stakeholder governance to find a blend of speed vs. fairness

for the customer remediation program. Some examples of these methods include Citigroup's and Wells Fargo's

remediation efforts. Although the remediation model offers some positive attributes, scaling these models across

Remediation effort. An integral part of their success has been the consistent use of a master findings list and kri

dashboards during the entire duration of the remediation efforts. An example of an enforcement based

remediation program is the remediation programs implemented by regulatory agencies including the FRB, FCA,

OCC and other agencies for banks as a result of the deficiencies found in the banks use of AML and other Risk

The Citigroup AML Consent Order started in 2013 and ended in 2020 and was designed to be a “comprehensive”

program consisting of “11 Pillars” of remediation. After an extensive financial investment from Citigroup the

program greatly reduced the number of false positives, however, the program was challenged with data silos and

Management practices due to the “London Whale” incident, it also made them aware of their vulnerabilities

created by their reliance on models. The Regulator's investigation of multiple banks for manipulation of the FX

Market has resulted in a significant amount of both financial and reputational penalties and has provided

Regulators with an opportunity to elevate the standards of good business practice and regulatory compliance

within the market place.These examples highlight the need for banks to have organized remediation programmes,

engage stakeholders and utilize sustainable practices to overcome regulatory compliance challenges within G-

This program was designed as a response to OCC & FRB Consent orders, to create a structured and repeatable

lifecycle in line with both of these agencies’ (OCC & FRB) policies (i.e., FRB SR08-08) as well as project

The remediation program was aimed at completing SIFI (i.e. Systemically Important Financial Institutions)

remediation projects by 2018 using eleven pillars, each focused on a specific risk and data analytics area,

sustainability initiatives, and risk-based priority.In the planning phase, scoping & estimating was performed

(RTM). Risk Diversification Strategies were created to significantly reduce residual risks. Testing and Reporting

The recommended approach to complying with the delivery model is in compliance with SR 08-08 and consists

of four distinct layers that constitute a well organized architecture; these are: (1) Governance & Strategy, (2)

Program Management/Delivery, (3) The Stakeholder and Functional Layer, and (4) The Control, Data and Impact

Steering Committee include, but are not limited to, overseeing compliance with regulatory requirements for the

entire organization and managing numerous components, such as, for example, the reporting of data, the

disciplines in an organization, from the regulatory assessment of the program to the implementation of the

program with the stakeholders, and supports a global delivery model for enhancing capabilities. The Control,

identifier to track it; this identifier is critical to ensuring that the remediation is completed as per the

Composite fields (e.g., Risk Scores), while guiding action from the defined severity level and priority category,

(Red/Immediate), Low Priority/High Severity (Yellow), High Priority / Low Severity (Green), Low

Severity/Low Priority (Blue); examples exist for all four combinations. A remedial findings table should

document each combination/code, including both severity and priority, allowing for the quick identification of

combinations are organized by priority; therefore, priority determines the order in which repairs are to be

this storage approach has designated fields for coding the combinations, severity, and priority levels, and the

inclusion of a colour code heat map for the executive view to reduce duplication of efforts on the highest priority

The overall goal of the Bank Remediation Program is to use monitoring of performance indicators as a tool for

governance and compliance with the Safe Harbor provisions of Supervision Circular 08-08. Monitoring will

utilize our efficiency metrics (closed findings, average time to remediate, on-time closure rates, reopened rates),

risk and quality metrics (high-risk backlog, residual risk scores, successful completion of third party

seamless integration to Business as Usual operations (BAU) through the bank's compliance program. To ensure

sufficient focus in both areas, the recommended breakdown of focus should be 60% Remediation and 40%

The importance of this dual focus is that it provides both evidentiary support for successful closure of the

remediation program as well as continued viability of the program into the future. These two key pieces of