Governance, Risk and Compliance

How Sterling Bank & Trust Increased Issue Identification by 4x and Reduced Risk Silos with Resolver

0 billion
USD in assets (approx.)
0 x
Increase in issues logged

As Senior Vice President and Director of Enterprise Risk Management, Eleni Willis leads the design and implementation of Sterling Bank and Trust’s Enterprise Risk Management program. As a community bank with 28 locations, innovation, and digital transformation have been vital to simplifying and improving the risk culture at Sterling Bank & Trust.

“I’ve been tasked with building an ERM operations program from the ground up for the most part, as it was in its early stages of infancy,” Willis explains. “When I got here, I built out the RCSA Program and standardized our risk assessment methodology, developed a Policy Governance Program, and matured the Issues Management process, among implementing other various risk programs.”

The Situation

  • Challenged with siloed information
  • Difficulty coordinating across expansive teams and disciplines
  • Pace of issue remediation
  • Cost of multiple and disparate systems

As many in banking can attest, staying on top of regulatory compliance management and the hefty fines that may come with a missed obligation can be challenging and sometimes costly. Willis had to quickly get up to speed on effectively handling a looming regulatory compliance issue, highlighting the need for an end-to-end compliance management solution. “Meanwhile, we had this regulatory (compliance) issue looming over our heads,” says Willis. “The bank was cited with underwriting deficiencies and violations of federal Bank Secrecy Act / Anti-Money Laundering regulations tied to a certain mortgage loan product, which regulators alleged used fraudulent information. My last big challenge is the possibility of a recession and the concern this creates over credit quality.”

A strategic ERM priority for the bank was improving communication across the first, second, and third lines and creating opportunities to leverage work done by different disciplines in the business. Initially, Willis’s efforts to mature Sterling’s enterprise risk management systems were hampered by not having information readily accessible in one place. “We’re talking about so many different disciplines, and how do you put it all together?”

It became clear that a central, cloud-based enterprise risk management software solution was needed to achieve business objectives. “Having some kind of digital component to your different disciplines really helps you be able to break down those silos and leverage off of all of the work that’s being done across the entire organization,” Willis explains.

The Solution

An early adopter of technology to support her GRC strategy, Eleni and her team apply common ERM methods and approaches to manage risk across all first and second lines of business. Implementing and benefitting from new technologies is at the forefront of Willis’s entire ERM program at Sterling Bank and Trust.

Willis shares the concept of combined assurance. “It’s really aligning with your internal partners, working closely together, trying to get those processes between… let’s say your internal audit department, as well as your other assurance providers, to help develop deeper insights on your governance, and your risk, and your control management, and then deliver that to your senior management as well as the audit committee, or any other committee that you’re trying to bring out that information to.”

For Sterling, Resolver’s ERM software solution was the chosen platform to help bring this all together. “We are putting in about 10, maybe even a few more, of our different disciplines within the system.” From housing their ERM and risk assessments centrally to issues management, business continuity, internal controls, IT risk management, third-party risk management, policy governance, and more, Willis is leading the charge of having all of Sterling’s risk data and information in one place.

The Approach

Willis recommends starting with a cost-benefit analysis to get the board to buy into your digital transformation program. “What’s the cost of the current systems you have managing all these different functions?” Often, the cost of implementing one end-to-end system can be more efficient than your current state of multiple legacy systems and disconnected disciplines within your organization.

The other component is getting alignment on a desire to break down silos. Socializing the benefit of a central information warehouse, including the efficiencies they create, can help tie the investment to corporate objectives.

When starting from the very beginning, Willis suggests getting aligned on expectations and a bold vision for your program. “We are a pretty small community bank, and so we have a lot of very immature programs,” she explains. Many of Willis’s teams have ways of doing things that they want to grow in maturity. “We’ve really helped our different disciplines develop that vision, and write down their methodologies and then try to have them all conform.”

Willis worked hand-in-hand with the Resolver team during implementation. “Just the fact that I’d already put something down on paper helped tremendously when we actually started the conversations about how to build it out… Resolver was able to work with me and say, ‘Okay, we can make that happen, but this is what we need from you.’”

“We’re implementing a new GRC system across ten different disciplines, all within the second- and third-line functions,” Willis explains. “It’s going to be something that our entire bank is going to be using for our issues management, our policy governance, and quite a few different areas.”

“A big component of ERM and GRC is to speak the same language,” says Willis. For Sterling, this includes having the same risk taxonomy to the same methodologies for risk assessments — like the definitions behind risk rating your impact, for example — or the mathematics when calculating inherent risk or residual risk. “Having that same conformity behind the mechanics of those risk assessments is what a GRC system has really helped us be able to accomplish.”

The Result

Implementation of Resolver has allowed Sterling to better track issue remediation and statics. Willis produces quarterly dashboards with key trends and status updates on these issues. She cites her annual program review for big wins. “In 2022, the volume of issues identified and logged into Resolver increased by more than four times (4x) as compared to 2021. Additionally, issues were assigned to more first-line business units by the second and third lines in 2022 than in any previous year on record.”

Over the past year, Sterling Bank & Trust has also matured the process of Issue Management, as evidenced by improved communications among all three lines of defense and enhanced system functionality to facilitate the program, Willis explains. “While the volume of issues identified in 2022 significantly increased, likewise, so did management’s ability to address them more efficiently and effectively.” Willis also noted that the data and reporting gleaned from Resolver showed “increased participation from all three lines of defense during issue identification, remediation, and validation efforts; less reliance on issue exceptions like risk acceptances and target due date extensions; and a more rapid pace from issue realization to resolution.”

Another key benefit was seen as Sterling’s Issues Program matured. Where Internal Audit typically logged issues, Willis saw more issues identified and logged by others disciplines. Along with the increased number of issues identified, Willis describes an equally significant shift in the number of issues remediated in a year. Starting in July 2022, Sterling began tracking how long business units took to remediate issues. Their preliminary data indicates that 67% of issues were addressed within 120 days of identification.

Willis and her steering committee continue to build out their program using Resolver’s software, working with Resolver’s Customer Success and Support teams to enhance capabilities to meet evolving requirements significantly. This includes real-time risk reporting through intelligent dashboards and reporting for all internal stakeholders and executives.

Overall, Sterling’s risk culture has shifted to better-documenting issues and related remediation efforts. By partnering with Resolver, Sterling was able to consolidate multiple data sources across the company onto one centralized platform, making it easy to share information while significantly reducing the cost of maintaining multiple systems.

See how Resolver can help modernize your Enterprise Risk Management capabilities. Register for an upcoming ERM Product Showcase, or book a custom demo now!

More Resolver customer stories:

Request a Demo

Fill out the form below to request a demo or learn more about Resolver