How Spar Nord Bank built a business architecture to handle risk and compliance

Integrated GRC

Back in 2012, documentation of processes in Spar Nord was not centralized. This resulted in a lot of gaps. Different company departments, and even individual teams, had their own processes. This prevented management from getting a comprehensive picture of the bank’s processes and their interdependencies as well as maintaining them.
To transform the business and ensure compliance Spar Nord needed a solution that could provide an overview of the functions and interconnections of the organization.

Central repository to mitigate risks

Spar Nord decided to go with MEGA HOPEX as a common enterprise repository for documenting their business architecture and creating a standardized approach for the entire organization. Thus, all divisions of the bank started mapping their processes into a common language and a centralized repository that could be used for governance risk management and compliance initiatives.
The holistic picture of HOPEX enabled Spar Nord to apply controls, get a picture of the effect of any process changes on the compliance risk map and mitigate risks. By using the bowtie method vulnerabilities and key risk factors could be analyzed and the likelihood of them occurring could be revealed.

Staying ahead of competition by building best-in-class processes.
By viewing key business factors in HOPEX like turnover and investments, Spar Nord was able to create benchmarks against other banks, stay ahead of the competition and improve its understanding of its customers. Valuable data from customer feedback on prices, demands and expectations were used for modifying products.
Standardising processes and keeping them consistent across internal functions has enabled Spar Nord to uphold their commitment to customer process excellence.

HOPEX Enterprise Architecture also added value to the resource planning for process stakeholders of Spar Nord.

Improving decision-making by visual insight into business processes.
Presenting the business processes of Spar Nord visually in HOPEX made it easy for internal stakeholders to recognize and understand processes, identify compliance blockages and make informed risk management decisions because they were able to anticipate the consequences of changes.
It also helped plan staff training and viewing competencies and capabilities to arrange for correct knowledge transfer while avoiding bottlenecks because of absence and vacation.
The visual presentation of processes makes it easier to introduce changes to employees and departments. Using “RACI” for displaying responsibilities (Responsible, Accountable, Consulted, Informed) provides clear ownership and accountability for each process and enables stakeholders at all levels – directors, partner managers, and process practitioners – to see the information required.

Compliance – types and how to manage compliance risk
The increased requirements of companies for governance, risk and compliance have made the banks’ ability to develop compliance of requirements and infrastructure more important.
To control requirements against realities Spar Nord use compliance risk assessments and audits. In case of incongruences, documentation is adjusted until providing the right output and still complying with regulatory requirements. Using only one tool for the entire process saves time and effort and ensures that the persons involved in the compliance risk process refer to accurate and available documentation and perform processes correctly.
The same solutions have been adopted to ensure compliance with data privacy regulations and the ethical handling of customer data.

About Spar Nord

With roots dating back to 1824, Spar Nord is the 5th largest retail bank in Denmark including 50 branches nationwide, 390,000 customers and 1,500 employees.

Listen to Claus Nielsen, Process Governance Manager, Spar Nord, presenting the bank’s GRC approach at an Enterprise Architecture conference for Financial Institutions in May 2021.