Governance, Risk and Compliance

Mosaic has extensive experience working with clients across banking, insurance, funds and wealth to help them understand the risks, regulatory expectations and compliance obligations of customer remediation. We work with clients to ensure that their execution of customer remediation is as effective as possible, replicable, and embedded, to strengthen organisational resilience and competence.

Our support spans the solutioning cycle, from advice and recommendations, through to data analysis, calculation and implementation. We have expertise in the following areas:

• Development of customer remediation standards, policies, and procedures;
• Regulator strategy and engagement support;
• Obligation interpretation and gap analysis;
• Root cause analysis, including compliance by design, control workshops, mapping, and testing;
• Systems support and implementation;
• Customer data scoping, analysis, mapping, and calculation;
• Customer contact strategy, communication, and implementation; and
• Full programme management, including governance reporting and record keeping.

We work to ensure that good customer outcomes are met, taking into account the size and complexity of our clients' operating environment. We also seek to ensure that outcomes can be operationalised effectively and embedded for future operational resilience. We regularly work alongside internal and external legal teams.

Mosaic can assist you assess your organisation's risk and compliance maturity using our proprietary maturity model or a model developed specifically for your needs. Our experienced team will independently assess your people, processes, and systems to ensure they are operating consistently in line with industry practices.

We can undertake holistic risk or compliance maturity assessments or more focused, "deep-dive" maturity reviews on specific aspects of your business.

Periodic maturity assessments are an effective way to measure your progress, validate your risk and compliance roadmap, enable informed decision-making, support a strong risk and compliance culture, and pursue operational excellence and resilience.

Recent client work: 

• Holistic risk maturity uplift: Mosaic assisted an investment firm assess its risk and compliance maturity across all aspects of its business.
• Risk culture and conduct improvement:Mosaic supported a major bank in improving its risk culture and conduct by identifying key themes and recommendations.
• Holistic privacy maturity assessment: Mosaic conducted a holistic privacy maturity assessment for a local government organisation to assist it understand its current privacy maturity and identify any areas for improvement.

We work with clients to assess, design, and implement fit-for-purpose frameworks that align corporate governance with risk management and control activities. This helps ensure that actual and potential threats to strategic objectives, business performance, operational efficiency, and resilience are well understood and managed within risk appetite.

An effective risk governance framework drives the identification and focus on the risks that have the most impact on the organisation's strategic objectives. It also holds risk owners accountable for managing those risks effectively. The goal is to reduce and control all risks to an acceptable level and within risk appetite.

Recent client work includes:

• Development of an incident management framework, policies, procedures, and processes at a major bank.
• Supporting leadership at a large bank to improve risk culture and conduct by identifying key themes and recommendations.

Operational risk management is the process of identifying, assessing, and mitigating risks that can impact an organisation's operations. These risks can include human error, system failures, and external events.

Mosaic assists organisations improve their operational risk management capabilities.We provide a holistic approach that includes:

• Risk assessment and identification;
• Policy development and implementation;
• Training and awareness; and
• Control design and testing.

We have a proven track record of success in assisting organisations improve their operational risk management. In one recent example, we worked with a large investment management business to improve their operational risk maturity. We assisted them to:

• Develop and implement a new risk management framework;
• Train their staff on risk management; and
• Document their risks and controls.

As a result of our work, the client was able to significantly improve its operational risk management capabilities. They were able to identify and mitigate risks more effectively, and they were able to reduce their exposure to operational losses.

Legislation and regulatory requirements and expectations continue to evolve and change, requiring financial services businesses to respond strategically and tactically to ensure compliance.

Mosaic has assisted clients with responding to recent legislative changes and regulatory impacts, including:

• Supporting major banks with BS11, CCCFA, CoFI, and data privacy requirements;
• Helping clients implement the Financial Services Legislation Amendment Act 2019;
• Re-licensing a client under the Financial Markets Supervisors Act 2011; and
• Evaluating and management tools for a licensed fund manager.

Mosaic's services help financial services businesses meet regulatory requirements, reduce risk, and improve operational efficiency.