Governance, Risk and Compliance

Mosaic has extensive experience working with clients across banking, insurance, funds and wealth to help them understand the risks, regulatory expectations and compliance obligations of customer remediation. We work with clients to ensure that their execution of customer remediation is as effective as possible, replicable, and embedded, to strengthen organisational resilience and competence.

Our support spans the solutioning cycle, from advice and recommendations, through to data analysis, calculation and implementation. We have expertise in the following areas:

• Development of customer remediation standards, policies, and procedures
• Regulator strategy and engagement support
• Obligation interpretation and gap analysis
• Root cause analysis, including compliance by design, control workshops, mapping, and testing
• Systems support and implementation
• Customer data scoping, analysis, mapping, and calculation
• Customer contact strategy, communication, and implementation
• Full programme management, including governance reporting and record keeping.

We work to ensure that good customer outcomes are met, taking into account the size and complexity of our clients' operating environment. We also seek to ensure that outcomes can be operationalised effectively and embedded for future operational resilience. We regularly work alongside internal and external risk and legal teams.

Mosaic can assist you assess your organisation's risk and compliance maturity using our proprietary maturity model or a model developed specifically for your needs. Our experienced team will independently assess your people, processes, and systems to ensure they are operating consistently in line with industry practices.

We can undertake holistic risk or compliance maturity assessments or more focused, "deep-dive" maturity reviews on specific aspects of your business.

Periodic maturity assessments are an effective way to measure your progress, validate your risk and compliance roadmap, enable informed decision-making, support a strong risk and compliance culture, and pursue operational excellence and resilience.

Recent client work: 

• Holistic risk maturity uplift: Mosaic assisted an investment firm assess its risk and compliance maturity across all aspects of its business.
• Risk culture and conduct improvement:Mosaic supported a major bank in improving its risk culture and conduct by identifying key themes and recommendations.
• Holistic privacy maturity assessment: Mosaic conducted a holistic privacy maturity assessment for a local government organisation to assist it understand its current privacy maturity and identify any areas for improvement.

We work with clients to assess, design, and implement fit-for-purpose frameworks that align corporate governance with risk management and control activities. This helps ensure that actual and potential threats to strategic objectives, business performance, operational efficiency, and resilience are well understood and managed within risk appetite.

An effective risk governance framework drives the identification and focus on the risks that have the most impact on the organisation's strategic objectives. It also holds risk owners accountable for managing those risks effectively. The goal is to reduce and control all risks to an acceptable level and within risk appetite.

Recent client work includes:

• Development of an incident management framework, policies, procedures, and processes at a major bank
• Supporting leadership at a large bank to improve risk culture and conduct by identifying key themes and recommendations.

Operational risk management is the process of identifying, assessing, and mitigating risks that can impact an organisation's operations. These risks can include human error, system failures, and external events.

Mosaic's Operational Risk Advisory service assists organisations improve their operational risk management capabilities.We provide a holistic approach that includes:

• Risk assessment and identification
• Policy development and implementation
• Training and awareness
• Control design and testing.

We have a proven track record of success in assisting organisations improve their operational risk management. In one recent example, we worked with a large investment management business to improve their operational risk maturity. We assisted them to:

• Develop and implement a new risk management framework
• Train their staff on risk management
• Document their risks and controls.

As a result of our work, the client was able to significantly improve their operational risk management capabilities. They were able to identify and mitigate risks more effectively, and they were able to reduce their exposure to operational losses.

Climate and sustainability are important topics within the broader ESG (environmental, social, and governance) framework. The Taskforce on Climate-related Financial Disclosures (TCFD) was created to help companies report on the impact of climate change on their operations and their impact on the climate. The TCFD reporting framework recommends four areas for companies' disclosures: governance, strategy, risk management, and metrics and targets.

While the TCFD framework is voluntary, New Zealand has adopted a mandatory climate-related disclosure regime that will go into effect in 2023 for climate reporting entities (including large banks and other financial institutions). New Zealand's regime is largely based on the TCFD framework.Mosaic has a team of experienced climate and ESG professionals who can help you prepare for climate-related disclosures and target setting. Our recent client engagements include:

• Managing a project on voluntary climate disclosure across all pillars, including calculation of financed emissions for a major commercial and retail bank
• Conducting an in-depth investigation of integration with a climate data provider for greenhouse gas emissions metrics and the determination of physical climate risk across the portfolio of a retail bank
• Providing support to a major fund manager to define governance disclosure, controls, and checks around its reporting process in the lead up to the mandatory regime.

Legislation and regulatory requirements and expectations continue to evolve and change, requiring financial services businesses to respond strategically and tactically to ensure compliance.

Mosaic has assisted clients with responding to recent legislative changes and regulatory impacts, including:

• Supporting major banks with BS11, CCCFA, CoFI, and data privacy requirements
• Helping clients implement the Financial Services Legislation Amendment Act 2019
• Re-licensing a client under the Financial Markets Supervisors Act 2011
• Evaluating and implementing liquidity management tools for a licensed fund manager.

Mosaic's services help financial services businesses meet regulatory requirements, reduce risk, and improve operational efficiency.