At our recent GRC Summit 2024 in Baltimore, Arindam Majumdar, Deputy Chief Risk Officer, Bank OZK, presented on Bank OZK’s GRC journey, taking the audience through the challenges of operational risk management within a growing financial institution, the effective strategies implemented, and the business value being realized.
Bank OZK is a high-performing U.S. regional bank with deep expertise in specialized lending businesses nationwide .Bank OZK operates through 230 retail branches and is noted for its significant presence in construction lending, being among the top five in major cities like New York, Chicago, Miami, and San Francisco.
Here are the key takeaways from Arindam’s session.
Arindam: We are one of the largest domestic CRE construction lenders in the country. In the last eight years, we've grown three and a half fold, and we are moving towards 50 billion in total assets. The board has given us the mandate to prepare a risk management organization that can support $100 billion bank.
Now our vision is obviously not only to maximize our strength, which is motion lending, but also diversify our asset base, which is look at other lines of lending, such as CNI, consumer lending, asset-based lending, equipment financial lending, etc. So, we are pursuing those opportunities as well as diversify our geographical footprint.
We have certain systemic challenges which are not unique to us. Current environment with inflation longer rates is certainly a challenge for us. Another challenge is that we are growing exponentially. Our ability to integrate our workforce during this growth map, while we have a wide foot footprint with remote work, has been a challenge as well as the need to prep the risk management frameworks and infrastructure to be ready for $50 billion plus. We transitioned over to MetricStream and in 2023 we went live. This is our second year on the platform, and I'll get to our unique journey with GRC solutions.
Arindam: We were looking for a solution that would provide some degree of customization, especially on the reporting side. We wanted custom reports, and a solution that we could, with a high degree of confidence, expand to our user base.
What we've also done with our GRC program is a quarterly attestation of our risk and control universe. We at present, do annual testing with our controls, with our operational controls. We've also gone about integrating the solution with our internal audit solution, we have a different internal audit solution within the bank, but through MetricStream’s API connections, we've been able to pull all our audit data into the MetricStream platform as well.
We’ve adopted the issue management model, which has been a game changer for us, especially as we have tried to mature our data risk programs. Data issue management and operational risk management has been the two biggest pieces in our issue management module within MetricStream.
Arindam: Using MetricStream’s Operational Risk, RCSA Control Attestation, Issue Management Module and the integration with the internal audit solution, we have realized the following benefits:
Our biggest challenge is to keep our controls live , which is why we have 40 attestations also tested from an operational risk standpoint. Building feedback with audit, issue management and your own control environment is critical. You want to try and keep it as simple as possible. Find the right balance between information and noise.
Arindam: We're moving towards enhancing our operation of our capital model. We're trying to build a Bayesian network-based model, with real time key control indicators to make this even more live.
Watch the full session here.
I recently had the chance to discuss in depth with Arindam on the challenges of operational risk management within a growing financial institution, and the effective strategies and programs to enhance operational risk management.
Watch the webinar recording here: https://grc-summit.wistia.com/medias/spcgu7gkw3
Registrations are open for our London GRC Summit 2024 on November 6-7! Join us for groundbreaking discussions and exceptional networking opportunities with top industry leaders and experts as we unlock the latest insights and strategies in operational resilience, AI for GRC, risk management, compliance, cyber risk, and more. Register now: