How Control Functions Propel the Transition to an Agile Model in Risk and Compliance

Agility, a buzzword commonly associated with tech and startups, is now making waves in the banking sector, specifically in risk and compliance. Banks worldwide are recognizing that adopting agile models can result in customer-centricity, faster speed to market, higher employee engagement, and increased productivity. In this blog post, we’ll walk you through the step-by-step process of how control functions can launch a bank’s shift to an agile model, complete with key examples and backed by industry insights.


1. Identifying the Ideal Operating Model

The first crucial step towards agile adoption is determining the right operating model. This decision should be rooted in two primary considerations:

  • Level of Agile Maturity: Analyze the degree of agility currently in place within the broader organization. Research indicates that the more ingrained agile practices are, the smoother the transition.
  • Nature of Work: Leaders should be acutely aware of how roles interconnect within risk and compliance and with other departments. This understanding ensures better collaboration and draws upon the necessary expertise and specialization.

For instance, a bank with an established agile marketing department might find it easier to incorporate agile principles into risk and compliance, as there’s an existing framework and experience to draw from.


2. Scope Determination

Once the model is identified, it’s essential to decide on the scope of its rollout, especially when focusing on the second line of defense.

Case Study: Some leading banks began their agile journey by merely transforming a handful of teams. Gradually, this change snowballed to encompass the entire delivery organization and eventually the whole institution. So, starting with a pilot approach – by experimenting with a few product-led agile teams – can be a pragmatic strategy.


3. Crafting a Detailed Operating Model

A successful agile shift requires a comprehensive design that considers three main aspects:

  • Structure: Implementing cross-functional, product-led teams and introducing processes like quarterly business reviews can foster better communication and results.
  • People & Culture: This involves reshaping job roles, updating performance management metrics, and cultivating an engineering-focused culture.
  • Technology: A blend of harmonized tools and advanced technology can significantly improve efficiency.

However, while designing this structure, five pivotal guiding principles stand out:

  1. Permanence: Eliminate short-lived project teams in favor of lasting groups (or tribes) responsible for specific product categories.
  2. Ownership: Grant tribes overarching authority over product strategy and its development.
  3. Self-Sufficiency: Reduce or eliminate the tribe’s dependency on other units for product delivery.
  4. Efficient Tribe Size: Limiting a tribe to 90-150 full-time employees ensures productivity while keeping costs in check. Studies have shown that this number fosters optimal collaboration.
  5. Prioritize Engineering: A successful agile model minimizes management layers and accentuates engineering talent.

Conclusion: The agile model may have had its roots in customer-centric departments, but it’s fast gaining traction across various support functions, including the second line of defense. The synergy between risk and compliance, combined with other control functions, is paramount for the comprehensive adoption of agile principles.

Looking Ahead: As more banks experiment with agile, it becomes imperative for leaders to align their vision and purpose. Only through this alignment can institutions reap the multitude of benefits offered by an agile operating model.


Choosing a GRC software vendor can be cumbersome and difficult. In an era, where most tools do the same, the difference between choosing Connected Risk and one of our competitors is easy. With a malleable system that is designed to manage your internal processes from start to finish, you can implement a customized function for your organization’s agile risk processes. Learn more about Connected Risk and the capabilities of Empowered’s EmpoweredNEXT no-code software for GRC.

Like this article?

Email
Share on Facebook
Share on LinkedIn
Share on XING

Talk to an Expert

"*" indicates required fields

Are you looking for support?

If you're looking for product support, please login to our support center by clicking here.

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit a Pricing Request

"*" indicates required fields

First, what's your name?*
This field is for validation purposes and should be left unchanged.

Submit an RFP Request

"*" indicates required fields

First, what's your name?*
Which solution does your RFP require a response on?*
Drop files here or
Accepted file types: pdf, doc, docx, Max. file size: 1 MB, Max. files: 4.
    This field is for validation purposes and should be left unchanged.

    GDPR Cookie Consent with Real Cookie Banner Skip to content