Skip to main content Skip to Footer


Making the most of Risk and Control Self-Assessment (RCSA) programs

Learn how a centralized model can help banks strengthen the benefits of RCSA transformation.


Banks undertaking Risk and Control Self -Assessment (RCSA) transformation initiatives can benefit from a centralized approach to address risk challenges.

Emerging risks related to digital technologies put added pressure on line managers in terms of risk management, while new regulatory demands have increased costs for risk and control functions.

An RCSA program with functions centralized in a Center of Excellence (COE) model can help address these challenges while supporting the organization’s strategic objectives. Continuous RCSA initiatives can be scheduled throughout the year to reduce disruptions and the COE framework can concentrate the experience and specialization needed to manage such risks.

The insights and standardized reporting from the COE can help improve the organization’s ability to make risk-weighted decisions and to set priorities while helping to reduce operational losses. Issues can be identified and remediated sooner and a risk mind set can be fostered throughout the organization.

The COE model helps the enterprise identify emerging or systemic risks and to share insights and new controls across lines of business.

Key Findings

New challenges facing financial institutions call for improvements to RCSA processes. These include:

  • Reinforcement of risk “first line of defense” control responsibility. Line managers are now charged with identifying, owning and managing risks and with implementing corrective actions.

  • Emerging risks tied to changes in operating models. Organizations are experimenting with and adopting new digital operating models with their own set of risks.

  • Operational risk costs. New regulatory demands have led to higher costs for risk, controls and compliance staff.

  • Need for profitable growth. Institutions searching for new avenues to profitable growth are finding it difficult to identify and measure the true costs of operational risk.

In light of these and other challenges, financial institutions are looking for better ways to manage operational risk and help reduce unexpected losses.

Over two-thirds of firms surveyed in a recent compliance study1 said they are expecting skilled staff to cost more.

1. Thomson Reuters Annual Cost of Compliance Survey Shows Regulatory Fatigue, Resource Challenges and Personal Liability to Increase Throughout 2015,” Thomson Reuters, May 13, 2015. Access at:


RCSA Center of Excellence can help banks and financial institutions manage operational risks and control costs in a number of ways:

  • Through centralized RCSA responsibilities in a COE model, assessments and remediation measures can be delivered on a continuous basis, reducing capacity restraints on key businesses.

  • Centralization of RCSA execution helps the organization determine if it has the talent needed to manage emerging risks in areas such as cyber risk and social media.

  • The COE helps reduce costs by shifting some activities offshore and lowering audit costs.

  • Standardized RCSA reporting supports better decision-making and prioritization.

While costs can be lowered, operational losses can also be reduced as operational risk issues are identified and remediated.