UK Financial Services Practice

Engaging Risk in Agile DevelopmentKeeping pace with the new world of digital banking

We help risk functions mobilise for

rapid change as well as provide risk

and regulatory expertise directly into

the scrum team

Parker Fitzgerald connects Risk

Change to an Agile Scrum

methodology

Ensure risk and regulatory obligations are met

Improve scrum team and testing efficiency

Remove the critical dependency on the risk function

Continue to deliver digital change at pace

2

01The Digital Opportunity

Grasping it requires products and services to be brought to market at speed

02Challenges of Rapid Development

Banks must find a way to effectively include risk in agile development

03Mobilising Risk for Rapid Iterative Development

Ensuring the risk function are able support an agile scrum development

04Introducing Risk in to Agile Scrum

A regulatory expert in the scrum team ensures speed to market is maintained

05How Parker Fitzgerald Can Help

We provide expert risk and regulatory knowledge directly into the scrum

Contents

| Engaging Risk in Agile Development

3

UK Banking Actual and Forecast Return on Equity.

0%

5%

10%

15%

20%

2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 2017 2018 2019 2020

2007: Credit CrunchBNP Paribas freeze $2.2bn of

funds resulting in panic and a

seizure in the financial

markets

2009: BCBS Basel II Reform

Changes aimed at improving

market risk for incremental risk

in the trading book place

increasing strain on RoE 2016: SmartphonesSmartphone penetration

is likely to be the only

limiting factor in the

digital revolution. This is

forecast to reach 75% in

2016 up from 44% in

2012**

2014: Interest RatesAs interest rates begin to

improve so do the banks

funding margins

2020: Mobile Usage33% of all consumers will be

using smartphones for all their

banking needs whilst mobile will

make up more than 50% of all

payment transactions*

Upward Pressure

Downward Pressure

2012: LLP RecoveryBanks begin to see an

improvements in RoE

attributed to improvements

in the necessary Loan Loss

Provisions

RecoveryCollapse

* Telecoms.com **Portio Research

Banks must rethink their

business models if they wish

to generate acceptable

return on equity (RoE) in the

face of increased capital

requirements and the

ongoing costs of regulatory

change.

Poor performance and increased

liquidity costs resulted in a collapse

of RoE during the financial crisis.

The regulatory response to the crisis

further drove up capital and funding

costs, an area of continuing focus

from the PRA. Coupled with the cost

of implementing new regulation,

recovery of RoE has become a key

board focus.

Given rises in interest rates on the

horizon, banks are looking to re-

evaluate business models, with

digital promising to provide both

greater distribution and operational

efficiencies.

| Engaging Risk in Agile Development│ Section One

Banks must continue to bring products and services to market at speed

to support consumer demand and capitalise on the digital opportunity

The Digital Opportunity

4

Challenges of Rapid Development

Through rapid development

approaches such as agile,

banks have been able to bring

their digital offerings to market at

speed - creating products that

are “live” throughout

development

At the same time, risk change adopts a

linear sequential lifecycle; waterfall. This

requires all requirements to be thoroughly

defined at the outset so the final product

can be deployed in full.

Waterfall does not allow for previous

phases to easily be revised or revisited.

As a result design and testing are

extensive and time consuming. By

contrast, customer and stakeholder input

is used to refine and iterate throughout

agile development.

The expectation of risk to deliver change

using waterfall, has meant they are often

excluded from agile development so that

speed to market can be maintained.

However, as banks seeks to offer ever

more complex digital offerings it will no

longer be possible to simply ignore the

concerns of the risk function.

| Engaging Risk in Agile Development │ Section Two

VERSION 1 – LIVE

VERSION 2 - LIVE

LVERSION 3 - LIVE

Inspect &

Adapt

Inspect &

Adapt

Agile Scrum

Waterfall

LIVE PRODUCT

Banks must find a way to effectively include risk in agile development

if they hope to continue their digital journey at the pace required

DESIGNBUILD

TESTDEPLOY

5

Mobilising Risk for Rapid Iterative Development

| Engaging Risk in Agile Development │ Section Three

01

02

03

04

05

Work will be required upfront to understand the needs and concerns of key

risk stakeholders to gain their buy in to support a rapid development approach

Engagement & Sign Off

Requirements Fulfilment

Resourcing & Prioritisation

Compliance Approach

Risk Policy & Standards

ENSURING APPROPRIATE RISK POLICIES AND STANDARDS

• Review the completeness and appropriateness of existing policy

• Confirm the high level digital risk design principles

• Identify the policy and risk appetite decisions required

ADDRESSING SPECIFIC FUNCTIONAL REQUIREMENTS

• Ensure high priority risk objectives are identified up front

• Establish the means of communication between the risk function and delivery team

• Agree the acceptance criteria

PRIORISTISING DELIVERY WITHIN EXISTING WORKLOAD

• Align and prioritise digital strategy within the risk operating plan

• Define risk resourcing requirements through each delivery cycle

• Clarify and agree funding

CONFIRMING THE APPROACH TO COMPLIANCE

• Determine roles and responsibilities for compliance

• Route and ownership for the engagement with regulator to be defined

• Agree governance and sign off for compliance

ENSURING RISK REMAIN ENGAGED THROUGH DELIVERY

• Existing risk engagement process and governance needs to be reviewed

• Governance process should be aligned to support rapid decision making

• Build key sign off process in to the product delivery plan

6

Introducing Risk into Agile Scrum

| Engaging Risk in Agile Development │ Section Four

The key components of agile scrum delivery and where input how risk is can add value

In heavily regulated banking environments the inclusion of a

risk and regulatory expert in the scrum team ensures rapid delivery

• Products are broken down in to

a list of deliverables

• These are prioritised based on

complexity and business value

• Each includes a description of

functionality, reason it is

required, estimate for work and

acceptance criteria

SPRINT DEMO

Reviewing the product

THE SPRINT

Doing the work

SPRINT PLANNING

Breakdown of tasks

RELEASE PLANNING

Minimum Viable Product

PRODUCT BACKLOG

Prioritised list of functionality

• Deliverables and acceptance

criteria are reviewed to ensure

a common understanding of

what is being asked

• The team agrees on what

deliverables it can commit to in

that release (iteration)

• The backlog defines all the

tasks required in order to

achieve the deliverables

committed to for that sprint

• This sprint backlog is

essentially the team’s to do list

for the sprint cycle

• The sprint is the development

cycle through which each of the

tasks are ‘done’

• ‘Done’ includes any necessary

testing or ratification

• Daily ‘stand up’ meetings are

used to inspect the progress to

date and adapt if required

• This is the public end of each

sprint, in which all stakeholders

are invited to demo and inspect

what has been achieved

• If necessary, feedback can

then be used to inform the

product backlog for the next

sprint cycle

ABCDE

DAEBC

DAE

DAEBC

Business

Value

Complexity

Prioritisation

based on….

Minimum viable

product defined

D

A

E

Task 1

Task 2

Task 3

Task 1

Task 2

Task 3

Task 1

Task 2

Task 3

Each sprint is decomposed in to its

associated tasks…

2 Week

1 day

D A E

Product InspectionTask Delivery

• Key compliance issues such

as fraud, conduct and credit

risk directly impact complexity

and business value

• The regulatory environment in

which the product will operate

is a key consideration in

prioritisation

• Understanding risk

acceptance criteria is required

to ensuring product can go live

• An appreciation of key risk

governance processes

supports the prioritisation

process and ensures accurate

sprint planning

• Defining a comprehensive

account of the risk needs in

the task list is crucial to ensure

the product will meet

stakeholder expectations

• Risk testing is part of the

acceptance criteria for each

task

• Inclusion of risk in the

development phase ensures

that compliance issues are

identified early

• Risk are able to sign off

requirement in situ without

slowing down the delivery

process

• Risk stakeholders are invited

to demo the product at the end

of each sprint before go-live

• The session helps build

confidence with the risk

stakeholders as to the efficacy

of the agile to deliver risk

requirements

SPRINT 1

SPRINT 2

SPRINT 3

DEMO 1 DEMO 2 DEMO 3

7

How Parker Fitzgerald can Help| Engaging Risk in Agile Development │ Section Five

Parker Fitzgerald

understand the digital risk

and regulatory challenges

better than anyone else.

Our Digital Risk Solutions

practice is one of the leading

consulting teams available in

the industry - combining critical

thinking with world class

delivery.

Our agile service offerings

reflect our understanding of

your need to continue move at

pace in the delivery of digital

service offerings.

We help organisations to

mobilise their risk team to

support a rapid delivery

mechanism.

We then provide risk and

regulatory experts directly into

the Scrum team to support

throughout delivery.

By doing so we improve

efficiency, remove risk from

the critical path and ensure risk

and regulatory needs are

fulfilled.

Service

Offerings

RISK MOBILISATION

Provide risk and regulatory expert in to the scrum to;

• Provide expert understanding of risk and regulation

• Facilitate issue expedition & stakeholder management

• Support the creation of the Product Back Log

• Define Risk user stories and support sprint planning

• Define risk acceptance criteria and carry out testing

• Ensure Risk attendance at Sprint review sessions

RISK EXPERTS IN THE SCRUM

• Reduce testing and improve scrum efficiency

• Ensure risk and regulatory needs are fulfilled

• Ensure risk are not on the critical delivery path

• Ensure risk are not on the critical delivery path

• Establish governance and design principles

• Empower digital to continue to move at pace

Ensure risk are set up to support a rapid delivery approach by;

• Reviewing current risk change engagement model

• Refining existing governance approach

• Validating appropriateness of existing policy

• Confirming high level digital risk design principles

• Identifying key policy decisions required to support digital

• Addressing stakeholders concerns in relation to agile scrum

8

Parker Fitzgerald Global Locations| Engaging Risk in Agile Development

NEW YORKThe Seagram Building

375 Park Avenue

New York,

NY 10152, US

+1 212 634 7478

LONDONHeron Tower

110 Bishopsgate

LONDON

EC2N 4AY, UK

+44 207 100 7575

AMSTERDAMWTC Amsterdam

H / Tower

Zuidplein 36

1077 VX, Netherlands

+31 20 799 7969

SINGAPORELevel 30

Six Battery Road

049909

Singapore

+65 6725 6376

PARKER FITZGERALD is an award winning professional services firm specialising in the delivery

of risk and regulatory transformation within the financial services sector

We partner with the world’s leading financial institutions to manage the strategic impacts of new

financial regulation across the enterprise and deliver market leading capabilities for the risk function

“Shaping the future of finance…

combining critical thinking with world class delivery”

www.parkerfitzgerald.comwww.parker-fitzgerald.com

Important Notice

This document has been prepared by Parker Fitzgerald Limited (as defined below) for the sole purpose of providing a

proposal to the parties to whom it is addressed in order that they may evaluate the capabilities of Parker Fitzgerald to

supply the proposed services.

The information contained in this document has been compiled by Parker Fitzgerald and includes material which may

have been obtained from information provided by various sources and discussions with management but has not been

verified or audited. This document also contains confidential material proprietary to Parker Fitzgerald.

Except in the general context of evaluating our capabilities, no reliance may be placed for any purposes whatsoever on

the contents of this document or on its completeness. No representation or warranty, express or implied, is given and no

responsibility or liability is or will be accepted by or on behalf of Parker Fitzgerald or by any of its partners, members,

employees, agents or any other person as to the accuracy, completeness or correctness of the information contained in

this document or any other oral information made available and any such liability is expressly disclaimed.

This document and its contents are confidential and may not be

reproduced, redistributed or passed on, directly or indirectly, to any other

person in whole or in part without our prior written consent.

This document is not an offer and is not intended to be contractually

binding. Should this proposal be acceptable to you, and following the

conclusion of our internal acceptance procedures, we would be pleased to

discuss terms and conditions with you prior to our appointment.

Parker Fitzgerald is a limited company registered in England and Wales.

Registration number: 06362018.

Registered office: 17th Floor, Heron Tower,

110 Bishopsgate, LONDON EC2N 4AY