COLUMN – OLAF RANSOME | As banking operations veteran Olaf Ransome boards a mission to be a board member, he soon identifies 90 things he should do to be sure he’s on top of his control responsibility. Following his six column articles through 2024 which zoomed in on resilience, join him here for his 2025 examination of everyday operations – seeking to help us understand some of those everyday challenges, and offering thoughts and tips on how to master them.
Find all Olaf Ransome’s PostTrade 360° articles here.
2025 is going to bring a new challenge for me: being a board member, aka iNED, of a start-up which is about to become a regulated financial institution in Switzerland. “Board” and “regulated” are both firsts for me. I have been pondering how I prepare for and manage this.
To misquote the old Amex tagline: “Membership has its obligations!” With the role, and the modest stipend which goes with it, comes accountability and liability. There is a lot of reputational risk; here in Switzerland, board members are approved by FINMA the Swiss regulator. This is known locally as “die Gewähr”; it does not have to be given, and it can be taken away at any moment. Now I guess you could appeal, and I know of a case where somebody successfully sued FINMA for blocking their access to work by simply declining to approve. Whilst they did have to compensate him for foregone earnings, the “non-approval” did not go away. Frankly that is a losing battle.
Many readers will know of my control bias. It is #1 in my company 3C Advisory’s name: control, capacity and cost. So, you’d understand that my mind is pondering how to do the job properly; assuming I am approved and am given this “Gewähr”, how do I make sure I fulfil all the responsibilities of the new role?
As a board member, you are not involved day-to-day, so you have to trust the operation does what it should. Whilst the staff are responsible for doing things, the board is accountable for ensuring they are done and done properly. My neighbour has just stepped down from the board of UBS; over there I am sure that things run like a well-oiled, staffed and tuned aircraft carrier. For sure the apparat does what is has to do. I, on the other hand, am helping a start-up. Right now, we have nothing, or next to nothing. “Trust is good, control is better,” goes the old adage. So, what controls do we, the board, need to ensure that what is supposed to be done is done?
Our regulators expect us to have a set of policies, outlining what we will do, when we will do it, who is responsible and who is accountable. And they expect us to have a set of key controls, referred to locally as an “Internal Control System”. Amazingly, apparently an Excel spreadsheet would suffice. In fact, as elsewhere in financial services, Excel rears its ugly head in this space. One of my fellow board members was previously on the board of a major domestic bank in Southern Europe. She told me they used Excel! No easy audit trail, no easy way to monitor progress; just the wrong tool for the job.
I read our policies in detail; what were we, the board, committing to ensure was done? Across the 13 policies, at first pass I found some 90 tasks or commitments. Some are as simple as “review this policy at least annually”, others require something to be done monthly or quarterly. Even the first of those, the annual review, is trickier than it looks. I imagine an auditor challenging me:
Auditor: “It looks like this policy has not been reviewed. Last version was Jan 2025”
Me: “We looked at it, there was no need for any changes.”
Auditor: “Show me the evidence that the policy owner considered this, made a recommendation to the board and the board approved!”
I have been doing operational things for a long, long time. I have had many a tussle with many an auditor, all good clean fun, and done a lot of work on Operational Risk, OpRisk, so I would say I have enough grey hair and battle scars to imagine what good looks like. My fellow board members and I need to be able to say:
“Ms Auditor or Mr. Regulator, in Policy #1, there are 6 key controls. Here is the evidence that we performed those controls, with pdfs of the relevant reports, copies of the appropriate board minutes, including approval of any changes or decisions not to change. All the evidence in a clear audit trail.”
With that comes a desire to ensure that we never have the company pull an all-nighter to somehow or other do enough to show we have control; I want to be able to see progress and to ensure that our people have the right tools. By right, I mean those tools which help you control rather than being a burden for which you take a “last-minute tick-box exercise” approach.
Now, I will confess that my initial inventory was gathered in Excel. Perfectly good for getting me a structured data set, but not a tool-of-choice for what I see is the on-going need here.
Clearly, the board needs to ensure it has a system that tracks these 90 commitments, ensures we understand the frequency required, have a cross-reference to the actual policy, so we know that this control relates to Policy X, section Y, can upload evidence of what was done and have this all available to share with auditors & regulators.
One of the upsides of having been around so long in the business, is that I meet lots of smart, younger people. I shared my challenge with one of them: Carl-Fredrik Svensson the CEO of Daymi, which specialises in creating control tools for financial services firms. I had previously talked with Carl about two different flavours of checklists:
1. The “daily kind”. Do 23 things today, one more on Friday and another two at month-end.
2. The “on demand template kind”. Do these 17 things every time you issue a new structured product.
My challenge felt like a hybrid or mash-up of the two. Plan A in my thinking was to start at frequency: divide the pile into monthly, quarterly, semi-annual and annual tasks. Plan A did not survive long; Carl listened to what I had to say and offered to put together a prototype for me. Plan B was a big improvement on my plan A. Carl brought some valuable thinking to the table. He saw each Policy as an annual process, with a series of sub-processes, each of which might have a different frequency and due date. His model offered a valuable control dimension: progress would be visible at a policy level, making it much easier to say: “here is the evidence we have done all the things we committed to in Policy X”. The Daymi toolset will allow us to track the level of completeness and to attach evidence of what was done to each step to complete the audit trail.
In a movie about auditors, Plan B feels like script which gets you a: “you had me at evidence and audit trail”.
I have already shared the prototype and Plan B with two of my fellow board members. They gave it a big thumbs up. Now we just need to implement it.
Just as I was having this back-and-forth in mid-December, another client of mine called me; their problem was all around daily tasks. People forgetting to do things. Clearly the “daily checklist” kind of challenge. I know a man who can help them.
In conclusion
Even at a Board level, there is a need to worry about control. Good control is a function of people, processes and tools. Even the greatest team, with the clearest processes needs good tools to help get the work done.
Referring to himself as The Bankers’ Plumber, Olaf Ransome is founder of 3C Advisory LLC – drawing on decades of senior operational experience from large banks. To connect, find his LinkedIn page here.