FixNix Blog

FixNix way of nixing Enterprise Risk & Compliance Pandemonium

Mar 21, 2017 3:26:01 AM / by Shanmugavel Sankaran

Problem Statement:

Crane Bank was acquired by Bank of Uganda (Central Bank). What were the primary reasons behind the same? Does it mean that the country’s central bank may impose stringent guidelines and framework for other banks to follow? If other banks don’t follow the norms, what are the likely chances of more such banks getting acquired or closed?


Reasons for Crane Bank’s acquisition:                           

  1. High NPL (Non-Performing Loans)
  2. NPLs are high because there are no regulatory measures and more loans are given to insiders
  3. High cost of credit
  4. No proper internal processes in place to check the credentials of borrowers
  5. Borrowers are not investing loan amount to ensure maximum productivity
  6. Higher loan weightage not given to productive sectors like agriculture. Risk weighted assets are not checked properly
  7. Systemic Risk as Crane Bank was unable to meet the required CAR (Capital Adequacy Ratio)

Banks are in need of a risk monitoring tool to keep internal processes in check. They also have to ensure that processes followed for loan approval are under proper control and key risk indicators are under control to ensure proper functioning of the bank without any regulatory problem.
Current structure in Uganda has integrated regulation with consumer protection. It is likely to move towards a set-up followed in developed economies where they have regulators, financial services players and consumer protection as separate units. If that happens, Bank of Uganda is likely to implement multiple risk control frameworks such as Cyber-Security Framework, Compliant Management Frameworks. Each and every bank may have to incorporate cyber security principles mentioned in framework into the bank’s overall risk-management framework.

Bank of Uganda’s stress test (Dec 2015 report) reveals that around 17 banks would require additional capital to meet solvency if the top three borrowers of each bank default.

Where does FixNix help the banks?

An automated GRC (Governance, Risk & Compliance) platform like ours, will make it easy to adopt, approach and automate the process flow of compliance. Our GRC solution helps organization in practicing Compliance as a culture, with improved productivity, better process, detect variances, fix gaps, proactive measures and avoid paying fines and reputation impacts.

India’s only @RBI (India’s Central Bank) approved Cloud Security Product

In India, we partnered with IDRBT and IFTAS for helping banks to comply, maintain the Cyber Security Guideline policy implementation, audit, risk management around it.

Risk Management

Simplifies the process of Internal and External Audits

Enterprise Risk Management enables us to identify, assess, quantify, manage, and monitor enterprise risks in a highly streamlined, automated, and integrated manner. This also scales across the enterprise, capturing risk and control data, as well as risk assessment findings, losses, issues and remediation plans in a single, centralized system.

Our Enterprise Risk Management system is focused on reporting, analyzing and subsequently mitigating said risks (such as NPL, operational and systemic risks, internal process control risk and implementing adequate controls in place)  to ensure the safety of the system. Our Enterprise Risk Management system provides smooth risk assessment and management in a completely automated manner. Our Enterprise Risk Management solutions are also dynamic and carefully planned in the event of any risk to the system .


  • Mitigate risk based on your risk levels by using different scoring mechanisms
  • Risk Identification and Assessment
  • Action Planning
  • Risk Response Management
  • Risk Monitoring
  • Control Activities

The first part of the system is the Risk Assessment aspect where we initially give a subject and risk score to the problem at hand. The Risk Score is used to determine exactly how serious the issue is. Now the system classifies the risk at hand and the reviewer needed to report and subsequently mitigate the issue. After this the score model is decided where the system segregates the risk based on International Risk Standards like OWASP, Classic etc. The required documents are uploaded and the reviewer determines the mitigation plan for the risk at hand. Here the Risk Management module starts and the mitigation plan is determined. After which the Risk Management Solution is approved by the reviewer and simultaneously the priority mails are sent to the reviewer/ reviewers regarding the same. Recurring risks are also constantly monitored for the safety of the system.

The Compliance Management System enables us to manage and automate compliance management processes. It also allows us to establish business context for compliance, identify and meet regulatory obligations, and implement compliance policies and standards. Our Compliance Management Solutions enable the standardizing of compliance and the control of processes. Additionally, we have other features in built into our Compliance Management Software like:

  1. Compliance Risk Management Governance policies. As specified before we specialize in offering Governance, Risk and Compliance based solutions, hence it is no surprise that our Compliance Risk Management System has a Governance clause. Our system constantly monitors and governs the risk management strategies and how much they adhere to compliance regulations as well
  2. Compliance Management Services like Compliance Assessment allows us to determine how well the system is adhering to the requirements. Issue Management where the problems in the system are highlighted and targeted to ensure they are corrected accordingly. Our System also provides many intermediate services like providing alerts and reminders and reporting the risk associated with the services provided
  3. Follow-up services are also provided by the system where evidence of compliance rules is uploaded seamlessly to ensure clear cut continuity in the schedule. Rule management is also another important feature where the compliance rules are constantly monitored to ensure they comply with the requirements of the organization.

Topics: fixnix

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

see all

Recent Posts