Operational Risk Management
Strengthening control environments through expert-led operational risk solutions
At Lysis Group, we support clients in designing, embedding and managing robust operational risk frameworks to meet regulatory expectations and safeguard their business. Our services cover the full spectrum of operational risk—across people, processes, systems and external events—tailored to the specific needs of financial institutions, fintechs and regulated firms.
We bring practical expertise in assessing operational vulnerabilities, enhancing controls, and improving risk governance in day-to-day operations.
Our Services Include:
• Operational Risk Framework Design
Development and implementation of risk and control frameworks aligned to industry best practice and regulatory requirements (e.g., PRA, FCA, CBoI).
• Risk Control Self Assessments (RCSAs)
Delivery of RCSAs and support in identifying, assessing and documenting key risks and controls across business lines.
• Incident Management & Reporting
Creation of incident management procedures, escalation protocols and MI dashboards to ensure transparency and accountability.
• Key Risk Indicators (KRIs) & Control Testing
Design and monitoring of KRIs, with regular testing of key controls to track performance and detect early signs of failure.
• Third-Party & Outsourcing Risk Reviews
Support with assessing risks related to third-party vendors, outsourcing arrangements and critical service providers.
• Training & Culture Uplift
Development and delivery of operational risk awareness training and cultural change programmes.
Delivery Models
Our teams work flexibly with clients to deliver:
• Interim or permanent operational risk resources
• Project-based operational risk reviews or remediation
• Integrated support alongside our managed services teams
We operate from the UK, Ireland and South Africa, enabling a blend of onshore and nearshore expertise with global reach.
Benefits
• Independent and expert-led assessments
• Improved regulatory alignment and audit readiness
• Stronger first and second line control environments
• Better MI and oversight of emerging risk issues
• Enhanced resilience across the client lifecycle and operations
Why Lysis?
We understand that operational risk is not just about controls—it’s about confidence in execution. Our professionals combine risk management expertise with deep operational knowledge, ensuring that our clients’ risk frameworks are not only compliant, but practical, scalable and sustainable.
Whether you’re building out an operational risk function, remediating issues, or strengthening governance—Lysis Group can help.
Operational Risk Management
Strengthening control environments through expert-led operational risk solutions
At Lysis Group, we support clients in designing, embedding and managing robust operational risk frameworks to meet regulatory expectations and safeguard their business. Our services cover the full spectrum of operational risk—across people, processes, systems and external events—tailored to the specific needs of financial institutions, fintechs and regulated firms.
We bring practical expertise in assessing operational vulnerabilities, enhancing controls, and improving risk governance in day-to-day operations.
Our Services Include:
• Operational Risk Framework Design
Development and implementation of risk and control frameworks aligned to industry best practice and regulatory requirements (e.g., PRA, FCA, CBoI).
• Risk Control Self Assessments (RCSAs)
Delivery of RCSAs and support in identifying, assessing and documenting key risks and controls across business lines.
• Incident Management & Reporting
Creation of incident management procedures, escalation protocols and MI dashboards to ensure transparency and accountability.
• Key Risk Indicators (KRIs) & Control Testing
Design and monitoring of KRIs, with regular testing of key controls to track performance and detect early signs of failure.
• Third-Party & Outsourcing Risk Reviews
Support with assessing risks related to third-party vendors, outsourcing arrangements and critical service providers.
• Training & Culture Uplift
Development and delivery of operational risk awareness training and cultural change programmes.
Delivery Models
Our teams work flexibly with clients to deliver:
• Interim or permanent operational risk resources
• Project-based operational risk reviews or remediation
• Integrated support alongside our managed services teams
We operate from the UK, Ireland and South Africa, enabling a blend of onshore and nearshore expertise with global reach.
Benefits
• Independent and expert-led assessments
• Improved regulatory alignment and audit readiness
• Stronger first and second line control environments
• Better MI and oversight of emerging risk issues
• Enhanced resilience across the client lifecycle and operations
Why Lysis?
We understand that operational risk is not just about controls—it’s about confidence in execution. Our professionals combine risk management expertise with deep operational knowledge, ensuring that our clients’ risk frameworks are not only compliant, but practical, scalable and sustainable.
Whether you’re building out an operational risk function, remediating issues, or strengthening governance—Lysis Group can help.
Operational Risk Management
Strengthening control environments through expert-led operational risk solutions
At Lysis Group, we support clients in designing, embedding and managing robust operational risk frameworks to meet regulatory expectations and safeguard their business. Our services cover the full spectrum of operational risk—across people, processes, systems and external events—tailored to the specific needs of financial institutions, fintechs and regulated firms.
We bring practical expertise in assessing operational vulnerabilities, enhancing controls, and improving risk governance in day-to-day operations.
Our Services Include:
• Operational Risk Framework Design
Development and implementation of risk and control frameworks aligned to industry best practice and regulatory requirements (e.g., PRA, FCA, CBoI).
• Risk Control Self Assessments (RCSAs)
Delivery of RCSAs and support in identifying, assessing and documenting key risks and controls across business lines.
• Incident Management & Reporting
Creation of incident management procedures, escalation protocols and MI dashboards to ensure transparency and accountability.
• Key Risk Indicators (KRIs) & Control Testing
Design and monitoring of KRIs, with regular testing of key controls to track performance and detect early signs of failure.
• Third-Party & Outsourcing Risk Reviews
Support with assessing risks related to third-party vendors, outsourcing arrangements and critical service providers.
• Training & Culture Uplift
Development and delivery of operational risk awareness training and cultural change programmes.
Delivery Models
Our teams work flexibly with clients to deliver:
• Interim or permanent operational risk resources
• Project-based operational risk reviews or remediation
• Integrated support alongside our managed services teams
We operate from the UK, Ireland and South Africa, enabling a blend of onshore and nearshore expertise with global reach.
Benefits
• Independent and expert-led assessments
• Improved regulatory alignment and audit readiness
• Stronger first and second line control environments
• Better MI and oversight of emerging risk issues
• Enhanced resilience across the client lifecycle and operations
Why Lysis?
We understand that operational risk is not just about controls—it’s about confidence in execution. Our professionals combine risk management expertise with deep operational knowledge, ensuring that our clients’ risk frameworks are not only compliant, but practical, scalable and sustainable.
Whether you’re building out an operational risk function, remediating issues, or strengthening governance—Lysis Group can help.
The difference between the two
A health check refers to a high-level review of the design of a framework and can identify major problem areas in a framework. A maturity assessment is more advanced and provides a detailed review of a firm’s framework which includes the testing of the effectiveness of the framework itself.
Health Check
Maturity Assessment
Review of policies relating to relevant regulations
Review of policies relating to relevant regulations
High Level mapping of policy to regulatory obligations
Detailed mapping of policy to regulatory obligations
Review all procedures relating to operational controls and map these back to the policies
Review all procedures relating to operational controls and map these back to the policies
High Level review of the regulatory framework covering relevant systems, processes and ensuring that governance is in place in order to meet current regulatory requirements
High Level review of the regulatory framework covering relevant systems, processes and ensuring that governance is in place in order to meet current regulatory requirements
High level review of all procedures and documents describing controls and processes (excludes control testing)
Review of all procedures, controls and processes including detailed controls testing.
Carrying out a sample review of the operational outputs (files, reports etc.) in line with current policy and procedures
Reviewing any risk methodologies applied in relation to the specific regulations
Reviewing and testing any monitoring programme - this will include system profiling and reviewing parameters, as well as sample checking the outcome.
Reviewing the firm’s reporting (regulatory reporting, SARs, STORs etc) and monitoring controls
Reviewing and testing the internal and external data inputs to the process and on-going review and escalation processes
Brief review of systems which the firm uses to benchmark to best practice
Brief review of systems which the firm uses to benchmark to best practice
Reviewing the training programmes
Reviewing the training programmes
Reviewing the data retention/record keeping arrangement in relation to its obligations
Reviewing the data retention/record keeping arrangement in relation to its obligations
Meeting with personnel in the 1st and 2nd line of defence to understand the processes they undertake and to ascertain the level of understanding of the regulatory requirements within
Presentation of detailed findings in report format
Presentation of detailed findings in report format including an assessment against the maturity of processes amongst similar firms in the market (market benchmarking) and its suitability for the firm's business mix and risks.
Increase effectiveness,
focus on efficiency
To optimise firms’ FC controls, require an increase in effectiveness of processes along with a dedicated focus on high efficiency which will facilitate sustainable processes to demonstrate effective FC controls under scrutiny.
Firms must also view the improvement of their FC controls as a good commercial investment by focusing on the business advantages these could have for the firm.
Developing Effective Financial Crime (FC) Frameworks
The following directional indicators provide a high-level overview of the implementation and ongoing assessment of sustainable FC controls.
Risks / Actions / Benefits
Assessment of FC risk & controls effectiveness (“FCRA”)
Understand the FC risk and the effectiveness of existing controls.
Create and maintain a library of existing FC risks & controls (tested & untested)
Conduct the mandatory annual FCRA, to drive decisions on: Improvements /transformations; Resources; Management of gaps and de-risking activities; Prioritisations and budgets; MLRO report.
Cost / benefit analysis and assessment of FC controls
Provide clearer understanding of the real cost of compliance.
Continuous risk/benefit assessment to drive controls enhancement and optimisation across FC operations (KYC/KYCC, TM, Screening, escalation);
Effectiveness of FC risk and controls reporting (MI – complete,
accurate and timely);
Costs and impact analysis on:
De-risking – cost/benefit, strategy, action;
Optimisation of FC controls - Sustainability
Improve the effectiveness and efficiency of FC controls driving sustainability.
Prioritisation & decision – FC governance - supported by complete, accurate & timely MI;
Budgets – Senior executive and board approval
Supporting resources planning for 6 months/12 months/3 years to
support:
Lean FC governance and robust 3LoD structure and capabilities;
Clear and realistic objectives taking into consideration the 10
universal outcomes of Principled Performance;
Adequate resources with the necessary skills and expertise to drive
high performance.
Automation focus on optimisation across:
Assurance and Testing
Assess, measure, and provide ongoing assurance.
Development of assurance plan and control testing – assess and measure;
Reporting into a functional FC Governance structure to support decisions:
Executive decisions;
Committees & forums.
Escalation and decision on tactical/planned improvements.
