A new breach reporting regime expanded the scope and introduced more stringent timeframes for the reporting of compliance events, significantly increasing the volume of potentially reportable events and placing additional pressure on existing corporate systems, processes and resources. Our client—a major Australian bank—looked to Ashurst’s unique capabilities across legal, consulting and delivery to help address these challenges.
Ashurst designed, built and delivered a managed service to assess and triage events in line with regulatory requirements. This included:
- designing a 24/7 triage capability that was fully integrated within the client's end-to-end breach reporting process and existing governance, risk and compliance (GRC) systems
- developing extensive guidance based on the relevant laws and regulations, reflecting the client's risk tolerances
- building a bespoke digital platform that included an automated questionnaire to drive the quick, efficient and consistent triaging of events
- a governance framework consisting of escalation routes and approvals for highly complex or sensitive events
- working to strict service level agreements to ensure compliance with the timeframes of the new regime
- reporting based on the client's specific requirements accessible via a live and dynamic dashboard.
Our solution enabled the client to respond quickly and effectively to a significant change in the regulatory landscape. By working in close collaboration from the outset, we understood the client’s requirements, risk appetite and the impact on their business operations. We were also able to:
- deliver insights into the nature of the events, enabling the client to identify potentially systemic issues or broader compliance concerns
- identify broader process improvement opportunities in the client’s end-to-end breach reporting process and GRC systems
provide valuable knowledge, learnings and artifacts for the development of the client’s future GRC compliance platform.