Was told by Kiker direct that BCMs moving to business and control will have centralized oversight and closer engagement with second line. Makes sense and just like other efficiencies, this is going to have staff reduction to weed out all the unnecessary layers with control.
13 replies (most recent on top)
@OP bumping to get this to the top. what does "centralized oversight mean?"
@103 audit is worse than business control
@OP not sure what this means.. BCMs = control? How can a BCM move to the business ? An investment banking MD is going to have BCM’s reporting to them vs reporting up to kiker ?
Any Risk job is simply an actor in a farce. Go do something with your career. Audit can handle it.
@k0 it’s cr-ppy job because there is no real value to that role. What they think they are doing shouldn’t be done by independent and incapable people in control. The problem is their entitlement in that role and they all su-k
I’ve seen this from both sides and agree that real issue is the business can’t get it together and there’s zero pressure from its leaders to actually get them to accept responsibility. BCM is consistently set up to fail both by the do nothings in corporate risk and the business leaders. Either way it’s a cr-ppy job
This is good news for example technology controls should be in technology not in a centralized function where the career pathing is absent of technology. Question is what will happen to our leadership as a result?
@ds how can bcm be blamed? I think you are right and that’s why bcm should be on in the business. So you can place accountability in the right place. Today’s bcm is a useless in between.
First, apologies as I don't completely under what the @OP means "BCMs moving to business and control". I'm a BCM and the title is literally Business Control Manager so I don't understand what you mean about moving into that role? Secondly, outside of that, I worry that (with elimination of EBCE) T&V is going to become a full on dictatorship worse than it already is. Self-ID issues are going to drop. My experience with T&V is that they are not flexible, often unreasonable and if they don't understand something it becomes a failure. My experience with Audit is that they are flexible, understanding and try to be reasonable. This could be anecdotal of course. Similar to @df I feel like my role is really only to do tons of paper pushing, meet deadlines to look good on metrics and provide endless status updates. My role does not truly feel like I'm solving business problems which may also just be an Issue program problem. Issue management is too "control" focused in design and never really dives into the process to see if maybe we don't need another control but rather we need to redo the process to mitigate risk. Ironically, now we are being pushed to "optimize" controls by reducing our population. Lastly, my experience as a BCM has felt like a glorified secretary and punching bag the last couple of years where if anything goes wrong the BCM has to explain everything to leadership even though the BCM is not the one performing the day to day tasks! I'm seeing a little bit of a shift in leadership forcing their directs to do more explaining and accountability, I hope that is a culture shift across 'cause the BCM should not be blamed when the business can't do their job. On the contrary, sometimes the business can't do their job because 50% of their time is spent showing people how they do their job or working extra because the technology su-ks!!! (i.e., endless testing instead of actually doing their job, never-ending fire drills for compliance, archaic systems with green screens that are bandaided to death, short staffing because of location strategy and constant reorgs, etc...)
This is happening. FLIV (Front Line Issue Verification) got rolled into EBCE (Evidence Based Control Evaluation) March 2025. In Jan 2026, all EBCE rolls into IT&V (Internal Testing and Validation). It has already been announced. Basically, removing 1st line testing and rolling into 2nd line...with lots of EBCE layoffs expected, guessing several hundred.
Good, in that it removes a lot of duplicate work.
Bad, in that is expects BCM's within the business to be responsible for managing and addressing risk. From what I have experienced, BCMs are focused on pleasing leadership timelines, sacrificing time needed to fully address gaps. And they aren't really trained in risk as much as needed.
We will see more issues in the future, failed audits, and ultimately more regulatory action down the road.
This sounds like 2nd line not doing food job so let’s hire a bunch of muppets in the middle.
Business control is such a bad model that promotes issue lack of accountability. This would be the smartest move wf has made in a long time. You don’t need 4 lines of defense and regulators have already challenged the model
Will just morph into the control person being leaned to not report all incidents. The whole point of centralized control was distancing them from the people and teams committing/causing the incidents.