Remediation Happens: How To Identify, Mitigate and Resolve Related Risks

Remediation occurs for a host of reasons. You may identify remediation risk from internal activities (e.g., an audit, a control break) or external activities (e.g., a complaint, a regulatory exam, a lawsuit). Sometimes a remediation event is in the news, sometimes it is not. Sometimes it happens to your company, and sometimes to a competitor. And sometimes, it is triggered by events outside your span of control – including changes in federal or state governments.  For instance, regulatory priorities in the US have been changing at a rapid pace under the new Trump administration and may have an impact on your risk-based assessments and focus areas.

Companies have a greater remediation risk when policies and procedures, processes and controls, technology and data, or organizational design and talent are insufficient to prevent and detect breakdowns that negatively impact customers or other stakeholders. Examples include inaccurate fees, insufficient earnings or refunds, improper disclosures, service failures, deceptive sales practices, or other fraudulent activities.

As you consider remediation risks, you may wonder…

• Could this happen to my organization? 
• What can be done to prevent it?
• How can it be detect it earlier?
• If it happens to us, what should we do?

There are several measures companies can implement to reduce the risk of experiencing an event that requires remediation:

1. Develop a robust risk assessment process – one that is broadly implemented, expert-guided, and regularly reviewed. Take actions when items are discovered that surpass your risk tolerance, or do not meet industry practice or regulatory requirements. Execute a risk-based approach at specific frequencies or following triggering events (e.g., a new system implementation, a joint venture, an uptick in complaints).
    
2. Have strong controls in place to mitigate risks (e.g., operational integrity, anti-fraud, complaint monitoring). Create clear documentation around roles, automate where prudent, and rigorously monitor and test effectiveness.
    
3. Be prepared: Have a team and a playbook at the ready for both internal and external triggers, as a potential remediation can quickly become a crisis. Test, practice, and refresh playbooks annually or immediately following any triggering event.
    
4. Use your data: Smart use of data can be used to identify emerging risks and monitor the existing environment.

Unfortunately, even the best-prepared companies may experience a failure with a key control or a remediation-triggering event. If that happens, here are some practical tips:

1. Investigate: Identify the root causes. Discover and understand the nature, extent, and impact of any breakdown to help set the scope and approach. 
    
2. Be proactive: Do not wait for an external party (e.g., regulator, litigator, customer) to tell you what happened and what to do. Own it, and quickly and proactively begin remediation activity. 
    
3. Employ solid design principles: Leverage proven remediation design principles as guideposts. Examine what other companies have done in similar situations, understand the role of your organizational culture, and identify any relevant regulatory requirements (did you know in Australia there is a regulation for Remediation directing companies to self-remediate, RG 277 Consumer remediation?). 
    
4. Communicate: Understand your stakeholders' different communication needs. Provide the appropriate level of transparency to satisfy stakeholder demands and build trust. This includes documenting assumptions, decisions, actions, calculations, and outcomes.
    
5. Manage and Retain Records: Have a well-defined records management strategy for the collection, management, storage, and disposition of records that is inclusive of both unstructured and structured data.
    
6. Master your data: The answer may be in the data. Take ownership of the data. Gather, confirm, query, and leverage it to remunerate.
    
7. Automate: Use technology fit for purpose (e.g., digitized controls, data mining, AI, case management, and reporting) to streamline processes, and to improve the quality and speed of outcomes.
    
8. Empathize: Make the process as easy as possible for impacted parties and have empathy,
   both for those who have been impacted as well as those working hard to make things right.
    
9. Monitor: Monitor effectiveness and quality of actions and adapt as needed. 
    
10. Follow through: It is possible your reputation and brand have been damaged. Following through on your commitments in a timely manner will help restore confidence.

We Are Here To Help

Ankura offers a tailored remediation solution for both proactive reviews and end-to-end remediation responses. We utilize leading remediation practices, dedicated industry advisors, proprietary technology, and tools at critical inflection points to transform your control environment and reduce the risk of future similar occurrences. We have world-class credentials in independent investigations and assessments, remuneration, economic modeling, future risk mitigation, and operating model transformation. We have successfully led the world’s largest and most complex public remediations as well as those that never make the news. We are comfortable and effective in a leadership position or behind the scenes as we deploy our solutions.

Sign up to receive all the latest insights from Ankura. Subscribe now

^{© Copyright 2025. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.}