What is Financial Services FMEA
How is Financial Services FMEA Conducted
How to identify Financial Services Processes for Financial Services FMEA
How to Develop a Financial Services FMEA and FMEA Program
Financial Services Suggested FMEA Tables
Financial Services FMEA Breakdown
What is Financial Services FMEA
Financial Failure Mode and Effects Analysis (FMEA) is a structured approach to discovering potential failures that may exist within the design of a financial
instrument or the process/service that delivers it. Failure modes are the ways in which a product, process or service can fail. Effects are the ways that these
failures can lead to waste, defects or harmful outcomes for the customer or operators. Failure Mode and Effects Analysis is designed to identify, prioritize and
limit and eliminate these failure modes. FMEA is not a substitute for good product and service design rather, it enhances good design of product, process and
service by applying the knowledge and experience of a Cross Functional Team in the financial institution to review the design progress of a product, process
or service by assessing its risk of failure. There are two broad categories of FMEA in the financial services sector, Financial Design FMEA (FDFMEA) and
Financial Process and Service FMEA (FPSFMEA).
How is Financial Services FMEA Conducted
Financial FMEA is conducted by analyzing the requirements and deliverables of a product, process or service and seeking the level of consequence or severity
if the requirements are not met, what is the likelihood or occurrence of the requirement not being met based on whether this is known or unknown and discovering
or displaying how risk can be mitigated, reduced and or eliminated.
Financial Design FMEA
Financial Design FMEA (FDFMEA) explores the possibility of product failures, reduced returns and missed timing, promised product ethics requirements
not fully met (avoiding investments in certain sectors or product imposed constraints, and safety and regulatory concerns derived from:
- Product Properties
- Financial regulatory authorities
- Global jurisdictional differences
- Product marketing requirements
- Interfaces with other products, process and/or systems
- Product Noise: environments, user profile, methods of interactions, economic degradation, systems interactions
- Previous Product Type Campaigns
Financial Process or Service FMEA
Financial Process and Service FMEA (FPSFMEA) focusses on the delivery of the product and interacts robustly with the Design of the financial product/instrument.
The analysis is on how it is administered for the customer and whether that administration allows design requirements to fail and escape. It discovers failure
that impacts the product quality and returns, reduced reliability of the process, customer dissatisfaction from reduced returns or failed product, and safety or
environmental hazards derived from:
- Human Factors
- Methods followed while processing
- Materials used
- Machines utilized
- Measurement systems impact on acceptance
- Environment and Market Factors on process performance
How to identify Financial Services Processes for Financial Services FMEA
Not all processes need to have FMEA applied to them. Some processes simply do not have the high level risk profile to require them to conduct FMEA as an
independent product, process or service.
Financial FMEA is conducted by analyzing a product, process or service against all regulatory, customer and organisational requirements to ascertain the
level of risk in the product or service is at a level that requires further risk analysis. This is achieved by asking the product, process or service key
questions that may leave the customer or the organisation at risk. These would generally include the product, process or services:
- Number of interactions with other processes or bodies
- The complexity of the product, process or service
- Interactions with regulatory requirements
- Past performance of similar products, processes or services
- Whether the process, product or service is new
- The current levels of controls and automation available for the product process or service
Where the level of risk is high or there are regulatory requirements in the product or financial instrument then an FMEA should be required.
When reviewing the current set of products, process and services as against new products it is important to determine where FMEA is required and where to focus
efforts the organisation needs to efficiently use the time available for risk analysis.
In order to identify which products, processes and services require FMEA analysis the organisation should:
- Identify Risk Factors
- Identify all regulatory requirements
- Identify all current financial industry requirements
- Identify all financial institution strategies and objectives
- Identify all chosen standards of the organisation
- Identify all customer requirements
- Weight all the risk factors in terms of severity
- Identify Organisational Products, Services and Processes
- Identify Business Areas
- Identify Key Deliverables in Business Areas
- Identify Process Value Chain of Key Deliverables (Process Steps)
- Identify Frequency of Processes
- Identify the owner of the Product, Service or Process
- Identify Process Interactions
- Identify Process Hierarchy
- Process SIPOC for each process
- Direct, Indirect, Support
- Identify the relationship between risk factors and products, services and processes
- High – Process or process steps not conducted correctly will release the risk factor
- Medium - Process or process steps not conducted correctly may release the risk factor or input interacting process that fail will release the risk factor
- Low - input interacting process that fail may release the risk factor or there is some suggested correlation between the product, service or process and the associated risk factor
From the output of the report following this structure it is possible to identify high level risk processes and those exposed to regulatory requirements that will
allow the FMEA to be conducted to ensure the appropriate controls are in place to mitigate, reduce and eliminate the risk in product, service or process delivery.
For further assistance in how to identify Financial Services Processes for Financial Services FMEA please contact Quality One
How to Develop a Financial Services FMEA and FMEA Program
FMEA is performed in seven steps, with key activities at each step. The steps are separated to assure that only the appropriate team members for each step are
required to be present. The FMEA approach used by Quality One has been developed to avoid typical pitfalls which make the analysis slow and ineffective. The
Quality One Three Path Model allows for prioritization of activity/action and efficient use of team time.
There are Seven Steps to Developing a Financial FMEA:
1. FMEA Pre-Work and Assemble the FMEA Team
2. Path 1 Development (Requirements through Severity Ranking) and action
3. Path 2 Development (Potential Causes and Prevention Controls through Occurrence Ranking) and action
4. Path 3 Development (Testing and Detection Controls through Detection Ranking) and action
5. Action Priority & Assignment at Point 2,3 and 4
6. Actions Taken / Design Review at Point 2,3 and 4
7. Re-ranking Severity, Occurrence and Detection & Closure
With best results coming from FSDFMEA and FSPFMEA being conducted concurrently with new products and robustly when analysing existing product, service and process
hierarchy.
For further assistance in how to Develop a Financial Services FMEA and FMEA Program please
contact Quality One
Financial Services Suggested FMEA Tables
The suggested tables used in Financial Services Failure Modes Effects Analysis include:
Product Design
Severity
The level of consequence of failure of the product on the customer and the organisation related to:
- Critical
- Significant
- Product requirements being delivered
- On time
- The financial level required
- The business agreement stated
- Annoying
- Product outcomes being delivered with some inconvenience to customer and organisation
Occurrence
The level of likelihood of a failure in relation to:
- A new product/instrument
- A similar product/instrument created in a new jurisdiction
- A similar product/instrument in an existing jurisdiction
- An existing product/instrument in a new jurisdiction
- An existing product/instrument used for differing purpose
- An almost identical/instrument product in a new jurisdiction
- An almost identical product/instrument in an existing jurisdiction
Detection
The level of effectiveness of the evidence/control to mitigate the level of risk (severity x occurrence) in relation to:
- Late Product Design Testing
- Manual Analysis
- Live Run Through Testing
- Simulation
- Electronic Simulation with scenarios
- Early Product Design Testing
- Manual Analysis
- Live Run Through Testing
- Simulation
- Electronic Simulation with scenarios
Process
Severity
The level of consequence of failure of the process or service based on:
- The effect on the product through the customer, the organisation and regulatory requirements and on downstream steps to complete the process or service
- Critical
- Significant
- Process, Service requirements being delivered
- On time
- The financial level required
- The business agreement stated
- The process KPI required
- Annoying
- Process Service outcomes being delivered with some inconvenience to customer and organisation
Occurrence
The level of likelihood of a failure in the process or service in relation to:
- Detective Controls
- Historical Process Data or lack of it
- Preventative Controls
Detection
The level of effectiveness of the process control to mitigate the level of risk (severity x occurrence) in the process or service in relation to:
- Visual controls
- Manual controls
- Gage or tools controls
- Automated controls
- Process Error Proofs/Poke Yoke
To discuss the suggested tables further please
contact Quality One
Financial Services FMEA Breakdown
New Product
- Number of interactions with other processes or bodies
- The complexity of the product, process or service
- Interactions with regulatory requirements
- Past performance of similar products, processes or services
- The current levels of controls and automation available for the product process or service
As Is Process Risk Analysis
- Identify Risk Factors
- Identify Organisational Products, Services and Processes
- Identify Process Interactions
- Identify the relationship between risk factors and products, services and processes
- High Risk Processes for FMEA Analysis
FMEA Pre work
Pre-work involves the collection and creation of key documents. FMEA works smoothly through the development phases when an investigation of past failures and
preparatory documents is performed from its onset.
Preparatory documents may include:
- Product, Process or Service interaction
- Past relevant Root Cause Analysis
- Past similar product failures (FSDFMEA)
- Process Flow Diagram (FSPFMEA)
- Product, Process or Service Characteristics Matrix
Path 1 Development (Failure Modes - Criticality)
Path 1 consists of inserting the functions, failure modes, effects of failure and Severity rankings. The pre-work documents assist in this task by taking information
previously captured to populate the first few columns (depending on the worksheet selected) of the FSFMEA. FSDFMEA robustly flows into FSPFMEA)
Path 2 Development (Causes & Occurrences - Significance)
Path 2 Development – Potential Causes and Prevention Controls through Occurrence Ranking. Concurrent FSDFMEA and FSPFMEA is beneficial. Causes are selected from the
design / process inputs or past failures and placed in the Cause column when applicable to a specific failure mode with an occurrence ranking.
Path 3 Development (Testing & DV Development - Annoyance)
Path 3 Development involves the addition of Detection Controls that verify that the design meets requirements (for FS Design FMEA) or cause and/or failure mode,
if undetected, may reach a customer (for FS Process FMEA).
Action Priority & Assignment
RPN is calculated by multiplying the Severity, Occurrence and Detection Rankings for each potential failure / effect, cause and control combination.
Actions should not be determined based on an RPN threshold value. This is done commonly and is a practice that can lead to poor team behaviour, actions and
decisions. The columns completed are:
- Review Recommended Actions and update status (this is done at the end of each session and pathway)
- Assign Actions to appropriate personnel
- Assign action due dates
Actions Taken / Design Review
FSFMEA Actions are closed when counter measures have been taken and are successful at reducing risk, generally by occurrence reduction. The purpose of an FSFMEA
is to discover and mitigate risk. FSFMEAs which do not find risk are considered to be weak and non-value added. Effort of the team did not produce improvement and
therefore time was wasted in the analysis. This is mitigated by the use of the Process Risk Matrix.
Re-ranking Severity, Occurrence, Detection & Closure
After successful confirmation of Risk Mitigation Actions, the Core Team or Team Leader will re-rank the appropriate ranking value (Severity, Occurrence or
Detection). The new rankings will be multiplied to attain the new RPN. The original RPN is compared to the revised RPN and the relative improvement to
the design or process has been confirmed although is not essential for analysis. Key to the recalculation is the reduction in occurrence and potentially
the reduction in detection through earlier or more rigorous and robust control methods. Columns completed in this step are:
- Re-ranked Severity
- Re-ranked Occurrence
- Re-ranked Detection