Team 5 · Risk & Compliance

Risk & Compliance Pack

"The Regulation Avalanche"

🏦About Aurora Nexus Global

Aurora Nexus Global operates in one of Asia's most tightly regulated financial environments, subject to the central bank, securities regulators, and international standards. The Risk & Compliance division ensures the Group meets all obligations, but the volume and pace of regulatory change has outpaced the team's capacity to respond. Under Project Nexus 2027, the division must modernise how it tracks, implements, and evidences compliance.

⚠️Business Pain Point

Last year, the financial regulator issued 47 regulatory updates, circulars, and revised guidelines, a 35% increase from the prior year. ANG's compliance team of 12 professionals must review each one, assess the impact, update internal policies, communicate changes to affected business units, and collect evidence of compliance.

Every step of this process is manual. Regulatory updates arrive as PDF circulars. Impact assessments are written in Word and emailed around. Policy updates go through a SharePoint process with no version control enforcement. Audit evidence is collected by chasing emails and spreadsheets across departments.

The consequence: policies are updated months after regulations take effect. Staff in branches and business units operate on outdated guidance. During the last supervisory examination, Aurora Nexus Global received three repeat findings: issues raised in the previous audit, supposedly addressed, but not sustained in practice.

📊Policy Version & Exception Tracker: Q1 2025

Policy Area	Current Version	Version in Use	Reg Reference	Effective Date	Policy Updated?	Exception Raised	Logged Centrally?
AML/CFT	v6.2	v5.8	GP 6.23	01-Jan-25	Partial	Yes	No
Climate Risk	v1.0	Not issued	GL 001-2	01-Mar-25	No	No	No
Data Privacy	v4.3	v4.3	PDPA 2024	15-Dec-24	Yes	No	Yes
Credit Risk	v8.1	v7.9	GL 003	01-Feb-25	Partial	Yes	Partial
Operational Risk	v5.4	v5.4	GL 019	01-Nov-24	Yes	No	Yes
Outsourcing	v3.2	v2.9	GL 013	15-Jan-25	No	Yes	No
Cyber Risk	v7.0	v6.6	GP 6.37	01-Feb-25	Partial	Yes	No
Conduct & Market	v2.1	v2.1	GL 002	01-Jan-25	Yes	No	Yes
Liquidity	v9.3	v9.1	GL 007	01-Mar-25	No	Yes	No
Islamic Finance	v4.8	v4.5	SAC 2024	01-Dec-24	Partial	Yes	Partial
Fraud Risk	v3.6	v3.6	GP 6.41	15-Feb-25	Yes	No	Yes
Whistleblowing	v2.0	v1.8	CA 2016	01-Jan-25	No	Yes	No

📧Email Thread

From: Chief Compliance Officer, Aurora Nexus Global
To: Risk & Compliance Team
Subject: Supervisory Examination: Repeat Findings

I need to be direct. We received the preliminary findings from last month's examination. Three of the five findings are repeats from the previous review cycle. The examiner noted that corrective actions documented previously do not appear to have been fully implemented or sustained.

This is not about blame. But we need to understand why policies updated on paper are not being followed in practice, and why we could not produce evidence of compliance when asked. I want a full review of every policy area with a version mismatch or an unlogged exception. We present to the Board Risk Committee in three weeks.

💬Chat Extract: Compliance Team Channel

Azlan 10:02

The Outsourcing policy still isn't updated. Effective date was January. We're in May.

Hui Ling 10:05

I raised it in February. It went to Legal review and nothing came back.

Azlan 10:08

Branch teams are still using v2.9. I checked last week.

Marcus 10:11

Four outsourcing exceptions were approved over email and none are in the central log.

Hui Ling 10:14

How are we supposed to demonstrate compliance in an audit when the evidence is scattered across seven people's inboxes?

🎯Your Tasks

Based on the policy tracker and conversations, identify which compliance gaps represent the highest regulatory and reputational risk to Aurora Nexus Global, and explain why some gaps are more dangerous than others.

Design an ideal compliance operating model where ANG can demonstrate, at any time, that its policies are current, exceptions are tracked, and evidence is audit-ready.

Recommend what Aurora Nexus Global must prioritise in the next 90 days to address the repeat examination findings, focusing on closing the gap between policy on paper and compliance in practice.

📝Your Working File

Your working folder contains 2 files for your team:

📊 BLANK – Promptathon Team Pack: your main working file. Use this to document your prompts, Copilot outputs, and key insights throughout the challenge. You will present from this at the end.
⚖️ Peer Judging Sheet: used during the presentation segment. You will score the other teams while they present their work.

🔗 Open Your Working Folder

Opens in OneDrive. Use Incognito / InPrivate mode.

🕵️

Important: Open the working file in an Incognito (Chrome) or InPrivate (Edge) window. This ensures you are working from the correct shared folder and your work is saved properly.

⚡🔒⚡

Power Ups: Locked

Power Ups are your next step — take what you built today and think about how to bring it back to your real work at Alliance Bank.
Complete your challenge tasks first, then unlock them here.

⚡ Power Up: Adopt It

You have used Copilot to solve a scenario. Now bring it back to your real work at Alliance Bank.

1 Pick Your Use Case · 5 min

In Tasks 1 and 2, you found that repeat examination findings, not new regulatory requirements, are the biggest driver of compliance risk. You then designed an operating model built around proactive monitoring and structured remediation tracking. Alliance Bank's Risk and Compliance teams know the same findings are coming back because execution and tracking are inconsistent.

Use cases from risk and compliance teams at banks like yours. React to these: swap, add, or keep.

Analyse a set of examination findings and group them by root cause, repeat frequency, and regulatory body, then rank by combined risk exposure
Draft a management response to a regulatory examination finding using the finding text and evidence summary as direct input
Review a compliance monitoring schedule and identify coverage gaps where no control testing is planned for the next quarter
Summarise a new BNM or SC regulatory circular and extract the top five action items with suggested owners and realistic deadlines
Write a 90-day remediation tracker for repeat findings, with owners, due dates, escalation triggers, and measurable success criteria

As a team, pick your top 3, then paste this into Copilot:

"We work in risk and compliance at a bank. Here are 3 Copilot use cases we identified: [list them]. Score each on: time saved per week, how often we'd use it, and ease of implementation. Rank them and explain your top pick."

2 Build the Prompt · 5 min

Your winning use case needs a great prompt. Paste this into Copilot:

"For this use case: [describe your winning use case]. What data or input would we need? Write the best Copilot prompt to make this work. Then show a sample output."

Test it. Refine it. Make it yours.

3 Pitch It · 5 min

Draft your adoption pitch:

"Draft a short adoption pitch for our compliance manager: what the use case is, what problem it solves, what data or content we'd give Copilot, and what the first step is to roll it out to the team."

This is not your team pack.

Team Pack Locked