Systematic Risk Management and Development in the Banking Sector


Oma Säästöpankki Plc is Finland’s largest independent savings bank, aiming for excellent, personalized service in local branches and online. The bank focuses on retail banking, with key customer groups including individual customers, small and medium-sized enterprises, as well as agricultural and forestry operators.

Oma Säästöpankki has 45 branches across different parts of Finland, over 200,000 individual and business customers, and a staff of approximately 450. The rapidly developing business requires a determined approach, making efficient and precise risk management essential to ensure continued development.


“Systematic risk management requires appropriate tools.”

Kimmo Tapionsalo, Chief Risk Officer, OmaSp


As a financial industry player, OmaSp’s operations are defined by both EU and Finnish regulatory obligations. Compliance with risk management requirements is a vital aspect of the banking sector’s business operations and principles of internal control. OmaSp’s risk management adheres to a risk management policy approved by the board, whose mission is to ensure that the company’s significant risks are identified, assessed, measured, and that risks are monitored and managed as part of daily business management. Regular risk assessments, actions based on them, an analysis of the operating environment, and systematic risk monitoring promote systematic and proactive risk management, enabling safe business development.

OmaSp’s risk management framework is based on the three lines of defense principle, with the first line being business operations, the second being risk management and compliance, and the third being internal audit. The role of the risk management function is to identify the risks related to business, maintain, develop, and prepare risk management principles, which are reported to the bank’s board and senior management.


“Granite brought a unified structure to risk management.”

Riikka Yli-Kauppila, Risk Manager, OmaSp


Risk management is a significant support for decision-making and leadership in the banking sector. Effective and goal-oriented risk management gathers crucial information about the risk situation and risk levels of operations. Therefore, risk data must be collected quickly and in a standardised format.

With Granite, OmaSp’s risk management practices have reached a new level. While risk data was collected earlier within the company’s intranet, and analysis relied on standard spreadsheet-based assessment templates, the rapid growth and development of the business required more extensive data analysis. Although the traditional operating model largely aligns with best practices in risk management, maintaining a comprehensive risk management package is more labor-intensive and time-consuming without the right tools. A unified risk management system brings structure to risk management, which everyone can follow. At the same time, it streamlines risk management work by standardising risk assessment and reporting methods. This way, data can be put to good use.


“With Granite, the entire organisation’s risk management follows the same principles.”
Kimmo Tapionsalo, Chief Risk Officer, OmaSp


The introduction of Granite’s risk management tools has brought changes to OmaSp’s risk management. Previously, manual steps that slowed down risk management have been automated. Guided risk assessment produces standardised and comparable information about the state of risk management. The quality of risk management functions has become more consistent than before. Risk assessment, management, and control have been brought into regular frameworks.


“With Granite, you communicate the risk situation consistently.”
Peter Lindblad, Risk Management Manager, OmaSp

Financial companies require efficient and systematic risk management. OmaSp’s risk management needs have evolved with the ambitious growth of the business, which requires increasing adaptability and customisation of risk management tools and systems. Effective communication of the risk management situation throughout the organisation and agile data collection and analysis are essential. Automatic functions support development and the advancement of measures, but the challenges and bottlenecks of systematic risk management development are not resolved solely by software solutions. Visibility of risk management in the operational core, data, and analysis helps understand the importance of risk management work, but the breakthrough of risk management culture requires the right mindset and everyday work. In OmaSp, Granite’s risk management solutions are part of this important goal.


OmaSp – Agile Risk Management with Granite

Risk management is an important support function for decision-making, which examines business comprehensively. Often, the essence of risk management is lost in securing basic operations, but systematic development of risk management allows for the development of risk management expertise and a more comprehensive understanding of its overall impact. Risk management belongs equally to the business management and the front line of operational activities. Granite’s risk management tools provide a guiding structure for this.

Read more on how we have helped other customers from the Finance sector and see if we’re a right fit for you as well!