Case Studies
Understanding, experience and technology for success

 

Global Bank Brings Compliance Risks under Control

One of the world’s largest financial services companies

Customer
Headquartered in Europe, the customer is one of the world’s largest financial services companies with extensive operations worldwide.

Overview
As a leading bank with a long and steady tradition of over a century to guard, compliance to every applicable regulation, risk management and safeguarding the interests of its shareholders, customers and employees are some of the primary focus points of the Bank.

In today’s stringent regulatory business environment with new standards and mandates coming to effect at a never-before pace, the need to keep up with regulatory changes and ensure ongoing compliance with them has emerged as the Bank’s crucial priority.

Challenge

With its rapid expansion of operations over the years, coupled with the growing number of regulatory requirements in financial services, the Bank was finding it challenging to maintain its tradition of impeccable performance.

The spread of the enterprise over multiple geographical locations had added a new dimension to the complexity of the Bank’s compliance fabric. Extremely stringent regulatory environments in specific geographical regions made it mandatory to know and understand the risks involved, take necessary steps for control and mitigation.

Absence of timely, reliable and structured information about latest applicable regulations at global as well as country level and the confusion over the intricacies of regulations relevant to various geographical regions had resulted in unwieldiness of the compliance management processes and associated risks to the enterprise.

Slipping action plans for high risk issues, functional disparity among the various compliance teams in different countries, lack of central, integrated risk view at regional and corporate levels, compliance with applicable regulations such as Gramm-Leach-Bliley Act (GLBA), Know Your Customer (KYC), Anti-money Laundering (AML), Basel II, to name a few, were some of the specific problems the situation had given rise to.

 

Why the Bank Selected MetricStream?

There are a host of reasons why the Bank selected MetricStream for this project. Some of them are summarized below:

MetricStream has the capacity to map its solution suit to the Bank’s complex existing environment, with users spread across the globe, and to model its solution to accommodate the Bank’s exact requirements.

MetricStream’s unique architecture includes content-based intelligence to provide relevant regulatory information and initiate appropriate actions.

MetricStream offers strong reporting capabilities with dashboards, risk heat maps, color-coded charts with wizards for end-users to create custom reports and dashboards easily.

MetricStream provides complete end-to-end workflow automation of the compliance process for consistent practices across business units, locations and departments.

Solution
To strengthen its compliance risk program, the Bank needed an efficient solution for conducting compliance processes, assessing risks, implementing and monitoring controls successfully across its vast multi-country operations.

After a systematic evaluation of the compliance and risk management solutions available in the market, the Bank selected MetricStream GRC Platform. The key capabilities of MetricStream’s solution that led to this decision were: complete workflow automation and MetricStream’s ability to meet the complex IT requirements of the Bank’s enormous structure.

MetricStream GRC Platform: MetricStream has delivered the Bank a complete end-to-end workflow automation system for the compliance risk management process across its business units, geographic locations and product lines, along with unique capabilities such as integration of regulatory content with the compliance workflow.

MetricStream’s web-based platform supports the Bank’s complex organizational model across all the regions and countries it operates in, business units and departments, as well as their mapping to different compliance and risk management roles and reporting relationships.

Integration of regulatory content: Based on MetricStream Infolet technology, the application captures and imports complete, relevant, and timely information on rules and regulations from a host of reliable external sources. This exhaustive compilation of regulations is mapped to the Bank’s compliance risk areas and pre-defined types under various criteria such as geographic area, state, issuing organization, subject, effective date, modification date, end date, title, text, application zone.

The users at the Bank can run advanced search on this content and use import functions to insert regulations and rules in the system.

As rules change, the system enables automated notification and alerts to the relevant organizational roles mapped to the rule based on parameters such as geographic area, state, application zone, type and area of risk.

The Bank benefits from the regulatory content library that is maintained within the application. The system also enables intelligent and content-driven features such as triggering of business processes for compliance risk assessments and policy reviews based on regulatory notifications and compliance alerts.

Centrally managed compliance requirements: The Bank’s regulations and compliance requirements are centrally managed on the platform, categorized by country, state, issuing organization, subject, effective date, title, text, application zone, category, risk, regulation type and regulatory body. The compliance risks are recorded and classified by name, category, description, thresholds, causes, management response, appetite and areas of impact. Risks are mapped to the bank’s business units and mitigants.

Customer Quote

“MetricStream’s solution has helped us streamline elaborate and intricate processes of compliance and risk management with an integrated enterprise-wide system, giving us a better grip on our compliance, risks, and lowering the overall cost of compliance,” says the spokesperson of the Bank.

 

Mitigants are defined for risks and are categorized as policies and procedures, training programs and controls along with details including frequency, preventive or detective, cover of risk score and the mapping to business units and risks.

Risk assessment and computations are based on configurable methodologies and algorithms for inherent impact and likelihood. This includes quantitative and qualitative rating of identified mitigants to have the level of cover of risk. The bank’s inherent risk factors are configured and overall inherent and residual risk scores are computed.

Additional capabilities: MetricStream’s solution includes additional unique features to improve the bank’s visibility into compliance risk management:

  • Personalized portal views are designed to give insights into specific geographical regions. They are also based on the user’s profile and organizational mapping. For instance, a regional compliance manager of the bank can access functions and reports related to own region whereas a corporate compliance executive can access additional functions and company-wide data.
  • Compliance risk dashboards highlight areas that need attention using risk heat maps and color-coded charts to present simplified visualization of complex compliance and risk data sorted by country, risk type, among others.
  • Action plans are triggered from the risk assessment process, based on the outcome. Automatic notifications are sent to appropriate personnel for investigation task assignment and remedial action.
  • Compliance risk reports are based on built-in reporting engine. Along with standard reports, a user-friendly Reports Wizard enables ad hoc reporting for end-users. Progress status of compliance/business action plans, changes in risk rating over a specific period of time and the reasons for the changes can be tracked using these reports.
  • Alerts and notifications are generated using emails and task assignments. Flexible rules for escalation and color-coding are configured for risk scores, due dates, time limits.
Benefits

Assured compliance: Integrated regulatory content allows the Bank to access a complete compilation of regulatory information presented in a systematic way. The bank’s users can now view, analyze and act on it through critical business functions such as control evaluations, policy updates and training requests.

The Bank has, thus, achieved a simplified, structured and effective way to comply with a vast number of national and international regulations, providing a high degree of assurance across its global operations.

Effective risk control: Streamlined risk and control management enabled the process owners to take direct responsibility for managing controls while corporate compliance teams focused on key compliance risks and oversight.

Cost reduction: Automated information flows, risk assessments, control testing, and remediation assignments eliminated inefficiencies, duplicity and redundancy and hence reduced overall compliance costs.

Visibility and action: Real-time compliance dashboards and risk heat maps provide enterprise-wide visibility into the compliance management program and highlight areas that need attention.

Uniformity across the enterprise: The organization-wide platform enables consistent compliance risk and control processes across the enterprise, thus eliminating any deviations and errors.