Understanding, experience and technology for success
One of the world’s largest financial services companies
Headquartered in Europe, the customer is one of the world’s largest financial services companies with extensive operations worldwide.
As a leading bank with a long and steady tradition of over a century to guard, compliance to every applicable regulation, risk management and safeguarding the interests of its shareholders, customers and employees are some of the primary focus points of the Bank.
In today’s stringent regulatory business environment with new standards and mandates coming to effect at a never-before pace, the need to keep up with regulatory changes and ensure ongoing compliance with them has emerged as the Bank’s crucial priority.
With its rapid expansion of operations over the years, coupled with the growing number of regulatory requirements in financial services, the Bank was finding it challenging to maintain its tradition of impeccable performance.
The spread of the enterprise over multiple geographical locations had added a new dimension to the complexity of the Bank’s compliance fabric. Extremely stringent regulatory environments in specific geographical regions made it mandatory to know and understand the risks involved, take necessary steps for control and mitigation.
Absence of timely, reliable and structured information about latest applicable regulations at global as well as country level and the confusion over the intricacies of regulations relevant to various geographical regions had resulted in unwieldiness of the compliance management processes and associated risks to the enterprise.
Slipping action plans for high risk issues, functional disparity among the various compliance teams in different countries, lack of central, integrated risk view at regional and corporate levels, compliance with applicable regulations such as Gramm-Leach-Bliley Act (GLBA), Know Your Customer (KYC), Anti-money Laundering (AML), Basel II, to name a few, were some of the specific problems the situation had given rise to.
Why the Bank Selected MetricStream?
There are a host of reasons why the Bank selected MetricStream for this project. Some of them are summarized below:
MetricStream has the capacity to map its solution suit to the Bank’s complex existing environment, with users spread across the globe, and to model its solution to accommodate the Bank’s exact requirements.
MetricStream’s unique architecture includes content-based intelligence to provide relevant regulatory information and initiate appropriate actions.
MetricStream offers strong reporting capabilities with dashboards, risk heat maps, color-coded charts with wizards for end-users to create custom reports and dashboards easily.
MetricStream provides complete end-to-end workflow automation of the compliance process for consistent practices across business units, locations and departments.
To strengthen its compliance risk program, the Bank needed an efficient solution for conducting compliance processes, assessing risks, implementing and monitoring controls successfully across its vast multi-country operations.
After a systematic evaluation of the compliance and risk management solutions available in the market, the Bank selected MetricStream GRC Platform. The key capabilities of MetricStream’s solution that led to this decision were: complete workflow automation and MetricStream’s ability to meet the complex IT requirements of the Bank’s enormous structure.
MetricStream GRC Platform: MetricStream has delivered the Bank a complete end-to-end workflow automation system for the compliance risk management process across its business units, geographic locations and product lines, along with unique capabilities such as integration of regulatory content with the compliance workflow.
MetricStream’s web-based platform supports the Bank’s complex organizational model across all the regions and countries it operates in, business units and departments, as well as their mapping to different compliance and risk management roles and reporting relationships.
Integration of regulatory content: Based on MetricStream Infolet technology, the application captures and imports complete, relevant, and timely information on rules and regulations from a host of reliable external sources. This exhaustive compilation of regulations is mapped to the Bank’s compliance risk areas and pre-defined types under various criteria such as geographic area, state, issuing organization, subject, effective date, modification date, end date, title, text, application zone.
The users at the Bank can run advanced search on this content and use import functions to insert regulations and rules in the system.
As rules change, the system enables automated notification and alerts to the relevant organizational roles mapped to the rule based on parameters such as geographic area, state, application zone, type and area of risk.
The Bank benefits from the regulatory content library that is maintained within the application. The system also enables intelligent and content-driven features such as triggering of business processes for compliance risk assessments and policy reviews based on regulatory notifications and compliance alerts.
Centrally managed compliance requirements: The Bank’s regulations and compliance requirements are centrally managed on the platform, categorized by country, state, issuing organization, subject, effective date, title, text, application zone, category, risk, regulation type and regulatory body. The compliance risks are recorded and classified by name, category, description, thresholds, causes, management response, appetite and areas of impact. Risks are mapped to the bank’s business units and mitigants.
Mitigants are defined for risks and are categorized as policies and procedures, training programs and controls along with details including frequency, preventive or detective, cover of risk score and the mapping to business units and risks.
Risk assessment and computations are based on configurable methodologies and algorithms for inherent impact and likelihood. This includes quantitative and qualitative rating of identified mitigants to have the level of cover of risk. The bank’s inherent risk factors are configured and overall inherent and residual risk scores are computed.
Additional capabilities: MetricStream’s solution includes additional unique features to improve the bank’s visibility into compliance risk management:
Assured compliance: Integrated regulatory content allows the Bank to access a complete compilation of regulatory information presented in a systematic way. The bank’s users can now view, analyze and act on it through critical business functions such as control evaluations, policy updates and training requests.
The Bank has, thus, achieved a simplified, structured and effective way to comply with a vast number of national and international regulations, providing a high degree of assurance across its global operations.
Effective risk control: Streamlined risk and control management enabled the process owners to take direct responsibility for managing controls while corporate compliance teams focused on key compliance risks and oversight.
Cost reduction: Automated information flows, risk assessments, control testing, and remediation assignments eliminated inefficiencies, duplicity and redundancy and hence reduced overall compliance costs.
Visibility and action: Real-time compliance dashboards and risk heat maps provide enterprise-wide visibility into the compliance management program and highlight areas that need attention.
Uniformity across the enterprise: The organization-wide platform enables consistent compliance risk and control processes across the enterprise, thus eliminating any deviations and errors.