Automating Governance, Risk and Compliance (GRC) Management
at Insurance Companies


GRC Solution for Insurance

Regulatory requirements for the insurance industry have increased significantly, and this trend is expected to continue in the coming years. Until the economic downturn, the different GRC functions within an insurance company had maintained different technology budgets and systems within their silos. Today, GRC is being discussed in the organization with the heads of audit, operational risk management, credit risk management, geo-political risk management, compliance and legal all in the same room.

US insurers face a growing compliance burden from the 50 US state regulators that monitor premium rates. Their regulations are influenced by costs and operational risks such as litigation and fraud. The take-up for GRC has been noted by insurers in the European Union (EU) facing increased requirements under the Solvency II risk-based regulation. Numerous other insurance regulatory compliance mandates such as SOX, the Model Audit Rule (MAR), Insurance Supervision Law, GLBA, and AML are being enforced by national and regional supervisory authorities -such as NAIC, CEIOPS, FSA, and BaFIN. These multiple regulations are compelling insurance companies to streamline and synergize their processes.

MetricStream GRC Solutions

The insurance industry is now looking at an integrated GRC process and architecture for addressing the changing business environment. MetricStream GRC solutions play a key role in enabling insurers to achieve these objectives through a unified and adaptable system which enables a clear and unambiguous approach to GRC processes through automated workflows and centralized information management.

With MetricStream solutions, insurers can document, track, and manage GRC initiatives at all organizational levels for business functions as well as IT processes. The solutions help in fulfilling insurance regulatory compliance requirements, and implementing effective risk management strategies with reliable control systems and internal auditing activities.

MetricStream offers the industry's most advanced and comprehensive suite of solutions designed to meet the GRC needs of insurance companies at multiple levels.

Capabilities of the Solutions

Risk Management: The insurance industry faces different types of risks such as actuarial risks, credit risks, and catastrophic risks. The Enterprise Risk Management solution from MetricStream enables insurers to identify, assess, quantify, monitor, and manage these risks in accordance with industry standards. It brings together all risk data - risk and control assessments (RCSAs), automated alerts, data feeds, risk libraries, risk analytics, key risk indicators (KRIs), loss events, risk heat maps, trend charts, and compliance dashboards - to provide increased enterprise-wide transparency into the risk management process, and highlight issues that need remedial actions.

The solution’s risk management capabilities also enable insurers to comply effectively with regulations such as Solvency II.

Compliance Management: MetricStream Compliance Management Solution provides a common framework and an integrated approach to manage all compliance requirements faced by insurance companies. The solution provides embedded best practices for meeting regulatory guidelines such as Solvency II, NAIC-MAR, GLBA, AML, and KYC. It also provides automated information flows, assessments and testing, and remediation assignments to ensure consistent compliance and control processes across the enterprise. Deviations, errors, and redundant activities are eliminated, resulting in reduced over-all compliance costs. Real-time compliance dashboards and heat maps provide enterprise-wide visibility into the compliance management process, highlighting issues that need to be addressed.

Audit Management: MetricStream Audit Management Solution helps insurance companies manage a wide range of audit-related activities, data, and processes. The solution supports all types of audits including internal audits, operational audits, IT auditssupplier audits, and quality audits. It also provides end-to-end functionality for the complete spectrum of audit processes including audit planning and scheduling, development of standard audit plans and checklists, field data collection, development of audit reports and recommendations, review of audit recommendations by auditees and the Management, and implementation of audit recommendations and remediation.

Issue Management: One of the central functions of an insurance organization’s GRC and quality management units is to manage issues related to customers, claims, audits, risks, compliance, IT systems, loss-events, and process deviations. MetricStream Issue Management Solution supports the identification and evaluation of issues as well as their investigation, tracking, remediation, and corrective action. Powerful analytics along with an issue tracking and reporting functionality with graphical dashboards give managers complete real-time visibility into the quality and compliance system, and provide critical intelligence for reducing the risk of non-compliance.

Policy Management: The MetricStream solution enables insurance companies to adopt an electronic and automated approach to the development, maintenance, and communication of policies and procedures across the enterprise. The web-based system provides a central repository to store and organize policies and procedures, while integrated collaboration and workflow tools enable these documents to be accessed, created, modified, reviewed, and approved globally in a controlled manner. The system supports policy implementation, acceptance, exception tracking, and mapping of policies to compliance requirements. A powerful analytics and reporting capability with graphical dashboards are provided to track each policy from origin to obsolescence. This gives managers complete visibility into the system.

Training Management: Various compliance regulations in the insurance industry require the senior management and other stakeholders to be trained on compliance requirements. MetricStream Training Management Solution enables effective management of the overall training process by maintaining course offerings and course descriptions, scheduling classes, providing feedback on instructors and course material, maintaining training records, and conducting a gap analysis to ensure regulatory compliance. Graphical dashboards and reports help monitor training programs and their effectiveness, giving managers complete real-time visibility into the organization's training system.