As a large global enterprise with diverse business interests, the bank is subject to a complex and highly dynamic web of regulations. Earlier, these requirements were dealt with reactively i.e. by developing multiple, disconnected compliance programs and systems without any integration between them. The result was a maze of compliance siloes that failed to provide an accurate picture of enterprise-level compliance.
In response, the bank began looking for a way to integrate their compliance initiatives into a single source of truth. Their aim was to reduce process redundancies, while enhancing cross-functional coordination on both regulatory and corporate compliance processes.
For many years, the bank managed their compliance processes manually – an approach that was not only prone to data errors, but also highly cumbersome, given the number of global and local regulations that had to be complied with. In addition, the bank didn’t have an efficient mechanism to manage regulatory changes. Alerts from various regulatory information sources were captured in an ad-hoc manner using multiple different spreadsheets rather than standard templates. This model wasn’t a sustainable one, especially as the pace of regulatory change increased. When it came to regulatory exams, meetings, and other interactions, the amount of paperwork involved was overwhelming. A single regulatory engagement could have thousands of tasks and sub-tasks, each of which had to be dealt with systematically. Stakeholders needed to know which document to submit, by when, and against which request.
None of these challenges could be solved manually or disparately. The bank wanted a system that would integrate compliance processes, so that the insights that ultimately rolled up to the senior management and board would provide a complete, accurate, and real-time view of the enterprise’s compliance posture. To meet these requirements, the bank chose the MetricStream Compliance Management, built on a scalable, extensible M7 Integrated Risk Platform – intelligent by design
Using MetricStream’s M7 Integrated Risk Platform’s data foundation, the bank has been able to map all regulatory rules or obligations in a structured, multi-dimensional, relational, and non-redundant compliance data universe that serves as a common source of compliance information for all functions.
Each obligation is linked to the applicable lines of business, policies, and controls. In addition, roles and responsibilities are clearly defined to ensure accountability. The product also helps the bank manage the complete lifecycle of organizational policies across business units, divisions, and global locations. It standardizes policy workflows, while integrating data in a way that enables users to easily understand the impact of regulations, risks, and controls on policies.
Through the product, the bank has set up regulatory feed channels which automatically pull regulatory updates from multiple sources. These changes are tracked efficiently, while all impacted stakeholders (identified through the underlying relationships to organizational structures) are notified and involved in various stages of the regulatory development process. The product also streamlines the process of analyzing the impact of regulatory changes. It helps in assessing the associated risks, reviewing and approving change management tasks, updating policies, testing controls, and resolving issues.
Regulatory development tasks are assigned, tracked, reviewed, and approved in a systematic and consistent manner. Automated updates and alerts help ensure that all regulatory developments and corresponding actions are monitored through to closure.
• Lack of collaboration across compliance teams
• Disconnected compliance processes
• Fragmented visibility into global regulatory engagements
• Improved communication and coordination on compliance processes across the organization
• Efficient management and oversight of the bank’s relationships with regulators globally
• Timely, actionable insights on key compliance risks
The product enables the bank to assess compliance risks based on configurable methodologies and algorithms. It delivers both quantitative and qualitative ratings on risk impact and likelihood, allowing users to identify potential issues and areas of concern.
Meanwhile, compliance risk dashboards, heat maps, and color-coded charts highlight areas that require attention through a simplified visualization of risk data sorted by country, risk type, and other parameters. Any issues that are found are routed through a coordinated remediation process.
Using the product, the bank can capture, investigate, and resolve compliance cases or violations that are found. Intuitive reports and dashboards make it easy for stakeholders to identify the cases that need immediate action and investigation.
With the MetricStream product, the bank can successfully manage and coordinate multiple types of regulatory engagements, including exams, meetings, and information requests. The product streamlines and automates engagement workflows – right from when a regulatory notification is received by the bank, till the response is submitted and the findings are addressed.
Interactive dashboards and reports provide comprehensive visibility into all regulatory engagements, enabling the bank to proactively identify and respond to trends, areas of concern, and opportunities.
Engagement managers can swiftly track and address regulatory findings, issues, and concerns