The team embarked on an ambitious transformation project to strengthen and simplify compliance in the business. Their goal was to enable and support the business, be a trusted advisor, deliver better compliance insights, as well as provide independent challenge, monitoring, and assurance—all with the purpose of protecting the business and its customers.
To help support and achieve these objectives, the insurer chose MetricStream BusinessGRC products powered by the MetricStream Platform.
A number of factors drove the company to transform its compliance program. For one, its risk portfolio was expanding, while across the industry, regulators were increasing enforcement, supervision, and fines.
Simultaneously, new digital technologies were changing the way business was done. The compliance team needed to keep pace with these trends and invest in automation, advanced analytics, and other technologies that would enrich the effectiveness of their processes.
Since, compliance data was being managed on multiple different spreadsheets the team realized that this wasn’t a sustainable or efficient approach, and wanted to move to a single trusted source of data—especially with new regulatory expectations that required the compliance function to implement a single tool.
The team was also eager for a state-of-the-art solution that would automate tasks and enable new real-time ways of working and reporting.
MetricStream Compliance Management was chosen for its ability to manage a broad range of compliance requirements in an integrated manner. For the first time, the insurer had a single, unified platform and a set of MetricStream BusinessGRC products to govern its entire global compliance operations. The products would simplify policy management, streamline compliance activities, manage compliance risks, monitor regulatory changes, and accelerate issue management.
By sticking to an out-of-the-box deployment, the insurer was able to swiftly roll out the products across the enterprise and avoid the complexities that come with customization.
Better insights on compliance with a single source of truth
Improved compliance efficiency with automated, standardized workflows
Greater policy awareness in the frontline, thanks to a central, easily searchable policy repository
More confident decision-making with real-time visibility into compliance risks
Faster responsiveness to regulatory changes and updates
With MetricStream, the insurer now has a centralized policy portal that makes it easy for employees to access the latest policies in a secure manner. Frontline users can quickly search for relevant policy information from wherever they are, thus improving policy awareness. The product also streamlines policy creation, approvals, versioning, and discovery. Whenever different groups of employees have to attest to their understanding of policies, the product sends out automatic reminders, and also helps manage the whole attestation process.
The insurer uses MetricStream to manage their compliance risks in a systematic, efficient manner. The product also simplifies risk assessment planning, scheduling, and execution. Intuitive dashboards and analytics provide a comprehensive view of compliance risks in each country, thus helping the compliance team make informed decisions.
MetricStream enables the insurer to stay on top of all compliance regulations that govern their business. The product helps capture and map compliance controls, processes, risks, and assurance activities, as well as policies, reporting requirements, and filing schedules. It also helps design control tests, document the results, and certify control effectiveness—all in a streamlined and automated manner.
MetricStream simplifies the process of capturing and managing regulatory changes. The product automatically notifies the insurer of upcoming regulations, updates, and changes from regulatory websites. It also helps assess the impact of regulatory changes on business processes, policies, risks, and controls.
With MetricStream, the compliance team can proactively identify and document control deficiencies and other issues. They can also easily assign issues for remediation and follow up with the respective owners. Real-time tracking tools help monitor the status of issues and ensure that they are closed on time.
Previously, there were multiple annual activities that global, regional, and local compliance teams had to perform in order to manage compliance assurance. These activities were tracked on spreadsheets with no proper workflows and approval mechanisms. However, with MetricStream, compliance teams can easily add and remove activities, obtain approvals, and track assurance to closure.
MetricStream gives the insurer a full overview of compliance findings, annual plans, and risk assessments across the enterprise. Users can easily see how risks are linked to controls, testing plans, and more through MetricStream’s integrated compliance data model. Powerful dashboards and reports provide real-time insights on compliance and enable the data to be drilled down for more granular details.
All of this means that the compliance team is now better positioned to meet their objectives of providing trusted advice to the business, while also strengthening assurance and compliance.
The team is currently exploring the use of advanced analytics to improve compliance efficiency. For instance, they will be able to elevate control assessments from simple statistical sampling to full control testing.