One of the top mortgage lenders in the UK wanted to improve its risk management maturity and, thereby, strengthen credibility with regulators. Although the company had a comprehensive control estate, it was highly fragmented. Data on individual controls and risks was scattered across multiple, disparate systems, hampering risk visibility. That’s when MetricStream came in. With MetricStream’s Operational Risk Management and Compliance Management, the mortgage lender has a single source of truth for its risks and controls. The products provide an integrated and real-time view of risks across the lines of the business, enabling the company to make faster decisions and improve business resilience.
Initially, the mortgage lender used a legacy system to manage its risks and controls. But over the years, the tool was customized so many times that it became quite inflexible. It also gave rise to multiple risk and compliance silos. There was no centralized system to manage and report risks, controls, and loss events. Neither was there a common risk language to ensure consistency in reporting.
The system was built primarily for the second line—even though the first line was where the risks were emerging. There was very little coordination across the two lines. Moreover, risk processes were largely manual and cumbersome. This, coupled with the lack of real-time risk visibility, led the mortgage lender to implement a new operational risk management and compliance program.
The company chose MetricStream for its cloud-based products, strong control monitoring capabilities, and flexible data model. With the MetricStream suite of products, the company has been able to deliver an integrated view of risks mapped to controls, processes, business units, and strategic objectives. What’s more, the underlying Integrated Risk Platform - intelligent by design, can be extended in the future with products including Internal Audit, Third-Party Risk Management, and Business Continuity Management to strengthen risk visibility.
The MetricStream product—which is used by 300 employees in the company—has replaced manual risk management processes with automated workflows, analytics, and dashboards. Users can efficiently plan, schedule, and conduct risk-control self-assessments.
They can also measure and track key risk indicators. The product supports both qualitative and quantitative risk assessments, as well as risk aggregation and scoring. It also helps standardize the risk taxonomy across the enterprise, so that everyone is communicating and reporting in the same language.
MetricStream enables the company to proactively capture, analyze, and remediate risk events and losses in compliance with the Basel Accords. An estimated 200 loss events per month are managed through the product. With proactive control monitoring and real-time risk visibility, the product is helping the company respond to loss events faster and proactively prevent risk incidents.
The product houses about 2,000 controls. In-depth insights into the performance of these controls enable the company to prioritize remediation strategies, while also identifying orphan controls that can be decommissioned. The control environment is now better organized, more transparent, and more effectively monitored.
Right from the start, the company was determined not to customize the product. They wanted to keep it flexible and agile.
• Inflexible legacy system
• Low visibility into risks and controls
• Manual and time-consuming risk processes
• Very little coordination across the lines of defense
• Improved efficiency with automated risk processes and control rationalization
• Better risk visibility with real-time risk intelligence
• Greater coordination between the first and second lines
• Faster remediation of risk incidents
For the first time, the frontline at the company has a powerful product to assess, mitigate, and monitor their risks. The tool’s intuitive, personalized, and contextual interface makes it easy to adopt and use. It also breaks down silos, and strengthens collaboration between the first and second lines. Together, they can optimize risk coverage, minimize gaps in risk assessments, and strengthen risk reporting.
The mortgage lender now has a 360-degree view of risks and controls through interactive dashboards, heat maps, and reports. Risk committees can track risks in real time and drill down into the data for granular insights. This helps them drive more agile and risk-aware business decisions.
Right from the start, the mortgage lender engaged all stakeholders in the adoption of the MetricStream products. Business validation workshops were conducted to get frontline business owners involved, and to ensure that they were satisfied with the tool before it was rolled out.
Meanwhile, quarterly events helped users get familiar with the products through demo videos, questionanswer sessions, and suggestion corners. Business champions were also identified, trained, and incentivized to build awareness about the importance of the MetricStream products.