Case Study

Leading UK Financial Institution Improves Risk Visibility With Single Source of Truth for Operational Risk Management and Compliance

One of the top mortgage lenders in the UK wanted to improve its risk management maturity and, thereby, strengthen its credibility with regulators. Although the company had a comprehensive control estate, it was highly fragmented. Data on individual controls and risks were scattered across multiple, disparate systems, hampering risk visibility.

That’s when MetricStream came in. With MetricStream BusinessGRC, the mortgage lender gained a single source of truth for its risks, compliance requirements, and controls. The products provide an integrated and real-time view of risk and compliance postures, enabling the company to make faster decisions and improve business resilience.

Out With the Old

Initially, the mortgage lender used a legacy system to manage its risks and controls. However, over the years, the tool was customized so many times that it became quite inflexible. It also gave rise to multiple risk and compliance silos. There was no centralized system to manage and report risks, controls, and loss events, nor was there a common risk language to ensure consistency in reporting.

The system was built primarily for the second line—even though the risks were emerging from the first line. There was very little co-ordination across the two lines. Furthermore, risk processes were largely manual and cumbersome. This, combined with the lack of real-time risk visibility, led the mortgage lender to seek solutions for managing operational risk, compliance, and regulatory change.

The company chose MetricStream for its cloud-based products, strong control monitoring capabilities, and flexible data model. With the MetricStream BusinessGRC suite of products, the company has been able to gain an integrated view of risks mapped to controls, processes, business units, and strategic objectives. The Operational Risk Management and Compliance Management products provide a single point of reference across multiple functions to efficiently manage risks, compliance, and metrics. With real-time reporting, analytics, and intelligence, the firm is better positioned to accelerate decision-making and optimize opportunities for success while sustaining integrity.


  • Inflexible legacy system
  • Low visibility into risks and controls
  • Manual and time-consuming risk processes
  • Very little coordination across the lines of defense
  • Manual and tedious processes to understand and to stay on top of regulatory changes

Business Value Realized

  • Improved efficiency with automated risk processes and control rationalization
  • Better risk visibility with real-time risk intelligence
  • Greater coordination between the first and second lines
  • Faster remediation of risk incidents
  • Proactive approach to identify regulatory changes and understand its potential impact

Faster, Better Risk Assessments

MetricStream Operational Risk Management—which is used by more than 300 employees in the company—has replaced manual risk management processes with automated workflows, analytics, and dashboards. Users can efficiently plan, schedule, and conduct risk-control self-assessments. They can also measure and track key risk indicators.

The product supports both qualitative and quantitative risk assessments, as well as risk aggregation and scoring. It also helps standardize the risk taxonomy across the enterprise, so that everyone is communicating and reporting in the same language.

Reduced Risk Incidents

With the implementation, the company can proactively capture, analyze, and remediate risk events and losses in compliance with the Basel Accords. An estimated 200 loss events per month are managed through the product. With proactive control monitoring and real-time risk visibility, the product is helping the company respond to loss events faster and proactively prevent risk incidents.

Control Rationalization

MetricStream houses approximately 2,000 controls and provides in-depth insights into the performance of these controls. It enables the company to prioritize remediation strategies, while also identifying orphan controls that can be decommissioned. This resulted in the control environment being better organized, more transparent, and more effectively monitored.

Right from the start, the company was determined not to customize the product. They wanted to keep it flexible and agile.

Improved Frontline Ownership of Risks

For the first time, the frontline at the company has a powerful product to assess, mitigate, and monitor their risks. The tool’s intuitive, personalized, and contextual interface makes it easy to adopt and use. It also breaks down silos and strengthens collaboration between the first and second lines. Together, they can optimize risk coverage, minimize gaps in risk assessments, and strengthen risk reporting.

Real-time Risk Visibility

The mortgage lender now has a 360-degree view of risks and controls through interactive dashboards, heat maps, and reports available in the product. Risk committees can track risks in real time and drill down into the data for granular insights to drive more agile and risk-aware business decisions

Efficient Regulatory Change Management

MetricStream Regulatory Change Management has enabled the company to identify, capture, and manage regulatory changes in a simple and automated manner through feeds. The product’s integration with CUBE RegInsight, an AI-based intelligent regulatory horizon scanning tool, provides the earliest possible forewarning of relevant proposed and pending regulations.

MetricStream has also integrated with CUBE RegBook to display the repository of both the regulations and regulatory requirements as regulatory alerts.

What’s more, the deployment has also equipped the company to assess the impact of regulatory changes on business processes, policies, risks, and controls, and initiate and track regulatory change management tasks. Critical regulatory alerts are routed to the relevant stakeholders/SMEs for triaging and applicability assessments.

MetricStream has successfully helped the company achieve a common GRC language and taxonomy across the organization. Better visibility into risk and compliance posture, improved engagement and collaboration across the first and second line, and rationalization of controls have helped optimize business processes and improve efficiency. The company is also efficiently staying on top of regulatory changes with aggregated regulatory content from multiple trusted sources.


Ready to get started?

Speak to our experts Let’s talk