Today, the third and fourth-party risk management programs are enabled and supported by the MetricStream Platform running on Amazon Web Services (AWS) cloud, which provides a unified, holistic view of all third- and fourth-party risks.
Initially, the mortgage lender used a legacy system to manage its risks and controls. But over the years, the tool was customized so many times that it became quite inflexible. It also gave rise to multiple risk and compliance silos. There was no centralized system to manage and report risks, controls, and loss events. Neither was there a common risk language to ensure consistency in reporting.
The system was built primarily for the second line—even though the first line was where the risks were emerging. There was very little coordination across the two lines. Moreover, risk processes were largely manual and cumbersome. This, coupled with the lack of real-time risk visibility, led the mortgage lender to implement a new operational risk management and compliance program.
The company chose MetricStream for its cloud-based products, strong control monitoring capabilities, and flexible data model. With the MetricStream suite of products, the company has been able to deliver an integrated view of risks mapped to controls, processes, business units, and strategic objectives. What’s more, the underlying Integrated Risk Platform - intelligent by design, can be extended in the future with products including Internal Audit, Third-Party Risk Management, and Business Continuity Management to strengthen risk visibility.
Improved efficiency with automated risk processes and control rationalization
Better risk visibility with real-time risk intelligence
Greater coordination between the first and second lines
Faster remediation of risk incidents
The MetricStream product—which is used by 300 employees in the company—has replaced manual risk management processes with automated workflows, analytics, and dashboards. Users can efficiently plan, schedule, and conduct risk-control self-assessments. They can also measure and track key risk indicators.
The product supports both qualitative and quantitative risk assessments, as well as risk aggregation and scoring. It also helps standardize the risk taxonomy across the enterprise, so that everyone is communicating and reporting in the same language.
MetricStream enables the company to proactively capture, analyze, and remediate risk events and losses in compliance with the Basel Accords. An estimated 200 loss events per month are managed through the product. With proactive control monitoring and real-time risk visibility, the product is helping the company respond to loss events faster and proactively prevent risk incidents.
The product houses about 2,000 controls. In-depth insights into the performance of these controls enable the company to prioritize remediation strategies, while also identifying orphan controls that can be decommissioned. The control environment is now better organized, more transparent, and more effectively monitored.
Right from the start, the company was determined not to customize the product. They wanted to keep it flexible and agile.
For the first time, the frontline at the company has a powerful product to assess, mitigate, and monitor their risks. The tool’s intuitive, personalized, and contextual interface makes it easy to adopt and use. It also breaks down silos, and strengthens collaboration between the first and second lines. Together, they can optimize risk coverage, minimize gaps in risk assessments, and strengthen risk reporting.
The mortgage lender now has a 360-degree view of risks and controls through interactive dashboards, heat maps, and reports. Risk committees can track risks in real time and drill down into the data for granular insights. This helps them drive more agile and risk-aware business decisions.
Right from the start, the mortgage lender engaged all stakeholders in the adoption of the MetricStream products. Business validation workshops were conducted to get frontline business owners involved, and to ensure that they were satisfied with the tool before it was rolled out.
Meanwhile, quarterly events helped users get familiar with the products through demo videos, questionanswer sessions, and suggestion corners. Business champions were also identified, trained, and incentivized to build awareness about the importance of the MetricStream products.