×
Case Studies

Leading UK Financial Institution Improves Risk Visibility With Single Source of Truth for Operational Risk Management and Compliance

One of the top mortgage lenders in the UK wanted to improve its risk management maturity and, thereby, strengthen credibility with regulators. Although the company had a comprehensive control estate, it was highly fragmented. Data on individual controls and risks was scattered across multiple, disparate systems, hampering risk visibility.

That’s when MetricStream came in. With MetricStream’s Operational Risk Management and Compliance Management, the mortgage lender has a single source of truth for its risks and controls. The products provide an integrated and real-time view of risks across the lines of the business, enabling the company to make faster decisions and improve business resilience.

Region

United Kingdom

Industry

Banking and Financial Services

Employees

18333+

Product

Operational Risk Management

Compliance Management

Today, the third and fourth-party risk management programs are enabled and supported by the MetricStream Platform running on Amazon Web Services (AWS) cloud, which provides a unified, holistic view of all third- and fourth-party risks.

Out With the Old

Initially, the mortgage lender used a legacy system to manage its risks and controls. But over the years, the tool was customized so many times that it became quite inflexible. It also gave rise to multiple risk and compliance silos. There was no centralized system to manage and report risks, controls, and loss events. Neither was there a common risk language to ensure consistency in reporting.

The system was built primarily for the second line—even though the first line was where the risks were emerging. There was very little coordination across the two lines. Moreover, risk processes were largely manual and cumbersome. This, coupled with the lack of real-time risk visibility, led the mortgage lender to implement a new operational risk management and compliance program.

The company chose MetricStream for its cloud-based products, strong control monitoring capabilities, and flexible data model. With the MetricStream suite of products, the company has been able to deliver an integrated view of risks mapped to controls, processes, business units, and strategic objectives. What’s more, the underlying Integrated Risk Platform - intelligent by design, can be extended in the future with products including Internal Audit, Third-Party Risk Management, and Business Continuity Management to strengthen risk visibility.

 

Challenge

  • Inflexible legacy system
  • Low visibility into risks and controls
  • Manual and time-consuming risk processes
  • Very little coordination across the lines of defense

Business Value Realized

 

Improved efficiency with automated risk processes and control rationalization

 

Better risk visibility with real-time risk intelligence

 

Greater coordination between the first and second lines

 

Faster remediation of risk incidents

 

Faster, Better Risk Assessments

The MetricStream product—which is used by 300 employees in the company—has replaced manual risk management processes with automated workflows, analytics, and dashboards. Users can efficiently plan, schedule, and conduct risk-control self-assessments. They can also measure and track key risk indicators.

The product supports both qualitative and quantitative risk assessments, as well as risk aggregation and scoring. It also helps standardize the risk taxonomy across the enterprise, so that everyone is communicating and reporting in the same language.

Reduced Risk Incidents

MetricStream enables the company to proactively capture, analyze, and remediate risk events and losses in compliance with the Basel Accords. An estimated 200 loss events per month are managed through the product. With proactive control monitoring and real-time risk visibility, the product is helping the company respond to loss events faster and proactively prevent risk incidents.

Control Rationalization

The product houses about 2,000 controls. In-depth insights into the performance of these controls enable the company to prioritize remediation strategies, while also identifying orphan controls that can be decommissioned. The control environment is now better organized, more transparent, and more effectively monitored.

Right from the start, the company was determined not to customize the product. They wanted to keep it flexible and agile.

Improved Frontline Ownership of Risks

For the first time, the frontline at the company has a powerful product to assess, mitigate, and monitor their risks. The tool’s intuitive, personalized, and contextual interface makes it easy to adopt and use. It also breaks down silos, and strengthens collaboration between the first and second lines. Together, they can optimize risk coverage, minimize gaps in risk assessments, and strengthen risk reporting.

Real-time Risk Visibility

The mortgage lender now has a 360-degree view of risks and controls through interactive dashboards, heat maps, and reports. Risk committees can track risks in real time and drill down into the data for granular insights. This helps them drive more agile and risk-aware business decisions.

Quick Adoption

Right from the start, the mortgage lender engaged all stakeholders in the adoption of the MetricStream products. Business validation workshops were conducted to get frontline business owners involved, and to ensure that they were satisfied with the tool before it was rolled out.

Meanwhile, quarterly events helped users get familiar with the products through demo videos, questionanswer sessions, and suggestion corners. Business champions were also identified, trained, and incentivized to build awareness about the importance of the MetricStream products.

Related Stories

Case Studies

Baptist Health Care Improves Audit Efficiency and Visibility With MetricStream

Case Studies

Leading Cloud Software Company Accelerates Business Performance by Reinforcing IT Compliance and Policy Management

Case Studies

UK Investment Management Major Standardizes and Simplifies Integrated Risk Management

Ready to get started?

Speak to our experts