Case Studies

MetricStream Risk Analytics and AI-powered Issue Management Enable Hancock Whitney to Turn Risk Into Strategic Advantage

Hancock Whitney, a bank holding company, was struggling with its manual and siloed approach to risk management. With its operations spread across Mississippi, Alabama, Florida, Louisiana, and Texas, the lack of coordination between business units and the use of different frameworks, technologies, and processes made it difficult to aggregate risk data at the enterprise level, which affected the company’s risk visibility and hence decision-making.

The company identified the need to revamp its risk management processes to establish a common risk language across the enterprise improve visibility into top risks, facilitate frontline engagement, and develop maturity and awareness on risk and issue management across the organization. It chose MetricStream to achieve these goals.


Banking and Financial Services


Operational Risk Management


Enterprise GRC

Integrated Risk Management

Struggles With Siloed and Manual Approach

Prior to MetricStream, the company’s risk committees faced a major challenge of aggregating risk data from across business units and locations. The underlying reasons were many—the lack of common and standardized risk taxonomy, absence of centralized database of risk, controls, processes, and assets, use of unique risk frameworks and processes by different risk groups with no coordination, and more. This not only led to duplication of effort and rework but also made it difficult for the risk committee to provide a holistic view of the organizational risk posture to the top management and board.

In addition, the lack of harmonization and siloed approach resulted in risk management fatigue as the team was constantly furnished with requests from different risk functions, which were often duplicate in nature.

To overcome these challenges, the company sought to implement a risk management program that would help establish common risk taxonomy, classification, and standards to be used across the three lines of defense and the larger organization. In addition, it wanted to facilitate coordination between various risk groups so that they could leverage information from one another and become true partners to the first line.

Embarking on the GRC Journey

Hancock Whitney embarked on the GRC automation journey with MetricStream back in 2012. It initially implemented MetricStream Operational Risk Management, hosted on the MetricStream Cloud, and later upgraded to MetricStream Platform, running on the AWS cloud, with integration to Tableau for basic analytics. MetricStream is, in fact, a one-stop solution for managing the company’s entire spectrum of operational risks.

Going forward, the company intends to upgrade to the latest version of the MetricStream Platform every year to ensure that they can access the most up-to-date features.


  • Need for trust to be built with board & leadership with real-time analytics
  • Need for increased visibility into key risks with end-to-end accountability
  • Requirement to engage the first Line of defense to develop maturity and awareness
  • Risk and Issue Management across the organization
  • Build a centralized inventory of critical risks and processes mapped to issues and controls based on a common language

Business Value Realized


Trust built with the leadership and board with real-time analytics and Tableau integration


Common risk taxonomy across the enterprise


Centralized database of assets, processes, risks, and controls


Improved visibility into key risks with end-to-end accountability


Efficient and accurate risk management analytics and reporting


Automated collation and aggregation of data


Increase speed and agility in making decisions


Risk Analytics With Tableau

The company has benefitted from MetricStream’s Tableau integration, which enabled it to quantify risks with advanced risk analytics. This seamless integration provided automated risk reports, which helped improve visibility into accurate risk profile and build trust with the board and leadership with real-time analytics.

Here are some of the key benefits that Hancock Whitney has realized from MetricStream’s Tableau integration:

  • There is no need to contact a separate team from Tableau for licenses and support as the MetricStream support team takes care of all related issues. The risk teams have cut down on the time spent on report development.
  • Previous manual collation and aggregation of data is eliminated with an automated approach, allowing the team to spend more time in deeper analysis and providing risk intelligence to the management to make better business decisions.
  • Data visualization helps managers to draw quick insights, enabling them to make decisions quickly and efficiently.
  • The time spent on individual data analysis is also drastically reduced as the risk managers can quickly see the trends and even drill down further to understand what the drivers of these trends are.
  • The first line no longer needs to go to the risk teams with ad-hoc requests. Instead, they can go straight to the Tableau server and pull the report that they need.
  • The risk analytics data help in more meaningful risk assessments and reviews by the second and third lines.

Common Taxonomy and Centralized Database

With MetricStream, the company now has a common and standardized risk taxonomy which facilitates a consistent understanding of risks and related issues across the enterprise. The implementation has established GRC libraries for risk, control, compliance, functions, framework reference, financial accounts, assets, and other areas.

In addition, MetricStream has also helped establish a centralized inventory of critical risks and processes mapped to issues and controls based on the common language. This provides the executive management with holistic and relative visibility into top risks, pressing issues, and effectiveness of controls.

Coordination and Harmonization

The MetricStream Operational Risk Management product has enabled Hancock Whitney to integrate siloed risk groups and harmonize risk processes. Standardized risk frameworks, technologies, and processes, and automated workflows have simplified the process of aggregating data at the enterprise level, thereby providing actionable insights to risk committees and executive management in a fast and efficient manner. In addition, coordinated assurance activities ensure that there are no gaps in coverage or duplication of effort.

AI-powered Issue Management

Through this implementation, the company has expedited the entire process of issue management and gap closure by leveraging AI. The tool enables to quickly identify an issue based on relation and semantically similar issues, recommends issue classification, suggests action plans—such as modify existing controls or define new controls as part of the issue remediation process, and monitors and tracks the implemented actions at every stage and until their closure.

It is important to note here that the Hancock Whitney team did co-innovation with MetricStream with their data. This gave them insights into how powerful semantic similarity is to connect the dots across groups and across past data.

“Getting your data into the tool is only the beginning. By using a business intelligence tool like Tableau to create visualizations with your data that tell a story, you can really begin to build a mature three lines of defense with risk officers who have been empowered by the tools given by your GRC program.”
- Shelby Stinson, Assistant Vice President, Risk Officer, Hancock Whitney Bank

Related Stories

Case Studies

Fragrances and Flavors Manufacturer Enhances Harmonization and Agility in Risk Mitigation and Issue Resolution with MetricStream

Case Studies

Leading International Energy Services Company Improves Resilience With Faster, Better Visibility Into Risks

Case Studies

A Leading South African Financial Services Group Embarks On Digitized GRC Journey To Strengthen Combined Assurance Framework With MetricStream

Ready to get started?

Speak to our experts