Prior to MetricStream, the company’s risk committees faced a major challenge of aggregating risk data from across business units and locations. The underlying reasons were many—the lack of common and standardized risk taxonomy, absence of centralized database of risk, controls, processes, and assets, use of unique risk frameworks and processes by different risk groups with no coordination, and more. This not only led to duplication of effort and rework but also made it difficult for the risk committee to provide a holistic view of the organizational risk posture to the top management and board.
In addition, the lack of harmonization and siloed approach resulted in risk management fatigue as the team was constantly furnished with requests from different risk functions, which were often duplicate in nature.
To overcome these challenges, the company sought to implement a risk management program that would help establish common risk taxonomy, classification, and standards to be used across the three lines of defense and the larger organization. In addition, it wanted to facilitate coordination between various risk groups so that they could leverage information from one another and become true partners to the first line.
Hancock Whitney embarked on the GRC automation journey with MetricStream back in 2012. It initially implemented MetricStream Operational Risk Management, hosted on the MetricStream Cloud, and later upgraded to MetricStream Platform, running on the AWS cloud, with integration to Tableau for basic analytics. MetricStream is, in fact, a one-stop solution for managing the company’s entire spectrum of operational risks.
Going forward, the company intends to upgrade to the latest version of the MetricStream Platform every year to ensure that they can access the most up-to-date features.
Trust built with the leadership and board with real-time analytics and Tableau integration
Common risk taxonomy across the enterprise
Centralized database of assets, processes, risks, and controls
Improved visibility into key risks with end-to-end accountability
Efficient and accurate risk management analytics and reporting
Automated collation and aggregation of data
Increase speed and agility in making decisions
The company has benefitted from MetricStream’s Tableau integration, which enabled it to quantify risks with advanced risk analytics. This seamless integration provided automated risk reports, which helped improve visibility into accurate risk profile and build trust with the board and leadership with real-time analytics.
Here are some of the key benefits that Hancock Whitney has realized from MetricStream’s Tableau integration:
With MetricStream, the company now has a common and standardized risk taxonomy which facilitates a consistent understanding of risks and related issues across the enterprise. The implementation has established GRC libraries for risk, control, compliance, functions, framework reference, financial accounts, assets, and other areas.
In addition, MetricStream has also helped establish a centralized inventory of critical risks and processes mapped to issues and controls based on the common language. This provides the executive management with holistic and relative visibility into top risks, pressing issues, and effectiveness of controls.
The MetricStream Operational Risk Management product has enabled Hancock Whitney to integrate siloed risk groups and harmonize risk processes. Standardized risk frameworks, technologies, and processes, and automated workflows have simplified the process of aggregating data at the enterprise level, thereby providing actionable insights to risk committees and executive management in a fast and efficient manner. In addition, coordinated assurance activities ensure that there are no gaps in coverage or duplication of effort.
Through this implementation, the company has expedited the entire process of issue management and gap closure by leveraging AI. The tool enables to quickly identify an issue based on relation and semantically similar issues, recommends issue classification, suggests action plans—such as modify existing controls or define new controls as part of the issue remediation process, and monitors and tracks the implemented actions at every stage and until their closure.
It is important to note here that the Hancock Whitney team did co-innovation with MetricStream with their data. This gave them insights into how powerful semantic similarity is to connect the dots across groups and across past data.
“Getting your data into the tool is only the beginning. By using a business intelligence tool like Tableau to create visualizations with your data that tell a story, you can really begin to build a mature three lines of defense with risk officers who have been empowered by the tools given by your GRC program.”
- Shelby Stinson, Assistant Vice President, Risk Officer, Hancock Whitney Bank