The Client: A Large Fortune 500 Retailer
Being a massive retail organization, the client has several thousand employees dispersed across stores, and a complex supplier network with thousands of vendors across the world. Each of these entities is required to comply with various corporate compliance requirements and HR policies. Moreover, stores which sell or offer "pre-paid" products such as gift cards, coupons, credits for returns, or any other mechanism that provides access to transferable funds paid in advance, need to comply with Anti-Money Laundering (AML) rules. Non-compliance with AML can have major repercussions.
Regular audits, risk assessments, as well as surveys that are filled out by employees, and certified by the respective managers, help determine if employees are performing their jobs as anticipated, and complying with the various corporate compliance, AML, and HR policy requirements.
If retailers don't have the right systems and processes to manage these compliance requirements, they may be forced to pay hefty regulatory penalties. For instance, a leading retailer was fined a huge sum for improper verification of employment eligibility, and inadequate employment records for Form I-9.
The client had strict processes in place to monitor compliance with corporate, AML, and HR policies. However, given the enormous scale and size of the organization, managers found it increasingly difficult to handle and monitor compliance processes.
MetricStream enabled the client to unify all compliance processes in a single, centralized framework, thus increasing efficiency, transparency, and accountability. Users across 250 locations leverage the MetricStream solution to manage and fill in compliance surveys, enable systematic management of AML policy risk assessments and controls tests, trigger store visits and audits, notify personnel of assignments, and maintain all compliance and employee records in a central database.
The client chose MetricStream Legal, Corporate, and HR Policy Compliance Solution which is based on the MetricStream GRC platform, to optimize end-to-end corporate compliance, AML, and HR policy compliance processes. The selection was based on the solution's flexible and extensible data model and the underlying GRC platform that is designed to support multiple compliance requirements in an integrated manner even for large corporations with complex organizational structures and diverse product and service lines.
The MetricStream solution covers the following areas in the client's organization:
HR compliance audits:
Every year, the HR Compliance department facilitates an audit of the effectiveness of controls in each store. The MetricStream solution enables the department to establish a streamlined and systematic approach to the audit - right from testing and measuring the controls, to capturing the results.
Just before the audit, the solution automatically triggers an annual alert to review the audit metrics, content, and scoring. It then enables the auditors to schedule multiple compliance tests, enter field data in predefined formats and layout, and easily export the scores into a printable PDF document. The system also automatically routes these scores to the HR manager of the store that is being audited, as well as the store manager and HR director.
If the store's score is below 100%, the MetricStream solution helps the auditor quickly identify areas of concern, create an issue plan, and schedule a re-audit.
HR certification and duty surveys:
HR certification surveys are sent out to HR managers each year to measure their compliance with HR policies. Duty surveys, on the other hand, are sent out to department managers to determine if they are meeting organizational expectations of how they spend their time. The client has 10 HR certification survey templates and 24 duty survey templates based on the respondent's job description and location.
The MetricStream solution helps simplify and automate the entire process of HR certification and duty survey management, while maintaining and archiving all records in a centralized, easily searchable repository. It also helps ensure that the right respondents get the right survey templates, and provides automated alerts to make sure that the surveys are filled in time.
Before each survey, the MetricStream solution sends a task notification to the HR Compliance group to create a survey plan. Once complete, it routes the plan for review. The solution also maps the survey respondents to the appropriate survey, and provides an online survey link to each respondent. If the respondents meet organizational expectations after filling in the survey, it is automatically closed. If not, a re-survey is triggered.
Simultaneously, automated notifications of the survey scores are provided to the managers and HR directors, enabling them to easily track the process. In the case of duty surveys, the solution also notifies the managers and HR director to conduct a coaching session for the respondent, followed by a re-survey.
Store visits are ad hoc audits which are typically conducted through interviews and questionnaires. They take into consideration the results of the duty surveys and HR compliance audits.
The MetricStream solution sends out an email notification and assignment to the store visit owner to initiate an audit template review twice a year. The solution also enables the owner to distribute audit assignments, and allocate the appropriate auditors based on a mapping table which matches the physical location to the auditor's name.
Instructions on how to conduct the store visit audit are captured in the solution, and can be viewed prior to and during the audit. Advanced inbuilt capabilities enable all audit findings and scores to be easily entered and maintained in an online database. Simultaneously, email notifications with the scores are sent out the HR director responsible for the store that is being audited.
For lower-than-expected scores, the solution streamlines the entire corrective action process.
Vendor partnership training
The vendor partnership training survey is sent to all vendors to ensure that they have been adequately trained on the client's organizational policies, and are consistently complying with them.
The MetricStream solution helps ensure that vendors complete the survey within the requisite period of 90 days, by sending out reminders to the recipients and their managers at regular intervals. It also enables users to fill in the surveys at their convenience by saving partially completed surveys, and working on them later.
The MetricStream solution enables the client to organize and maintain hundreds of thousands of employee records in a centralized document management system. The solution integrates with a third-party employee onboarding system, integrates employee data, and creates permanent records for each employee. Advanced security features ensure that only authorized HR personnel have access to these records.
Year after year, a tremendous volume of temporary and permanent employees come into and leave the organization. The MetricStream solution provides a simplified, automated, and efficient method of keeping track of these employees. It also helps ensure that only eligible employees are hired, and that necessary documents such as Form I-9 are in place.
AML policy risk assessments and control tests
AML policy risk assessments help determine if employees are complying with organizational policies and laws that condone the practice of generating income through illegal actions.
Every year, the MetricStream solution's test plan functionality reminds the AML policy owner to review and update the AML policy, if required. An in-built GRC library helps create the test plan with relevant questions and procedures. For instance, the AML control test has questions that track if changes are needed to the AML policy and risk assessment, and if the survey has been reviewed and updated.
Soon after, a workflow is triggered to send out the AML survey to about 60,000 employees. All respondents automatically receive a task assignment for the survey that needs to be completed within a specific time period. Through a series of questions, the survey enables a systematic and comprehensive approach to tracking if recipients are aware of how to ensure AML compliance across partners, business activities, and the distribution chain, and how to report suspicious activity. The survey also requires recipients to attest that the AML policy has been reviewed.
Automated email notifications are sent to the appropriate staff to indicate the need to initiate test plans, revise policies, prepare for upcoming control tests, and similar events. These notifications help keep the process on track, and escalate events that aren't completed in time.
The MetricStream solution provides a flexible reporting tool which allows the client to create both scheduled and ad hoc reports to view compliance and audit results according to a variety of parameters. Powerful graphical dashboards help track the status of various compliance processes across the enterprise. Users can view reports and dashboards at the enterprise level, while also drilling down to view metrics by business unit, regional, and store levels.
The client's existing corporate, AML, and HR compliance processes and systems posed a number of challenges:
The client chose MetricStream for the following reasons:
Scalability and flexibility:
The MetricStream solution and the underlying GRC platform are designed to support compliance with multiple policies and regulations even in large and complex organizations. It can quickly scale up to address growing compliance requirements, while simultaneously integrating thousands of users across enterprise-wide business divisions and global locations.
The MetricStream solution and the underlying GRC platform can be extended beyond corporate, AML, and HR compliance, if required, to address other compliance requirements, including regulatory compliance and social compliance. The solution can also be leveraged to meet other GRC needs such as risk management, audit management, and policy management.
Powerful business intelligence and analytics:
The MetricStream solution helps synthesize information from across the enterprise into coherent reports and dashboards which, in turn, enable leadership to understand the status of compliance efforts and the implications of their decisions.
The MetricStream solution has a sophisticated security model that maps each user to a specific role and organizational hierarchy unit. This restricts the user from accessing any information pertaining to other roles. They can only view the information meant for them through special in-built portals or InfoCenters.