The Client: Major Reinsurance Company



As an international organization with operations across countries, the client is required to comply with a number of global/ local regulations, ranging from the Financial Services Authority (FSA) filing requirements in London, to the Insurance Companies Ordinance in Hong Kong. They also have to deal with a wide range of risks, broadly classified as group risks, reinsurance risks, operational risks, market risks, credit risks, and liquidity risks.

Managing these risks and regulatory compliance requirements using traditional tools such as spreadsheet-based checklists proved to be becoming increasingly cumbersome, time-consuming, and unsustainable for the client. They needed a way to make their global risk and compliance processes more efficient and streamlined, as well as transparent. 

After considering several risk and compliance solution providers, the client zeroed in on MetricStream. They liked MetricStream’s comprehensive solution functionalities, graphical reports and dashboards, workflow tracking tools, and the ability to balance global and local compliance requirements. More importantly, MetricStream offered them a way to implement a single, cohesive risk and compliance management system across their global enterprise. 

Since it has been implemented, MetricStream Enterprise Risk and Compliance Management Solution has helped the client streamline and automate their risk and compliance workflows across the globe. Over 110 users leverage the solution to efficiently identify their risks, perform risk-control-self-assessments, establish risk mitigation measures, track their KRIs, and strengthen risk reporting. 

The solution also supports compliance testing, survey management, and issue and action plan management, enabling the client to strengthen compliance and credibility with regulators.

The Solution

MetricStream Enterprise Risk and Compliance Management Solution has enabled the client to implement a systematic and automated approach to risk assessments and scoring, compliance assessments and controls testing, and issue and corrective action management. The solution has helped create a tightly mapped structure of the client’s global risks (parent-child), corresponding risk assessments, ratings, controls, evidence of control effectiveness, KRIs, and other key risk data for enhanced transparency. A common repository stores all global risk and compliance documentation and evidence, while powerful reports and dashboards enable consolidated risk and compliance reporting.

Below are the capabilities of the solution that are being leveraged by the client:


Risk library

Through the MetricStream solution, the client has created a comprehensive, centralized library of all their enterprise risks, controls, and related processes. Risks have been defined in a hierarchical manner with clear parent-child relationships. In addition, each risk is mapped to the appropriate controls and business processes. Therefore, at one glance, stakeholders can view the risks distributed across the organization, the controls used to mitigate these risks, control type (prevent/ detect), risk and control owners, associated KRIs, and other key data.


Risk assessments and scoring

The solution enables the client to define, plan, perform, and manage their enterprise and operational risk assessments from three perspectives - org-risk, process-risk, and org-process-risk perspectives. Each risk - be it operational risk, market risk, or credit risk - is assessed and rated based on its frequency and severity. Therefore, a risk which receives a frequency rating of 1 is rare, while a risk that is graded at 6 is highly likely to occur. Similarly, a risk that receives a severity rating of 1 is likely to have a minimal impact, while a risk rated at 6 is likely to be catastrophic. Color coded charts support the risk rating process by highlighting high risk areas.

Based on the risk scores, the MetricStream helps define controls, and then assess their effectiveness. Given that all risk and control data is integrated together, the client can easily view inherent and residual risk scores, the controls used to mitigate these risks, and evidence of control effectiveness.



The MetricStream solution provides a common, collaborative framework to manage compliance with the full range of global and local regulations. All business processes in the scope of compliance, along with the associated risks and controls, policies and procedures, regulatory requirements, and filing schedules are linked together in a comprehensive compliance and control hierarchy. This framework has enabled the client to structure and streamline their compliance processes so as to avoid duplication of effort.

Using the solution, the client can efficiently plan, implement, document, and manage compliance tests and surveys either periodically, or based on compliance schedules and associated risks. The solution supports assessments based on comprehensive checklists, and provides tools to score, tabulate, and report the results. Since all assessments are stored in a central repository, the client can easily search through the data to provide evidence to external regulators that controls are in place to ensure compliance.


Issue management

All issues that arise during the risk assessment or compliance testing process are routed by the solution through a systematic process of investigation and corrective action. Users can initiate an issue, review and implement the appropriate action plan, and see it through to closure. Each issue is assigned a unique case ID so that it can be tracked in real time as it moves from one stage to the next. Automated alerts help notify the appropriate personnel to follow up on each issue, and trigger escalations if deadlines are not met.



The MetricStream solution provides a range of graphical dashboards, reports, risk heat maps, and other charts which are vital for the client to track their risk profiles, control ownership, assessment plans, issues, corrective action and other key data. These reports can be accessed globally, and display real-time information.

The solution also provides a compliance certification dashboard with an in-depth view of regulatory certification and reporting tasks, due dates, requirements, and the progress of compliance. These tools enable the client to consistently track if all organizational branches and offices are complying with the applicable laws and regulations.

The client has the flexibility to create, edit, and manage a variety of standardized, configurable, ad hoc, and scheduled reports. Reporting workflows are automated, helping the client save considerable time and effort. In addition, a Reports Wizard allows users to develop their own reports without any programming.


Prior to implementing MetricStream’s solution, the client faced a number of challenges:

  • Complex risk and compliance processes that were managed using cumbersome spreadsheet-based tools
  • Significant time and effort spent on manually preparing risk reports, and routing risk and control information for review and approval
  • Difficulties in tracking compliance with multiple regulatory and filing requirements that varied from one country to the next (e.g. Section 334 and 335 of the Companies Ordinance in Hong Kong, China Insurance Regulatory Commission mandates, FSA requirements)
  • Insufficient visibility into risks and controls across the parent organization and its subsidiaries
Why MetricStream was Selected?

The client chose MetricStream because:

The MetricStream solution comes pre-built with powerful risk and compliance capabilities that are based on industry best practices, and can be adapted out-of-the-box to meet organizational requirements.

The solution’s integrated approach enables organizations to implement a unified, cohesive risk and compliance program across the global enterprise.

MetricStream’s powerful reporting and dashboards tools offer in-depth and real-time visibility into critical risk and compliance metrics, so that organizations can respond in a timely manner.

Regulatory compliance requirements and processes can be tracked from the solution’s single point of reference.

The MetricStream solution was competitively priced.



  • A single system to manage global risk and compliance processes
    The client organization is inherently complex with multiple subsidiaries and operations scattered across different locations. Yet the MetricStream solution has the ability to cut across these siloes, integrating all enterprise risk and compliance data in a centralized framework. This unified approach has simplified risk and compliance management, while also making these processes more transparent.
  • Greater visibility into areas of risk
    The MetricStream solution is equipped with powerful reporting and dashboard capabilities that roll up risk data from different organizational units, to provide a single, consolidated risk view at the top. Using this data, stakeholders are able to make decisions that yield optimal risk-reward outcomes.
  • Standardized risk and control taxonomies
    The MetricStream library, which brings together all risk and compliance data, has helped the client standardize their risk and control terminologies across the enterprise which, in turn, has simplified and strengthened risk reporting.
  • Enhanced tracking of regulatory compliance
    The MetricStream solution enables real-time tracking of compliance with multiple regulations - both global and local. Automated alerts keep the process on track, while the underlying workflow engine helps ensure that compliance tasks move along smoothly from one step to the next.
  • Increased risk and compliance efficiency
    By streamlining and automating multiple risk and compliance workflows, the MetricStream solution has helped the client minimize operational redundancies and errors, and realize savings in terms of time, effort, and costs.