Case Study

Major Reinsurance Company Integrates Global Risk and Compliance Processes in a Centralized Framework

The client is a leading international reinsurance organization that offers a wide variety of property and casualty reinsurance products

As an international organization with operations across countries, the client is required to comply with a number of global/ local regulations, ranging from the Financial Services Authority (FSA) filing requirements in London, to the Insurance Companies Ordinance in Hong Kong. They also have to deal with a wide range of risks, broadly classified as group risks, reinsurance risks, operational risks, market risks, credit risks, and liquidity risks.

Managing these risks and regulatory compliance requirements using traditional tools such as spreadsheet-based checklists proved to be becoming increasingly cumbersome, time-consuming, and unsustainable for the client. They needed a way to make their global risk and compliance processes more efficient and streamlined, as well as transparent.

After considering several risk and compliance solution providers, the client zeroed in on MetricStream. They liked MetricStream’s comprehensive solution functionalities, graphical reports and dashboards, workflow tracking tools, and the ability to balance global and local compliance requirements. More importantly, MetricStream offered them a way to implement a single, cohesive risk and compliance management system across their global enterprise.

Since it has been implemented, MetricStream Enterprise Risk and Compliance Management Solution has helped the client streamline and automate their risk and compliance workflows across the globe. Over 110 users leverage the solution to efficiently identify their risks, perform risk-control-self-assessments, establish risk mitigation measures, track their KRIs, and strengthen risk reporting.

The solution also supports compliance testing, survey management, and issue and action plan management, enabling the client to strengthen compliance and credibility with regulators.

The Solution

MetricStream Enterprise Risk and Compliance Management Solution has enabled the client to implement a systematic and automated approach to risk assessments and scoring, compliance assessments and controls testing, and issue and corrective action management. The solution has helped create a tightly mapped structure of the client’s global risks (parent-child), corresponding risk assessments, ratings, controls, evidence of control effectiveness, KRIs, and other key risk data for enhanced transparency. A common repository stores all global risk and compliance documentation and evidence, while powerful reports and dashboards enable consolidated risk and compliance reporting.
Below are the capabilities of the solution that are being leveraged by the client:

Risk Library

Through the MetricStream solution, the client has created a comprehensive, centralized library of all their enterprise risks, controls, and related processes. Risks have been defined in a hierarchical manner with clear parent-child relationships. In addition, each risk is mapped to the appropriate controls and business processes. Therefore, at one glance, stakeholders can view the risks distributed across the organization, the controls used to mitigate these risks, control type (prevent/ detect), risk and control owners, associated KRIs, and other key data.

Risk Assessments and Scoring

The solution enables the client to define, plan, perform, and manage their enterprise and operational risk assessments from three perspectives - org-risk, process-risk, and org-process-risk perspectives. Each risk - be it operational risk, market risk, or credit risk - is assessed and rated based on its frequency and severity. Therefore, a risk which receives a frequency rating of 1 is rare, while a risk that is graded at 6 is highly likely to occur. Similarly, a risk that receives a severity rating of 1 is likely to have a minimal impact, while a risk rated at 6 is likely to be catastrophic. Color coded charts support the risk rating process by highlighting high risk areas.

Based on the risk scores, the MetricStream helps define controls, and then assess their effectiveness. Given that all risk and control data is integrated together, the client can easily view inherent and residual risk scores, the controls used to mitigate these risks, and evidence of control effectiveness.


The MetricStream solution provides a common, collaborative framework to manage compliance with the full range of global and local regulations. All business processes in the scope of compliance, along with the associated risks and controls, policies and procedures, regulatory requirements, and filing schedules are linked together in a comprehensive compliance and control hierarchy. This framework has enabled the client to structure and streamline their compliance processes so as to avoid duplication of effort.

Using the solution, the client can efficiently plan, implement, document, and manage compliance tests and surveys either periodically, or based on compliance schedules and associated risks. The solution supports assessments based on comprehensive checklists, and provides tools to score, tabulate, and report the results. Since all assessments are stored in a central repository, the client can easily search through the data to provide evidence to external regulators that controls are in place to ensure compliance.

Issue Management

All issues that arise during the risk assessment or compliance testing process are routed by the solution through a systematic process of investigation and corrective action. Users can initiate an issue, review and implement the appropriate action plan, and see it through to closure. Each issue is assigned a unique case ID so that it can be tracked in real time as it moves from one stage to the next. Automated alerts help notify the appropriate personnel to follow up on each issue, and trigger escalations if deadlines are not met.


The MetricStream solution provides a range of graphical dashboards, reports, risk heat maps, and other charts which are vital for the client to track their risk profiles, control ownership, assessment plans, issues, corrective action and other key data. These reports can be accessed globally, and display real-time information.

The solution also provides a compliance certification dashboard with an in-depth view of regulatory certification and reporting tasks, due dates, requirements, and the progress of compliance. These tools enable the client to consistently track if all organizational branches and offices are complying with the applicable laws and regulations.

The client has the flexibility to create, edit, and manage a variety of standardized, configurable, ad hoc, and scheduled reports. Reporting workflows are automated, helping the client save considerable time and effort. In addition, a Reports Wizard allows users to develop their own reports without any programming.



Prior to implementing MetricStream’s solution, the client faced a number of challenges:

  • Complex risk and compliance processes that were managed using cumbersome spreadsheet-based tools.
  • Significant time and effort spent on manually preparing risk reports, and routing risk and control information for review and approval.
  • Difficulties in tracking compliance with multiple regulatory and filing requirements that varied from one country to the next (e.g. Section 334 and 335 of the Companies Ordinance in Hong Kong, China Insurance Regulatory Commission mandates, FSA requirements).
  • Insufficient visibility into risks and controls across the parent organization and its subsidiaries



A single system to manage global risk and compliance processes.


Greater visibility into areas
of risk.


Standardized risk and control taxonomies.


Enhanced tracking of regulatory compliance.


Increased risk and compliance efficiency


Why MetricStream was Selected?

The client chose MetricStream because:

  • The MetricStream solution comes pre-built with powerful risk and compliance capabilities that are based on industry best practices, and can be adapted out-of-the-box to meet organizational requirements.
  • The solution’s integrated approach enables organizations to implement a unified, cohesive risk and compliance program across the global enterprise.
  • MetricStream’s powerful reporting and dashboards tools offer in-depth and real-time visibility into critical risk and compliance metrics, so that organizations can respond in a timely manner.
  • Regulatory compliance requirements and processes can be tracked from the solution’s single point of reference.
  • The MetricStream solution was competitively priced.

Related Stories

Case Study

Global Insurer Transforms Compliance With Better Intelligence, Automation, and Risk Awareness

Case Study

Major Insurance Company Uses a Holistic Approach to Engage All Lines of the Business in GRC

Case Study

Leading Cloud Software Company Accelerates Business Performance by Reinforcing IT Compliance and Policy Management


Ready to get started?

Speak to our experts Let’s talk