As a leading bank with a long and steady tradition of over a century to guard, compliance to every applicable regulation, risk management and safeguarding the interests of its shareholders, customers and employees are some of the primary focus points of the Bank.
In today’s stringent regulatory business environment with new standards and mandates coming to effect at a never-before pace, the need to keep up with regulatory changes and ensure ongoing compliance with them has emerged as the Bank’s crucial priority.
To strengthen its compliance risk program, the Bank needed an efficient solution for conducting compliance processes, assessing risks, implementing and monitoring controls successfully across its vast multi-country operations.
After a systematic evaluation of the compliance and risk management solutions available in the market, the Bank selected MetricStream GRC Platform. The key capabilities of MetricStream’s solution that led to this decision were: complete workflow automation and MetricStream’s ability to meet the complex IT requirements of the Bank’s enormous structure.
MetricStream GRC Platform: MetricStream has delivered the Bank a complete end-to-end workflow automation system for the compliance risk management process across its business units, geographic locations and product lines, along with unique capabilities such as integration of regulatory content with the compliance workflow.
MetricStream’s web-based platform supports the Bank’s complex organizational model across all the regions and countries it operates in, business units and departments, as well as their mapping to different compliance and risk management roles and reporting relationships.
Integration of regulatory content: Based on MetricStream Infolet technology, the application captures and imports complete, relevant, and timely information on rules and regulations from a host of reliable external sources. This exhaustive compilation of regulations is mapped to the Bank’s compliance risk areas and pre-defined types under various criteria such as geographic area, state, issuing organization, subject, effective date, modification date, end date, title, text, application zone.
The users at the Bank can run advanced search on this content and use import functions to insert regulations and rules in the system.
As rules change, the system enables automated notification and alerts to the relevant organizational roles mapped to the rule based on parameters such as geographic area, state, application zone, type and area of risk.
The Bank benefits from the regulatory content library that is maintained within the application. The system also enables intelligent and content-driven features such as triggering of business processes for compliance risk assessments and policy reviews based on regulatory notifications and compliance alerts.
Centrally managed compliance requirements: The Bank’s regulations and compliance requirements are centrally managed on the platform, categorized by country, state, issuing organization, subject, effective date, title, text, application zone, category, risk, regulation type and regulatory body. The compliance risks are recorded and classified by name, category, description, thresholds, causes, management response, appetite and areas of impact. Risks are mapped to the bank’s business units and mitigants.
Mitigants are defined for risks and are categorized as policies and procedures, training programs and controls along with details including frequency, preventive or detective, cover of risk score and the mapping to business units and risks.
Risk assessment and computations are based on configurable methodologies and algorithms for inherent impact and likelihood. This includes quantitative and qualitative rating of identified mitigants to have the level of cover of risk. The bank’s inherent risk factors are configured and overall inherent and residual risk scores are computed.
Additional capabilities: MetricStream’s solution includes additional unique features to improve the bank’s visibility into compliance risk management:
There are a host of reasons why the Bank selected MetricStream for this project. Some of them are summarized below:
MetricStream has the capacity to map its solution suit to the Bank’s complex existing environment, with users spread across the globe, and to model its solution to accommodate the Bank’s exact requirements.
MetricStream’s unique architecture includes content-based intelligence to provide relevant regulatory information and initiate appropriate actions.
MetricStream offers strong reporting capabilities with dashboards, risk heat maps, color-coded charts with wizards for end-users to create custom reports and dashboards easily.
MetricStream provides complete end-to-end workflow automation of the compliance process for consistent practices across business units, locations and departments.
With its rapid expansion of operations over the years, coupled with the growing number of regulatory requirements in financial services, the Bank was finding it challenging to maintain its tradition of impeccable performance.
The spread of the enterprise over multiple geographical locations had added a new dimension to the complexity of the Bank’s compliance fabric. Extremely stringent regulatory environments in specific geographical regions made it mandatory to know and understand the risks involved, take necessary steps for control and mitigation.
Absence of timely, reliable and structured information about latest applicable regulations at global as well as country level and the confusion over the intricacies of regulations relevant to various geographical regions had resulted in unwieldiness of the compliance management processes and associated risks to the enterprise.
Slipping action plans for high risk issues, functional disparity among the various compliance teams in different countries, lack of central, integrated risk view at regional and corporate levels, compliance with applicable regulations such as Gramm-Leach-Bliley Act (GLBA), Know Your Customer (KYC), Anti-money Laundering (AML), Basel II, to name a few, were some of the specific problems the situation had given rise to.
“MetricStream’s solution has helped us streamline elaborate and intricate processes of compliance and risk management with an integrated enterprise-wide system, giving us a better grip on our compliance, risks, and lowering the overall cost of compliance,” says the spokesperson of the Bank.