- Multiple silos and legacy systems
- Fragmented visibility into global risk and compliance
- Difficulty in proactively identifying and reporting key risks and issues
As a leading multi-national financial services company, the bank is expected to adhere to multiple regulatory obligations, while keeping possible disruptions and risks in check. These risks range from operational and IT risks, to mis-selling, regulatory, reputational, and geographic risks – all of which need to be identified and effectively mitigated across the enterprise. Previous approaches to risk management and compliance were largely siloed and, thereby, difficult to scale or sustain. Due to the vast geographic spread of the organization, the bank needed a competent GRC solution that would help them improve the efficiency of internal and regulatory compliance processes, while also strengthening risk management and business resilience. Their goal was to integrate multiple risk and compliance initiatives into an integrated GRC solution that would act as “a single source of truth.”
Looking Beyond Traditional Approaches :
In the past, the bank had used various, disparate, and sub-optimal legacy systems for compliance and risk management. These systems gave rise to multiple silos of information that were often challenging to reconcile or integrate.
The problem was amplified by the sheer number of geographically diversified teams working across multiple regulatory jurisdictions. Each team had their own risk and compliance processes, taxonomies, and systems which lacked the ability to adapt to dynamic compliance and risk management requirements. Moreover, the systems captured only 60% of risk assessment information, limiting the organization’s ability to develop sufficient risk thresholds and controls.
Over time, it became increasingly difficult for the bank to aggregate key risk and compliance information from across businesses and geographies. The insights that flowed up to decision-makers were often delayed, thus reducing the effectiveness of risk management, while also exposing the organization to non-compliance issues.
In response, the bank began to develop a strategic vision of implementing a single, group-wide GRC system. They wanted to replace their fragmented, legacy infrastructure with an integrated approach to risk and compliance management.
To support and enable these efforts, the bank chose MetricStream’s GRC Solution with capabilities for operational risk management, compliance management, regulatory change management, regulatory engagement management, and policy management. Today, the solution covers 90% of the countries that the bank operates in, has over 10,000 business users, and is one of the largest implemented solutions in the organization.
Balancing Risks and Rewards :
Making risk-informed decisions is key to optimizing the value of an organization. The MetricStream solution has given the bank the ability to align strategy with risk, thus enabling stakeholders to make balanced decisions in line with their risk appetite. Users gain clear visibility into interconnections across business processes which, in turn, enhance decision-making.
The solution links processes, risks, controls, indicators, and events (internal and external) in a single risk view. It also standardizes and simplifies risk management processes, including loss management, risk identification and assessment, risk and control monitoring, risk acceptance, and risk reporting.
The solution provides in-depth visibility into the critical processes and issues facing the bank with defined and relevant parameterized controls for risk mitigation.
To calculate risk impact, the solution uses the latest forecasting, scenario analysis, and stress testing capabilities. Built-in real-time reporting and analytical tools provide a dynamic, precise, complete, and transparent picture of the bank’s risk profile. The solution also provides visibility into top and emerging risks, enabling the bank to proactively focus on the most critical areas of concern.
Aligning Risk and Policy Management for Better Governance :
To strengthen their policies around risk management while also adhering to PRA1 guidelines, the bank wanted to adopt a consistent, group-wide approach to policy and procedure management. Today the MetricStream solution has given them a structure and framework to link policies to the corresponding areas of compliance, risks, and controls for each business unit and process.
The solution’s standardized policy workflows and integrated data model enable end users to quickly understand how policies impact risk processes, controls, and regulations. The solution also captures policy-related feedback from users. With these capabilities, the bank has been able to strengthen overall governance, as well as the adoption of internal and regulatory guidelines.
Integrating Compliance Strategies and Frameworks :
Before MetricStream, the bank had been looking for a system that would provide contextual compliance information for business executives, regulators, business units, and multiple related departments -- in essence, a tool that would link together all regulations within the business, and deliver clear, 360-degree insights on compliance that could be drilled down into.
With the solution, the bank has adopted a standardized, enterprise-wide approach to policy and procedure management in compliance with PRA requirements.
Today, the MetricStream GRC Platform’s data foundation has allowed the bank to map all their regulatory obligations in a structured, multi-dimensional, relational, and non-redundant compliance data universe that serves as a common source of compliance information for all functions. Each obligation is linked to the applicable lines of business, policies, and controls. In addition, roles and responsibilities are clearly defined to ensure accountability.
The solution also enables the bank to manage global compliance in an integrated manner. It allows users to assess compliance risks, and identify non-compliance incidents for remediation. Compliance risk dashboards, heat maps, and color-coded charts draw focus to critical areas that require attention. A simplified visualization of data sorted by country, risk type, and other parameters helps the bank identify issues quickly.
Integration with regulatory feed channels allows the solution to automatically pull regulatory updates or changes from multiple sources. This data is tracked efficiently, while relevant stakeholders in the bank are automatically notified to assess the associated risks, update policies, test controls, and resolve issues