Complying with a vast and constantly changing web of regulations can be extremely difficult when you’re one of the world’s largest financial services institutions. Learn how one bank dealt with these challenges in an efficient and collaborative manner using MetricStream solutions
As a large global enterprise with diverse business interests, the bank is subject to a complex and highly dynamic web of regulations. Earlier, these requirements were dealt with reactively i.e. by developing multiple, disconnected compliance programs and systems without any integration between them. The result was a maze of compliance siloes that failed to provide an accurate picture of enterprise-level compliance.
In response, the bank began looking for a way to integrate their compliance initiatives into a single source of truth. Their aim was to reduce process redundancies, while enhancing cross-functional coordination on both regulatory and corporate compliance processes.
The Compliance Quandary: For many years, the bank managed their compliance processes manually – an approach that was not only prone to data errors, but also highly cumbersome, given the number of global and local regulations that had to be complied with.
In addition, the bank didn’t have an efficient mechanism to manage regulatory changes. Alerts from various regulatory information sources were captured in an ad-hoc manner using multiple different spreadsheets rather than standard templates. This model wasn’t a sustainable one, especially as the pace of regulatory change increased.
When it came to regulatory exams, meetings, and other interactions, the amount of paperwork involved was overwhelming. A single regulatory engagement could have thousands of tasks and sub-tasks, each of which had to be dealt with systematically. Stakeholders needed to know which document to submit, by when, and against which request.
None of these challenges could be solved manually or disparately. The bank wanted a system that would integrate compliance processes, so that the insights that ultimately rolled up to the senior management and board would provide a complete, accurate, and real-time view of the enterprise’s compliance posture. To meet these requirements, the bank chose the MetricStream solution for compliance management, built on a scalable, extensible GRC platform.
Efficient Obligation Mapping and Policy Management: Using the GRC platform’s data foundation, the bank has been able to map all regulatory rules or obligations in a structured, multi-dimensional, relational, and non-redundant compliance data universe that serves as a common source of compliance information for all functions. Each obligation is linked to the applicable lines of business, policies, and controls. In addition, roles and responsibilities are clearly defined to ensure accountability.
The solution also helps the bank manage the complete lifecycle of organizational policies across business units, divisions, and global locations. It standardizes policy workflows, while integrating data in a way that enables users to easily understand the impact of regulations, risks, and controls on policies.
Streamlined Regulatory Change Management:Through the solution, the bank has set up regulatory feed channels which automatically pull regulatory updates from multiple sources. These changes are tracked efficiently, while all impacted stakeholders (identified through the underlying relationships to organizational structures) are notified and involved in various stages of the regulatory development process.
The solution also streamlines the process of analyzing the impact of regulatory changes. It helps in assessing the associated risks, reviewing and approving change management tasks, updating policies, testing controls, and resolving issues.
Regulatory development tasks are assigned, tracked, reviewed, and approved in a systematic and consistent manner. Automated updates and alerts help ensure that all regulatory developments and corresponding actions are monitored through to closure.
Improved Visibility into Compliance Risks and Issues: The solution enables the bank to assess compliance risks based on configurable methodologies and algorithms. It delivers both quantitative and qualitative ratings on risk impact and likelihood, allowing users to identify potential issues and areas of concern.
Meanwhile, compliance risk dashboards, heat maps, and color-coded charts highlight areas that require attention through a simplified visualization of risk data sorted by country, risk type, and other parameters. Any issues that are found are routed through a coordinated remediation process.
Effective Control Monitoring and Testing: The solution supports first and second line of defense control monitoring and testing (CMAT), as well as internal audit-led control evaluations. At the end of each test or self-assessment, all non-compliance issues or control deficiencies are managed and resolved centrally.
Simplified Case Management: Using the solution, the bank can capture, investigate, and resolve compliance cases or violations that are found. Intuitive reports and dashboards make it easy for stakeholders to identify the cases that need immediate action and investigation.
Empowerment of the First Line with Compliance Advisory Services: MetricStream has helped the bank set up a framework for compliance advisory services wherein different business lines can reach out to the compliance team to clarify regulations, rules, laws, guidelines, and other information.
The solution captures requests from the business, and routes them to the appropriate compliance subject matter expert. Compliance teams can retain a secure repository of the advice documentation, while maintaining an auditable trail of changes made to the data as it flows into businesses and regions. Issues and actions can also be tracked based on the advice provided.
Enhanced Credibility with Regulators:With the MetricStream solution, the bank can successfully manage and coordinate multiple types of regulatory engagements, including exams, meetings, and information requests. The solution streamlines and automates engagement workflows – right from when a regulatory notification is received by the bank, till the response is submitted and the findings are addressed. Interactive dashboards and reports provide comprehensive visibility into all regulatory engagements, enabling the bank to proactively identify and respond to trends, areas of concern, and opportunities.
Engagement managers can swiftly track and address regulatory findings, issues, and concerns.