The Client: One of the largest banks in the Middle East with operations spread worldwide
The client has operations in multiple countries with different regulations including FATCA, Basel, and AML mandates. that need to be complied with. For years, they used a manual, paper-based process to comply with these regulations globally. . Not only was this approach cumbersome and inefficient, but it also failed to provide a timely picture of compliance across the enterprise. The MetricStream Compliance Management App enabled the client to automate compliance management workflows, thereby saving time and effort. It also provided real-time visibility into compliance processes, findings, and issues, helping the client take informed steps to preserve their credibility, and protect their reputation.
After evaluating multiple compliance management solution providers, the client chose MetricStream based on the strength of MetricStream’s packaged compliance management app, including its centralized compliance libraries, powerful dashboards, scalability, and extensibility.
Today, the MetricStream app is enabling the client to establish a consistent and streamlined approach to compliance and control management across the enterprise, thereby eliminating any deviations and errors. The app helps automate compliance assessments, reviews, and issue management, thus reducing overall compliance costs. It also enables task owners to take direct responsibility for managing controls while allowing auditors to focus on key compliance risks and project oversight. Advanced reports provide enterprise-wide visibility into compliance processes and findings, highlighting issues that need to be addressed on priority.
The app was deployed over the private and scalable MetricStream GRC Cloud. This enabled the client to realize faster time to value, without compromising on security, availability, and other factors.
Below are the key capabilities of the MetricStream Compliance Management App that are helping the client manage their compliance processes:
Through a centralized library in the MetricStream app, the client defines and maintains an integrated and tightly mapped structure of their compliance hierarchy, including processes and assets in scope, risks for the processes and assets, controls to mitigate the risks, and procedures to evaluate the controls. The app allows the client to map all relevant regulations to various GRC assets. It also maintains relevant policies, reporting requirements, and filing templates and schedules for various regulations.
The MetricStream app enables the client to plan compliance reviews in a consistent and predictable manner. These reviews help evaluate the effectiveness of controls and activities in meeting regulatory requirements. Through the app, users with access rights can efficiently schedule a one-time or recurring compliance review, surveys, or certifications to evaluate areas of compliance, controls, or processes in the organization. They can also create and assign tasks based on which automated alerts and notifications are then sent out to the relevant personnel.
During compliance assessments, the MetricStream app enables the compliance teams to understand the scope of the assessment. It also provides checklists and tools to score, tabulate, and report the results. All assessments are stored in a centralized repository for quick access.
Any issues that are identified during compliance assessments are routed by the solution through a comprehensive process of investigation and remediation. Users can log their findings or issues in the app and map them to the appropriate risk and business function. The app then sends the data to the relevant managers for approval. Once the issue is validated, the app helps the client define an action or remediation plan, and trigger tasks accordingly. Thereafter, the action owner can document the work done on the issue along with the results, and then send the data for review and approval. At each stage, stakeholders can easily track the status of the issue and remediation action.
The MetricStream app provides powerful, graphical dashboards and reports which offer the client enterprisewide visibility into their compliance management processes, while also highlighting issues that need to be addressed. Users can easily track the status of compliance in real time, along with process ownership, review plans, findings, and other key data. They can also drill down to access the data at finer levels of detail.
As an international bank, the client operates in several different geographies with varying regulations. To address these requirements, the organization’s compliance team is divided into three verticals international, domestic, and advisory each of which manages specific tasks and areas of compliance, and then reports the results to the Group Compliance officer (GCO).
Earlier, these three verticals relied largely on paperbased tools and manual processes to plan, perform, and manage their compliance activities. This approach became increasingly time-consuming and cumbersome as the number of compliance requirements grew. Each time a compliance review had to be conducted, users had to deal with piles of papers, and sift through multiple files to compare, consolidate, and report their findings.
Since the company did not have a centralized system to record and manage their compliance related data, visibility into compliance risks and issues was limited. Collaboration and communication on compliance tasks was also difficult. Adding to the challenge, compliance management workflows were not effectively streamlined or standardized, and therefore prone to redundancies in tasks and effort. This challenge also led to increased compliance costs for the client.
Against this backdrop, the client began looking for a technology based compliance management solution that would help them automate and accelerate their compliance management activities, while also strengthening visibility into compliance risks and other areas of concern.