The Client: A Fortune 500 Bank



In recent years, many of the most reputed banks in the world have incurred substantial losses and reputational hazards resulting from internal fraud, improper business practices, failed processes, and other operational risks. Given the rising complexity of banking processes and products, as well as the growing dependence on modern information technology, it is critical to keep operational risks in check.

Regulations such as Basel III are targeted at protecting banks and their stakeholders against operational risk hazards. Yet compliance with these regulations can be a significant challenge especially at a time when financial institutions are struggling to recover from one of the most debilitating financial crises. Economic volatility, limited resources, and increasing regulatory pressure mark the new business environment.

In the midst of these challenges, the client chose the path towards integrated, proactive, and sustainable Operational Risk Management (ORM) – an approach that will help the institution protect itself and its stakeholders against future financial crises. The client chose MetricStream to support its objectives by providing a single solution for ORM, policy management, compliance program testing, reporting, and issue management.

The solution enables the client to streamline operational risk and control assessment processes, and enhance collaboration across business functions. The solution also provides robust capabilities for risk reporting, risk analysis, and monitoring of Key Risk Indicators (KRIs) which are enabling the client to gain greater visibility into risk data, strengthen decision-making, and optimize business performance.


In a bid to improve the effectiveness and efficiency of its ORM program, the client decided to upgrade its technology, and carefully evaluated the market to find an ORM solution provider that could be relied on. MetricStream emerged as the partner of choice based on its federated approach to risk management, its powerful and innovative solution capabilities, and its ability to support a multi-dimensional global organization with multi-language support.

MetricStream provided the client a comprehensive ORM solution as well as solutions for policy management, compliance control testing, and issue management.


Operational Risk Control Self-Assessment (RCSA)

The MetricStream solution provides a centralized risk framework to document, manage, categorize, and assess all operational risks. It also enables comprehensive planning and scoping for RCSA, so that the client can easily determine high risk areas, and prioritize risk-response processes. Built-in functionalities enable risk assessments based on inherent risks, control effectiveness, and residual risks. Graphical dashboards help track RCSAs across the enterprise in real time, while advanced analytics and reporting capabilities enable data to be aggregated and compared, highlighting issues that need to be addressed on priority.


Loss Management 

Using the MetricStream solution, the client is able to establish and follow consistent processes for loss capture, assessments, control, and monitoring. The solution automatically routes loss events for review and analysis, and triggers a systematic mechanism of loss assessment, control, and monitoring. It also serves as the central repository for loss data, integrating information from other internal systems, and linking them to risks, controls, Key Risk Indicators (KRIs), and action plans for effective statistical analyses. A powerful analytics and reporting capability enables managers to analyze trends, spot recurring problems, and identify the root causes in a timely manner.


Scenario Analyses

The MetricStream solution supports multiple scenario analyses to identify and analyze future risks, as well as the outcome, severity, and probability of those risks. Risk modeling is enabled based on the AMA model and Monte Carlo simulation requirements. The solution is also configured to import statistical analyses from other internal systems, and provide real-time reports on the results. Based on the data, the client is able to effectively enhance risk resilience, and efficiently calculate economic capital.



The MetricStream solution helps define and select both internal and external KRIs along with risk thresholds, to monitor and measure risks. These KRIs are maintained in a central database that is accessible locally, so that risks at all levels can be associated with them. Flexible dashboards help monitor the KRIs closely, and if any threshold breaches occur, the solution automatically triggers email notifications to the appropriate risk owner to take immediate action.


Compliance Program Testing

The MetricStream solution provides a common framework and an integrated approach to manage regulatory compliance requirements such as SOX and Basel II. It enables the client to implement controls based on key risks and regulations, while also supporting control testing, surveys, and certification to monitor and assure continuing compliance. Inbuilt capabilities help manage the complete control testing lifecycle, including review and approval. The results are captured as a test score with recommendations to improve controls.


Policy Management

The process of developing, maintaining, and communicating policies across the client's enterprise is simplified using the MetricStream solution. It stores and organizes all policies in a centralized, Web-based library which is tightly integrated with the compliance, risk, and control framework. Therefore, if a control redesign requires a policy to be altered, the solution enables users to seamlessly initiate the change from within the compliance framework. Powerful collaboration and workflow tools help users access, create, modify, review, and approve policies and procedures across the enterprise in a controlled manner. The solution also helps create enterprise-wide awareness about the organization's policies and procedures, and ensures that training requirements are fully met from a compliance standpoint.


Issue Management

The MetricStream solution helps the client establish and follow consistent processes for capturing issues from multiple sources such as compliance programs, internal incidents, and RCSAs. The solution supports issue identification, evaluation, investigation, and tracking, leading to the relevant corrective action. It captures detailed information about each issue, categorizes the issue based on predefined criteria, and automatically routes it for corrective action. It also helps assign investigative tasks, and send out automatic alerts to notify the appropriate personnel. Executive dashboards enable managers to track the status of each issue as it automatically moves from one stage to the next.



An embedded reporting engine in the MetricStream solution enables powerful and flexible reporting at various levels, including the business group, legal entity, business unit, country, and region level. The solution provides standard reports, while also helping users build custom reports without any programing, using an inbuilt Reports Wizard. Unique drill-down capabilities help users view the require data at the finer levels of detail. Other reporting tools include graphical executive dashboards, Gantt charts, histograms, and spreadsheet compatible graphs.

Business Challenges

As a global organization, the client grapples with a multitude of different ORM requirements across its worldwide operations. To support and manage these varying requirements, the client implemented separate ORM systems, processes, and initiatives for each business/ operational unit. Many of these processes were managed manually through spreadsheets, emails, and phone calls. But over time, this siloed and manual approach gave rise to a number of challenges such as:

  • Lack of collaboration and sharing of risk information across the enterprise
  • Redundancies in risk management and compliance control testing which consumed valuable time, resources, and effort
  • Difficulties in communicating ORM requirements and compliance surveys across multiple languages
  • Limited visibility into risk data at the enterprise level which, in turn, hindered decision-making
  • Inability to proactively determine risk exposure and therefore prepare the institution against future risks
  • Rising costs and effort required for ORM


Why MetricStream?

Rich technology
The MetricStream solution provides a range of sophisticated capabilities, including dashboards, heat maps, configurable forms, real-time exception tracking, reports, risk-control libraries, KRIs, email alerts and notifications, business intelligence, analytics, and secure access control. Moreover, it offers the capability to support multiple languages across the global enterprise.

The MetricStream GRC platform provides the flexibility to be extended beyond ORM in the future, to manage other GRC areas such as audits, IT-GRC, and compliance.

The MetricStream solution provides out-of-the-box functionalities based on industry standards and best practices. It also provides tools to configure the solution to each organization's specific business needs, and seamlessly integrate it with other internal / external systems and programs.

Deep domain expertise 
MetricStream has vast experience working with financial services, banking, and insurance companies. Its solution has been repeatedly chosen to manage operational and enterprise risks, as well as core compliance areas such as Basel II, Solvency II, Data Protection Laws, GLBA, and the Dodd-Frank Act.

Market leadership
MetricStream solutions have been successfully deployed in top financial institutions, including global banks, securities firms, insurance providers, central banks, federal financial agencies, asset management firms, broker-dealer firms, investment banks, and clearing corporations. MetricStream has also been repeatedly recognized as a leader in GRC solutions, by leading industry analysts.



  • Increased collaboration
    Siloed ORM processes are replaced with a single, integrated approach, enabling teams across the enterprise to work together more closely towards managing and mitigating operational risks. This collaborative approach also minimizes redundant or duplicate risk management activities and controls.
  • Standardization of ORM processes
    The centralized risk-control library harmonizes ORM and compliance content across the enterprise. It also enables risks and controls to be managed in a more systematic and standardized manner.
  • Multi-language support
    Users across countries and regions can view the solution interface, and access risk and compliance information in their preferred language – be it English, French, Spanish, German, Italian, or Swedish.
  • Greater transparency
    Executives gain real-time granular insights into risk profiles, KRIs, loss incidents, trends, and scenario analyses. This data helps them spot vulnerabilities and emerging risks, and proactively address these hazards before they have an adverse impact on the organization.
  • Improved decision-making
    ORM and compliance insights are closely aligned with corporate governance and business strategy to help executives make more informed strategic decisions. In addition, powerful analytics and trending analyses help identify opportunities to take more risks, while ensuring that they are within defined limits.
  • Higher agility and efficiency
    End-to-end operational risk management workflows are automated, thus saving time and resources, accelerating processes, and minimizing data errors. Valuable manpower is freed up to be diverted to more essential tasks such as analyzing scenarios or calculating economic capital.




Ready to get started?

Speak to our experts Let’s talk