A Premier Community Bank Enables a Collaborative and Federated Approach to GRC

Increased regulatory scrutiny, an overwhelming number of regulations, and complex market, credit, and operational risks are major challenges that mid-sized banks face today.  As they strive to expand their product portfolio and compete in an industry dominated by global banks, mid-sized banks are expected to comply with the same regulations despite having leaner IT infrastructure and fewer resources.

In this challenging environment, the bank felt the need to adopt a more effective and integrated GRC approach that would replace multiple systems catering to individual departments and functions. The bank wanted to create a transparent GRC environment, where risks could be identified and resolved in real-time. MetricStream helped the bank implement a centralized GRC solution, deployed as a cloud offering, that provided enterprise-wide visibility into risks, helped ensure compliance with all the regulatory requirements, increased collaboration between teams, and helped enhance business performance


The bank was quick to react to its challenges, and opted for MetricStream’s hosted solution to integrate and automate its GRC processes. The MetricStream solution provided a single framework to address the full range of the bank’s GRC requirements including Operational Risk Management (ORM), Enterprise Risk Management (ERM), regulatory compliance, internal audit, policy management, business line risk assessment,  and internal/ credit asset review. The solution was deployed as a secure cloud offering, enabling the bank to start using the solution very quickly, while also minimizing infrastructure costs.

Operational Risk Management 
The MetricStream solution provides a centralized risk framework to document all operational risks faced by the bank. Advanced capabilities for Risk Control Self-Assessments (RCSAs) help identify and assess risks based on a flexible rating mechanism. The solution also enables the appropriate controls to be defined and assessed based on predefined criteria and checklists, with tools to score, tabulate, and report the results. Inbuilt loss event tracking capabilities help risk managers monitor loss incidents and near misses, record the amounts, and determine the root causes and ownership. In addition, capabilities for Key Risk Indicators (KRIs) help track risk metrics and thresholds, with automatic alerts indicating when thresholds have been breached. Graphical dashboards and risk heat maps enable the bank to track risk profiles, control ownership, assessment plans, and more across the enterprise, but in a controlled manner.

Enterprise Risk Management
The MetricStream solution facilitates a better, faster and transparent reporting of risks across the bank. It helps identify, measure, and manage enterprise risks through a federated approach wherein process owners take direct responsibility for managing their risks while simultaneously, risk information from across the enterprise is rolled up to be viewed by risk managers and executives at the top. The solution streamlines the entire ERM lifecycle, and brings together all risk and control data in a centralized risk-control library for greater harmonization of data.  Embedded best practices help strengthen risk management, and guide the development of control and test data.

Compliance Management
Using the MetricStream solution, the bank is able to simplify and strengthen compliance with SOX and other regulatory requirements as well as internal compliance requirements. The solution enables the bank to design and assess internal controls, monitor compliance processes, and easily provide evidence to external auditors that an internal control was properly tested. It supports automated control testing, and collates control data from across the enterprise to be displayed in comprehensive reports that provide complete visibility into internal controls, and highlight important issues that need to be addressed.  It also streamlines survey processes to affirm the strength of internal controls, and rolls this information up to the executive management to be reviewed and certified as per the regulatory requirement.

Policy Management
The MetricStream solution helps the bank streamline the creation, management, and communication of organizational policies that employees, partners, and vendors need to adhere to. All policies are stored in a centralized, Web-based framework, and mapped to the corresponding risks and controls to build a tightly-knit compliance framework. Powerful collaboration and workflow tools help users access, create, modify, review, and approve policies and procedures across the enterprise in a controlled manner. The solution also enables the bank to establish and follow consistent procedures for capturing policy exceptions, reporting, managing tasks, and reporting statuses. Advanced analytics and reporting capabilities provide real-time visibility into policy related issues, and help reduce the risk of non-compliance.

Internal Audit Management 
The MetricStream solution helps the bank streamline the complete internal audit lifecycle – right from audit planning and scheduling, to audit fieldwork, to reporting, to review of recommendations, and implementation of these recommendations. The solution also enables a risk-based audit by assessing risks, and prioritizing audits accordingly. In-built capabilities such as shared calendars, audit advisor, auditor time sheets, and assignment tracking help optimize the value of the audits. Automated alerts ensure that all audit processes are on track and able to meets targets.

Internal/ Credit Asset Reviews
To monitor and address risks associated with lending activities, the bank conducts regular credit asset reviews to keep a check on customers with outstanding loans or credit lines.  The MetricStream solution was configured to meet the client’s unique credit asset review requirements. It streamlines review planning, risk assessment, monitoring of approval workflows, and management and reporting of issues.  The solution routes the relevant loan information and history of each customer for internal assessments, and then passes the report to the respective officers for approval. The approving officers check for risks that the bank could face which are, in turn, communicated to the management.

Issue Management
The MetricStream solution enables a systematic approach to managing issues from multiple sources across the bank. The solution captures and categorizes issues based on predefined criteria, and routes them for investigation, tracking, and corrective action. Automatic alerts notify the responsible personnel, and help keep the process on track. Each issue can be tracked as it automatically moves from one stage to the next.

The MetricStream solution supports comprehensive reporting by each department, while at the same time, consolidating these independent reports into a single enterprise level report and dashboards to be viewed at the top by executives. These reports and dashboards are equipped with drill-down capabilities to view data at finer levels of detail, and gain a keener picture of risks, control performance, audits, issues, and loss data, across the organization.  This information can be sliced and diced to identify recurring issues, trends, and other information that is essential for decision-making.


The bank used a number of stand-alone software applications and point solutions to manage GRC processes across the enterprise. But with new risks and regulations constantly emerging, the bank needed a more integrated and streamlined solution. Without it, the bank would be faced with:

  • A lack of collaboration and information-sharing which would lead to redundant GRC processes
  • Limited visibility into risks, controls, and the processes used to manage them
  • Inability to monitor GRC processes in real time, to identify loop holes and vulnerabilities
  • A lack of sufficient GRC information at the enterprise level to help executives make important strategic decisions
  • Exhausting manual processes that would consume substantial time and effort, leaving GRC managers with no time for value-added tasks such as risk or audit analysis

Why the company selected MetricStream?

1. World-class technological innovation

The MetricStream solution is filled with a variety of innovative capabilities, including risk scenario analysis tools, risk-control libraries, graphical dashboards, resource management tools, and automatic alerts which are designed to strengthen and optimize GRC processes.

2. Harmonized controls

The solution enables controls to be mapped to risks and regulatory requirements in a one-to-one and one-to-many manner. Thereby, controls can be shared across the enterprise, enabling the organization to quickly realize value.

3. Comprehensive reporting
Powerful dashboards, reports, charts, and maps aggregate enterprise-wide data, and deliver real-time visibility into KRIs, performance indicators, and other critical metrics for executive management committee, ERM committee, and Board of Directors.

4. High degree of flexibility
Apart from providing out-of-the-box functionalities, the MetricStream solution can also be configured to each organization’s specific business requirements, and seamlessly integrated with various existing internal / external systems and programs.

5. Market leadership
MetricStream solutions have been successfully deployed in top financial institutions, including global banks, securities firms, insurance providers, central banks, federal financial agencies, asset management firms, broker-dealer firms, investment banks, and clearing corporations. MetricStream has also been repeatedly recognized as a leader in GRC solutions, by leading industry analysts.

  • Minimal redundancies: The MetricStream solution extends across the enterprise, breaking down silos, and strengthening collaboration and coordination on GRC processes across departments, business units, and groups. As a result, redundant activities and duplicate efforts are minimized.
  • Increased visibility: The real-time information delivered by the MetricStream solution enables the bank to closely track risks, control performance, compliance activities, and other GRC initiatives. Any issues or adverse events identified can be proactively addressed, thus protecting the organization against harmful losses
  • Stronger decision-making: The MetricStream solution’s federated approach enables executives at the top gain a consolidated view of GRC data from across the enterprise. This data is aligned with business strategy to make confident decisions
  • Reduced costs: The MetricStream solution automates multiple processes, thus saving time, resources, and effort. It has enabled the bank to shrink its compliance team by establishing smarter and more efficient GRC processes.

Ready to get started?

Speak to our experts Let’s talk