1. CASE STUDY
A MAJOR FINANCIAL ORGANIZATION BUILDS A COLLABORATIVE,
MetricStream INTEGRATED FRAMEWORK FOR PROACTIVE OPERATIONAL RISK
MANAGEMENT
Customer
The customer is one of the largest financial organizations, overseeing the safe transfer, clearing and
settlement of trillions of dollars in trade obligations every day. With several subsidiaries, thousands of
customers across the globe, operations that extend beyond the US, and support for multiple exchang-
es, the company’s services are critical to the smooth functioning of the economy.
Overview
In today’s volatile and deeply complex markets, the role of financial organizations has become critical
to fostering financial stability and mitigating risks. Every single day, many such organizations ensure
that post-trade obligations are met, transactions are settled, and market risks are flushed out of the
settlement system.
Any malfunction within their systems could jeopardize the seamless functioning of the markets, and
consequently, the whole economy. Therefore, the pressure on these organizations to successfully
Benefits manage risks at every step is tremendous.
Greater collaboration and accountability: The
MetricStream solution is enabling the company to The company and its subsidiaries are renowned for managing customer risks efficiently, vigorously
transition risk management from multiple siloed and effectively. Through decades of high profile bankruptcies, the company has played a critical role in
processes to a single, federated approach that facili- protecting the markets and economy from loss by employing a wide range of tools, including central-
tates greater collaboration. The solution’s integrated ized trade netting and capital adequacy standards.
framework enables various teams and process
owners to work closely together to assess, monitor
and mitigate risks. It also enables ORM programs to However, the increasing globalization of capital markets, complexity of market instruments and the
be more closely aligned with Corporate Governance company’s own vast and deeply elaborate organizational structure, prompted it to consider upgrading
and strategy at the enterprise-level, while fostering its Operational Risk Management (ORM) system.
greater ownership and accountability for risk at the
process level. The company wanted to establish an integrated framework to integrate ORM initiatives, and align
them with corporate strategy, instead of handling them in separate silos. Its aim was to enhance col-
Harmonization of ORM content across the enter- laboration across business units, establish a closed-loop ORM process, and facilitate greater transpar-
prise: The MetricStream solution provides a central- ency into risk metrics.
ized library of risk-control content and KRIs which
enable the company to manage risks and controls in
a more systematic, accurate and efficient manner. Challenges
Information-sharing and coordination is enhanced
which, in turn, prevents redundant or duplicate risk- Lack of collaboration: The company is made up of several subsidiaries that function as stand-alone
control assessments. Thereby, process efficiency is entities. Each has its own operational risks which were managed in separate systems, processes
improved, and costs are saved.
and initiatives. There was very little, if any collaboration and information sharing among the entities.
Real-time operational risk intelligence: The Metric-
This siloed approach inevitably resulted in duplicate risk-control assessments which, in turn, wasted
Stream solution provides real-time, granular insights valuable time and resources.
into risk profiles, KRIs, loss incidents, near misses
and scenario analyses which are critical in decision- Limited transparency: Managers needed a clear view of risks in order to proactively identify and re-
making. The solution also highlights key risk trends, solve vulnerabilities. But due to the company’s siloed and disparate approaches to ORM, the manag-
enabling the company to identify opportunities for ers had to rely on isolated and manually prepared insights from each business entity. It was extremely
taking more risks, while ensuring that risks taken are
difficult to gain a consolidated view of ORM at the enterprise level.
well within the defined limits. Automated alerts keep
the process on track, and eliminate surprises.
Lack of preparedness for future risks: Without real-time insights into key risk metrics, the com-
Enhanced transparency: Through powerful dash- pany’s approach to risk management was more retrospective than forward-looking. It did not have the
boards, charts and heat maps, the MetricStream tools to proactively identify and mitigate emerging or unanticipated risks.
solution enables the company to monitor the status
of ORM processes in real time across processes, High costs of ORM: Process owners used manual processes and paper-based spreadsheets to record
business units and locations. All trending analyses,
risk and control data. As a result, tremendous amounts of time, effort and resources had to be spent
reports and dashboards can be drilled down to view
the finer details. Thereby, the company is able to spot on documenting findings, consolidating the data and preparing reports. Data analysis and comparison
vulnerabilities and loop holes before they occur, and were also difficult because the spreadsheets were cumbersome, unwieldy and prone to manual errors.
act quickly to resolve them. In-depth cross-enterprise
visibility into KRIs and risk profiles helps managers
identify emerging risks, and proactively address them Solution
before they have an adverse impact on the company.
After understanding the limitations of its existing risk management systems, the company opted for
an upgrade. It prepared an extensive list of technological requirements, studied the market carefully,
and analyzedthe various risk management products available. Eventually, the company selected
MetricStream based on its successful track record in leading financial institutions, as well as the rich
capabilities, flexibility and extendibility of MetricStream’s solution.
2. MetricStream
MetricStream provided the company a complete Operational Risk Management Solution built on an
Benefits integrated GRC platform that integrates, streamlines and automates multiple ORM initiatives across
the company’s subsidiaries.
Improved agility and efficiency: The MetricStream
solution automates end-to-end operational risk man-
agement workflows, thus saving time and resources, Risk Control Self-Assessment
accelerating processes, and minimizing data errors. The MetricStream solution provides a centralized ORM framework to profile the company’s opera-
It also frees up valuable manpower to be diverted tional risks in great detail. Process owners are able to comprehensively document and evaluate their
to other more essential tasks such as analyzing
scenarios or calculating economic capital.
risk frameworks, including processes, risks, events and Key Risk Indicators (KRI).
Efficient allocation of operational risk capital: The solution enables Risk Control Self-Assessments (RCSAs) to be conducted in either a scheduled
The MetricStream solution enables the company or ad hoc manner. It also supports risk rating based on predefined rating methodologies, and helps
to measure, monitor and mitigate its operational process owners prioritize risk-response outcomes.
risk exposure at all levels. The solution also helps
measure residual risk, and provides an in-depth view
Once the key risks are identified and prioritized, the MetricStream solution provides a flexible
of the company’s operational risk profile. This, in
turn, enables efficient allocation and utilization of
framework to define controls according to various parameters such as manual, automated, detective,
operational risk capital. preventive, frequency and cost. Each control can be associated with others on a one-to-one or many-
to-many basis.
The solution also enables control assessments both at the top-level and process-level, as well as tar-
geted and deep dive assessments. Its intuitive capabilities to score, tabulate and report results enable
process owners to quickly evaluate control effectiveness.
Across complex organizational hierarchies, the solution links multiple risks, controls, policies and
processes together, thereby simplifying RCSAs. It also supports residual risk rating which determines
if risks need to be mitigated or accepted.
At each stage, supporting documents such as policy and procedure files and work-papers can be
attached to the assessments. All documents and assessment results are stored in a centralized
repository with easy search capabilities. Thereby, process owners and managers can quickly check
if a control was tested according to specifications, and if an action plan is required. If so, the solution
automatically routes the identified issue for investigation and remediation.
Continual monitoring of RCSAs is streamlined and automated. Therefore, even when the area’s risk
and control environment changes, the solution seamlessly incorporates the changes, and simplifies
process monitoring.
Key Risk Indicators
After risks and their root causes are identified, the MetricStream solution helps define and select KRIs
along with their risk thresholds. These KRIs can be entered into the system either manually or through
automated data feeds.
The solution provides a systematic, on-going process to track KRI metrics, and prevent large
operational losses. It also provides trending analytics to identify increasing/decreasing risk trends.
Automated alerts indicate when thresholds are about to be breached, while a centralized KRI library
enables risk metrics to be easily monitored and referenced.
Loss Management
The MetricStream solution enables tracking of loss incidents and near misses, as well as identification
of their root causes and ownership. Through manual or automated feeds, it captures multiple incidents
- including financial and non-financial incidents - and integrates them in a centralized database.
Embedded statistical and trend analysis capabilities help identify key risks, examine inconsistencies,
analyze recurring patterns and weaknesses, and recommend actions to mitigate losses.
The solution closely tracks action plans, near misses, losses and incidents. It also identifies when
thresholds are about to be breached, and sends out automatic emails and notifications to the respec-
tive process owners.
3. MetricStream
Scenario analysis
Why MetricStream
Scenario analyses enable the company to assess future risk, including its outcomes, severity and
probability. This is critical in enhancing the effectiveness and efficiency of risk management process-
Technology innovation: The MetricStream solution es, as well as calculating economic capital.
provide a host of innovative capabilities such as
powerful dashboards, heat maps, configurable forms,
real-time exception tracking, reports, risk-control The MetricStream solution provides process owners comprehensive information on incidents, RCSAs,
libraries, KRIs, email alerts and notifications, business KRIs, audit issues and other relevant business metrics for establishing scenarios. It also provides a
intelligence, analytics and secure access control – all holistic view of scenarios across all entities and assets, and supports Monte Carlo simulations.
built and deployed on the robust MetricStream GRC
platform. Issue management
The MetricStream solution enables the company to seamlessly investigate and resolve issues arising
Simplified user interface: Highly intuitive user inter-
from RCSAs, loss incidents or scenario analyses. The solution captures and integrates relevant issue
faces and well-defined navigation standards minimize
the learning curve, and ensure quick adoption of
information, such as the description of each issue, date of identification, root cause, severity and
the MetricStream solution. Users are able to easily owner.
monitor risks and controls, quickly access contextual
information, and intuitively visualize the relationships It then triggers a systematic mechanism to route the issue to authorized users for an in-depth inves-
between processes, risks, controls, regulations and tigation and remediation process. Each issue is assigned a unique ID, making it easy for owners to
policies. track the issue as it moves from one stage to the next.
High degree of flexibility: The MetricStream solu- The solution automatically monitors the progress of the issue, and provides automatic alerts if dead-
tion provides out-of-the-box functionalities based lines are missed. An embedded audit trail enables managers to track issue changes, activity, status
on industry standards and best practices. It also
and dates, while dashboards and flexible reports provide key statistics and data on the issue.
provides tools to configure and model the solution to
each organization’s specific business requirements.
Reports, forms, fields and workflows can be rapidly Once a corrective action or remediation is initiated, the case remains open till the action plan is car-
created and modified to suit business needs and rules ried out, and results are verified for effectiveness.
without any programming or coding. The solution also
provides the flexibility to be integrated with various Reporting
existing internal / external systems and programs.
The MetricStream solution consolidates RCSAs, risk profiles, issues and loss data in graphical charts,
High degree of extensibility: The MetricStream plat- reports and dashboards. Thereby, managers gain a real-time, birds-eye view of ORM processes across
form is scalable, and can be quickly extended beyond the enterprise.
risk management to other areas of GRC, including
audit management, compliance management and Each dashboard comes with drill-down capabilities that display data at finer levels of detail. Managers
policy management. can analyze and compare the data by various categories such as risk type, time horizon, process or
business unit. Ad hoc or scheduled reports can be generated in PDF and PowerPoint, or exported to
Market leadership: Leading analysts and industry
experts regard MetricStream as one of the market other systems.
leaders in the GRC space. MetricStream solutions are
widely deployed in leading global financial institu- The solution provides quarterly and monthly trending analyses which can be drilled down to view
tions. the underlying details. This helps top management stay in constant touch with the ground reality and
progress on ORM programs. Automated alerts for events such as exceptions and failures eliminate
Thought leadership: MetricStream’s knowledge surprises, and make the process predictable.
portal ComplianceOnline.com is visited by hundreds
of thousands of compliance professionals annually
to search for content, and access the latest thinking,
innovative ideas and best practices. The portal is fully
integrated into MetricStream’s application suite.
For more information, visit
www.metricstream.com
Copyright 2011. All Rights Reserved.