Best GRC product: MetricStream
Operational Risk Awards 2015: MetricStream benefits from exclusive and rigorous focus on governance, risk and compliance sector
Over the past two years, a new set of risks has confronted financial institutions, demanding the attention of operational risk managers. These are not the conventional risk types that were historically the mainstay of governance, risk and compliance (GRC) platforms, but rather the more complex and challenging consequences of the digital age.
The threat of cyber attack is clearly the most significant and concerning of these risks, as financial institutions around the world face up to the inevitability of cyber crime and the need to build stronger defences and recovery mechanisms. Additionally, as social media plays a more important role in corporate communications, the associated reputational risk must be managed, while the increasing volume of data generated by banks brings its own unique set of challenges.
Many GRC platforms had already been overhauled in recent years to deal with the demands of new regulations, but these IT-related risks have become the latest drivers of change, requiring vendors to adapt their technology and build the functionality to assess and manage new risk types.
"In the current regulatory environment, there is more and more need for consolidated reporting and comprehensive understanding of the risks to which an organisation is exposed. You need a GRC platform that brings everything together, taking inputs from across business lines to create an aggregated picture of risk and a decision-making aid at the executive level," says Piyush Pant, London-based vice-president for strategic markets at software vendor MetricStream.
MetricStream wins this year's award for GRC platform of the year, having maintained a rigorous and exclusive focus on the GRC sector; an attribute that helped it to outflank some of its larger competitors. With 350 customer installations globally, MetricStream serves multiple industries, but financial institutions make up the largest proportion – around 45% – of its client base. It has been growing its overall client base at a rate of roughly 40% per year.
"We are probably the only vendor that has remained consistently focused on GRC and that has allowed us to evolve our product more quickly to meet the demands of our clients. We have concentrated in recent years on expanding the content of the platform and building a community among users so that they can collectively drive the enhancements they need," says Pant.
While sophisticated technology tailored to the needs of users is naturally central to the success of any platform, clients can also derive considerable value from having access to a pool of reliable and relevant content – such as market intelligence or regulatory feeds – particularly when confronting newer types of risk and regulatory requirements. In March 2014, MetricStream created a cloud-based portal, GRCIntelligence.com, to aggregate and host this kind of content, sourced from an approved set of providers.
For banks, the combined effect of regulation and the emergence of new risk types is driving them to make more detailed assessments of their exposures, with a particular focus on cyber risk, while also re-evaluating their GRC frameworks to incorporate a greater focus on IT-related risks.
"In the past, there were often two distinct categories of risk management within large organisations – one would be at the enterprise level and the other would deal with low-level IT issues such as server attacks. As IT risks have become more serious in recent years, we see many large financial institutions merging these functions, with cyber risk and IT risk becoming an integral part of the GRC framework," says Pant.
That amalgamation of risk frameworks is driven by both regulatory and management pressure, as regulators demand a more joined-up approach to assessing and managing risk, while management pushes for a rationalisation of systems to reduce costs and enhance efficiency.
"Many banks and large financial institutions have historically used multiple systems to track different types of risk, creating a high cost of ownership. As they bring IT risk management into the GRC framework, they are reducing the number of systems they run," says Pant.
The type of platform required can vary significantly from one bank to another, with some larger banks undertaking global GRC programmes that span multiple business lines and require significant customisation. At the other end of the scale, some smaller banks might look to address specific pressure points more quickly, which could mean a more straightforward installation.
"GRC is an interesting sector because all banks need this kind of software in place, but they do it in different ways. Large global organisations might need support for thousands of users, numerous businesses and multiple languages, but smaller entities will typically use a cloud-based pre-packaged system that can be deployed much more rapidly," says Pant.
Either way, the ambitions are broadly similar: to streamline GRC processes, comply with new regulations and ensure the business is responding to new and existing risks in a joined-up and coherent manner. Achieving this is an area where Pant and his colleagues are eager to help.
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Awards
Environmental products house of the year: ENGIE
ENGIE is driving change in energy transition, with a strong focus on renewable energy and the liberalisation of power markets in Apac, which presents significant long-term growth opportunities. In recognition of its efforts, ENGIE GEMS has been named…
Natural gas/LNG house of the year: ENGIE
ENGIE continues to expand its services to better serve firms in Apac dealing with the challenges of energy risk management and supply
FRTB management solution of the year: Bloomberg
Amid the diverging timeframes and complex requirements of FRTB, Bloomberg offers a consistent, comprehensive and customisable solution for Apac banks preparing for implementation
Newcomer of the year: Topaz Technology
Jon Fox and former colleagues formed Topaz Technology in 2015. Having seen many different systems and, in some cases, written and built a few themselves, there was always something missing, leading them to build a system that unifies risk reporting and…
Technology vendor of the year: Murex
As a technology vendor, Murex places adaptability front and centre of everything it does, constantly enriching its MX.3 platform to ensure institutions can respond to new market opportunities as soon as they spot them
Currency derivatives house of the year: Deutsche Bank
Asia Risk Awards 2024
Interest rate derivatives house of the year: Standard Chartered Bank
Asia Risk Awards 2024
Derivatives house of the year, Taiwan: CTBC Bank
Asia Risk Awards 2024