GRC platform of the year: MetricStream
Aggressive regulation has increased the importance of GRC in 2013. MetricStream’s platform has responded to a growing demand from customers who are keen to avoid the bite of regulatory watchdogs
Increased regulatory pressure and ever-heavier regulatory fines have had a significant impact on the governance, risk and compliance (GRC) sector in recent years. Financial institutions are keen to avoid being next into the headlines, leading to more focus and higher spending on internal controls – and the same is even true in other sectors.
"It's pretty easy to spot news items where someone gets fined a significant dollar amount," says Vidyadhar Phalke, chief technology officer at MetricStream, Operational Risk & Regulation's winner of the best GRC platform in 2013.
Phalke adds that many non-financial sectors, such as medical and retail industries, are also starting to focus on GRC. "You need GRC programmes. It has started to become a basic requirement even for small companies; it's just the cost of doing business," he says.
Small companies have been able to take advantage of cloud technology and subscription models, which have made GRC programmes more cost-effective, says Phalke.
"In a subscription model you're not locked in. You don't have heavy capital expenses or staffing costs. It's just a managed service; you have a web-based framework which anybody can use."
You need GRC programmes. It has started to become a basic requirement even for small companies; it's just the cost of doing business
In large companies, meanwhile, having a chief risk officer or a chief compliance officer has become a common phenomenon.
Regulatory pressure, however, is not the only reason for the increase in spending. Corporate social responsibility is another cause. Organisations are under pressure to manage reputational risk and show they can run their business effectively. Companies are also keen to track loss or near-loss incidents.
"Those incidents need to be tracked, they need to be risk rated and a system has to report them so you can start building a knowledge base within the company which you can reflect back on from time to time," says Phalke. Keeping track of the operational efficiency of a company also allows for internal costs to be kept down.
MetricStream's GRC platform has an underlying data model which consists of a centralised library of risks, regulations, assets, controls, processes, issues, actions, reports, and other GRC-related data objects. The data can be viewed by risk managers, audit managers, and business process owners. Reporting and analytics capabilities can be accessed in real-time. Users are able to access the platform offline, and are provided with email notifications.
Bringing a new customer in can be a challenge, Phalke says: many are upgrading their GRC procedures under pressure.
"Almost invariably in a lot of cases they need everything done yesterday. A big regulatory heavy hand has come in and they run the risk of getting significantly fined."
Customers also need to be clear about their needs. "Do I want to bolster my internal audits, or my operational risk or my compliance and policies?" Phalke asks. Enterprise software can take time to implement, and organisations are often under significant regulatory pressure to implement it within a specific time frame.
Fitting the MetricStream software to different jurisdictions involves changing the contents of the data library, a process that Phalke describes as "relatively simple".
"From the software and tool perspective it's still exactly the same," he says. "We just need to work out what the different varieties are and ensure that the data which goes into the application is different."
The software can aggregate data across an organisation's IT function, extending beyond the GRC area into core banking systems, enterprise resource planning, customer relationship management, asset management systems, and others. And a key focus for MetricStream is keeping up to date with an evolving online environment.
The platform already supports MetricStream applications on tablets and smartphones, and offers assistance with emerging risk profiles from social media interactions. The GRC implications of social media are increasingly important for MetricStream and its customers.
"There are tonnes of companies who monitor social media, but it needs to be put into intelligence which is actionable in the context of GRC," Phalke says. Companies may find themselves liable to fines if, for example, they have not sufficiently trained employees who use social media at work.
Looking forward, a further area of focus is the proliferation of mobile devices and cloud technology.
"The world's applications are moving on to the cloud. This presents a risk to companies which hasn't been managed well," says Phalke. "Even my company will have probably 40 applications in the cloud for various providers and sources, and just tracking and managing that risk is a problem. We know some banks that have around 40,000 cloud applications."
MetricStream is itself offering its own cloud platform, called Zaplet, which allows customers to build their own GRC applications.
"We don't want to be a platform that pretends to know everything and do everything in GRC," says Phalke. Customers can develop their own specialised GRC applications on top of the platform.
"We become the platform and reap the benefits there. It's a multi-prong approach to essentially take on the world over the next few years."
Only users who have a paid subscription or are part of a corporate subscription are able to print or copy content.
To access these options, along with all other subscription benefits, please contact info@risk.net or view our subscription options here: http://subscriptions.risk.net/subscribe
You are currently unable to print this content. Please contact info@risk.net to find out more.
You are currently unable to copy this content. Please contact info@risk.net to find out more.
Copyright Infopro Digital Limited. All rights reserved.
As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (point 2.4), printing is limited to a single copy.
If you would like to purchase additional rights please email info@risk.net
Copyright Infopro Digital Limited. All rights reserved.
You may share this content using our article tools. As outlined in our terms and conditions, https://www.infopro-digital.com/terms-and-conditions/subscriptions/ (clause 2.4), an Authorised User may only make one copy of the materials for their own personal use. You must also comply with the restrictions in clause 2.5.
If you would like to purchase additional rights please email info@risk.net
More on Operational risk
Integrated GRC solutions 2024: market update and vendor landscape
In the face of persistent digitisation challenges and the attendant transformation in business practices, many firms have been struggling to maintain governance and business continuity
Vendor spotlight: Dixtior AML transaction monitoring solutions
The Chartis Research report, AML transaction monitoring solutions, considers how, by working together, financial institutions, vendors and regulators can create more effective anti-money laundering (AML) systems.
Financial crime and compliance50 2024
The detailed analysis for the Financial crime and compliance50 considers firms’ technological advances and strategic direction to provide a complete view of how market leaders are driving transformation in this sector
Automating regulatory compliance and reporting
Flaws in the regulation of the banking sector have been addressed initially by Basel III, implemented last year. Financial institutions can comply with capital and liquidity requirements in a natively integrated yet modular environment by utilising…
Investment banks: the future of risk control
This Risk.net survey report explores the current state of risk controls in investment banks, the challenges of effective engagement across the three lines of defence, and the opportunity to develop a more dynamic approach to first-line risk control
Op risk outlook 2022: the legal perspective
Christoph Kurth, partner of the global financial institutions leadership team at Baker McKenzie, discusses the key themes emerging from Risk.net’s Top 10 op risks 2022 survey and how financial firms can better manage and mitigate the impact of…
Emerging trends in op risk
Karen Man, partner and member of the global financial institutions leadership team at Baker McKenzie, discusses emerging op risks in the wake of the Covid‑19 pandemic, a rise in cyber attacks, concerns around conduct and culture, and the complexities of…
Moving targets: the new rules of conduct risk
How are capital markets firms adapting their approaches to monitoring and managing conduct risk following the Covid‑19 pandemic? In a Risk.net webinar in association with NICE Actimize, the panel discusses changing regulatory requirements, the essentials…