ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

MetricStream Named Category Leader in All Seven Quadrants of the Chartis Research RiskTech Quadrant® for Integrated GRC Solutions, 2024

MetricStream Named Category Leader in All Seven Quadrants of the Chartis Research RiskTech Quadrant® for Integrated GRC Solutions, 2024

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Looking into 2025 – A Journey Through GRC Challenges and Priorities

Download the Report

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
featured-blog featured-blog

GRC

Blogs

8 Reasons Why You Should Attend the GRC Summit

GRC Summit MetricStream
3 min read

Introduction

We are well and truly in countdown mode as we approach the end of October! Not long at all now until the GRC Summit 2022 in London.

MetricStream’s flagship event, the GRC Summit, has for the past 9 years consistently provided opportunities for the GRC community to connect, share insights, exchange best practices, and most importantly set the stage for what's next in GRC. Our theme this 10th year is Experience the Power of Connection, empowering you to do more as you continue to thrive on risk!

If you haven’t got your ticket yet – here are some of the reasons you should attend the GRC Summit!

  • Networking

    Whether it’s at happy hours, or during the breakout sessions, the Summit gives you the opportunity to mingle with your peers and industry experts over the two days. It’s been rare to have the opportunity to do this in person and now is the time to connect with old friends and make new ones!

    Fun fact: With 60+ speakers and 200+ attendees there will be no lack of networking opportunities.

  • Education

    I don’t think it’s possible to go to an event and not learn anything. No, that’s not a challenge! Come and listen to other experts discuss their GRC experiences, learn what not to do and how to make your job easier! You’ve got nothing to lose.

    Fun Fact: There will be Keynote sessions on both days! Make sure you attend.

  • Inspiration

    Be inspired to think differently! There’s nothing more gratifying than being in the presence of experts you admire as they provide insights that inspire more than just the day job. Hear from industry leaders who have come from a variety of backgrounds with a common interest in GRC and thriving on risk.

    Fun Fact: Get future-ready now! Watch out for the innovation sessions on risk, resilience, and ESG.

  • Recognition

    The GRC Journey awards offer a great opportunity to celebrate wins with your team and wider network. Each year, the awards celebrate and honor business partners, individuals, and customer organizations that have made significant strides on their GRC journeys toward strengthening business performance.

    Fun Fact: Awards will be presented in 5 categories this year!

  • Exchange Views on Shared Challenges

    Imagine being in a room with people who understand your exact situation or have been in a similar situation and can offer insights on how to solve them. Powerful right? Exchanging knowledge and best practices can help others avoid common mistakes and support their business goals. We all have regulations we need to comply with – but the process of how different organizations handle these can vary. Take time to learn from these shared challenges!

    Fun Fact: Attend the Customer Case Study sessions to learn best practices.

  • Invest in Your Own Growth

    Now while I don’t believe you need to be physically present to show personal growth, networking, and putting yourself out of your comfort zone, learning something new all goes towards strengthening your career and sharpening your skills.

    Fun Fact: With 50+ sessions, the Summit is a great place to learn new skills to build your career.

  • Energy of Like-Minded Individuals

    There’s a reason we’re talking about the ‘Power of Connection’. During COVID-19 this was non-existent, but as the world changes again we’re energized and ready to go with a stellar line-up of speakers and attendees all excited to be in London in person again!

    Fun Fact: With C-level panels and expert talks, the energy is unparalleled!

  • Have Fun!

    The GRC Summit is a conference like no other – providing you with the opportunities to learn, network, and mingle with experts and your peers! But you know what – the Happy Hour and Networking Breaks also offer you the ability to get to know other attendees and enjoy the few days we have together!

    Fun Fact: From networking breakfasts to an awards dinner, you are sure to have plenty of fun-filled activities.

If you’re interested in grabbing a ticket – get in quick! You can register and find out more information here.

Check out the Agenda and Register Now!

Jump to Topic
Victoria- MetricStream

Victoria Boreham

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

MetricStream’s Euphrates Release. 6 Innovations to Power Your GRC Journey

Euphrates Release
4 min read

Introduction

The potential of GRC as a business growth enabler is immense. As businesses seek to build resilience in a volatile environment marked by geopolitical tensions, economic instability, health challenges, and an escalating climate crisis, a connected GRC approach that is agile, intelligent, proactive, and data-driven empowers organizations to adapt quickly and get ahead of risks. Facilitating this is your GRC software solution. Your solution should be intuitive and easily configurable, making it simple to use for risk, compliance, cyber, and ESG teams. Your solution should work for your teams to provide real-time, autonomous monitoring capabilities that can proactively capture vulnerabilities, control for limitations, and manage regulatory updates.

At MetricStream, we are committed to simplifying and streamlining how organizations manage, measure, and mitigate risk. And with the speed and scale of risk events today – and the expansion of cyber, ESG, third-party, and compliance risks – accelerating access to and delivering intuitive GRC solutions is critical to risk and resiliency management success. The innovations in our latest software release do just that—help you gain an advantage through automation, configurability, simplicity, and a connected GRC experience.

Download Now: What’s New in the Euphrates Release

Euphrates Release Innovations: Built to Empower Risk, Compliance, Cyber, and ESG Teams

MetricStream’s latest release, Euphrates, has multiple new features and functionalities to celebrate. Connected GRC insights, ease of configurability, continuous control monitoring, automated evidence management, and regulatory inventory scanning, are just a few of what’s new in this release. Scroll down to read the top 6 innovations of the Euphrates release.

  • Fast, Easy, and Secure Configurations with Low-Code/No-Code

    Your organization is unique and so are your requirements! With the Euphrates release, it is simple for you to configure our ConnectedGRC products for your specific use cases. Low-code enables you to use GRC domain-specific language, built on the Groovy scripting language, to tailor our product to your organizational, team, or individual user’s needs—with minimal effort. No-code enables your non-tech teams to upskill and configure their own product experiences with simple drag-and-drop interfaces, enabling them to personalize applications, create and change fields, and build reports and templates. And all these configurations are automatically saved and applicable to your environment even when you upgrade to newer versions.

  • Connected GRC Insights in Minutes

    As a future-ready organization, you know the importance of having a panoramic view of your organizational GRC posture to make informed business decisions. With the Euphrates release, data sharing between MetricStream products and third-party GRC solutions allows you to gain a comprehensive, contextual, and more accurate view of risks – within minutes, not hours, not days. And it gets better! You can configure the data-sharing capability in a few simple clicks to get a personalized report.

  • Faster, Easier Approach to Assessments in Operational Risk

    The strategic role that the frontline plays in risk management cannot be emphasized enough. With the Euphrates release, your organization is now empowered to improve risk awareness by enabling your frontline employees with either a simple, intuitive approach or a more detailed option to complete timely, observational risk assessments. For first-line users, no prior settings are required; for second-line risk managers, demands are reduced while assessment scope and speed are increased. And by eliminating the dependency on the second and third lines, your frontline is empowered to participate more actively.

  • Curated Regulatory Intelligence

    Keeping up with the constantly changing regulatory landscape is a continuous challenge for many organizations. With the Euphrates release, you now have exclusive access to multiple regulatory content providers, including Compliance.ai, Thomson Reuters, and CUBE. New for the Euphrates release is our extensive partnership with CUBE, the world’s most comprehensive source of regulatory intelligence, capturing regulatory content across more than 700 jurisdictions and 5,000 regulatory authorities. As integrated with MetricStream’s Regulatory Change Management, CUBE allows customers access to regulatory inventory, where regulations curated to their unique risk and regulatory profile are preloaded into the MetricStream environment. Along with horizon scanning and regulatory change alerts, customers can easily stay one step ahead of regulatory change with our content partners.

  • Hyper-Automate Compliance with Autonomous Control Testing on AWS

    Today’s organizations are able to meet peak demands by leveraging cloud services. However, securing dynamic cloud assets and third-party products requires constant monitoring. Continuous control monitoring (CCM) capabilities, now available on AWS environments, allows your organization to automate control testing across cloud environments, initiate remedial actions, and map cloud security controls with your internal protocols and compliance standards (such as NIST CSF, PCI, ISO 27001, and HIPAA).

  • Streamlined Disclosure Metrics and Reporting Processes

    Accurately assessing ESG risk is a vital and urgent business imperative demanded by regulators, customers, investors, and other stakeholders. However, companies need the right tools that ensure streamlined ESG disclosure metrics and reporting processes. With the Euphrates release, MetricStream’s ESGRC product includes pre-built disclosure frameworks, templates, formulas, and one-click reporting that allows organizations to convert disparate and varied emissions reporting into a single greenhouse gas metric. This metric allows for a better understanding of reporting, industry performance, and year-over-year trends. These new capabilities enhance the disclosure reporting process, provide the flexibility to configure reports, and simplify navigation and accessibility.

The Euphrates innovation brings several other innovations all with the aim to help your organization advance on its GRC maturity curve, drive business value and growth, and become future-ready.

Download Now: What’s New in the Euphrates Release
 

Excited to know more about how the new innovations in MetricStream’s Euphrates software release can help you on your connected GRC journey?

Request a personalized demo now.

Loran MSI

Loren Johnson

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

September 2022 GRC Recap – What’s New in the GRC Universe?

2022 GRC Recap
6 min read

Introduction

Increased regulatory activity on operational risk management and cybersecurity. A growing focus on the ‘S’ or social in Environmental, Social, and Governance (ESG). An urgency to tackle third-party cyber risk.

The top GRC news in September 2022 boiled down to a handful of significant and common themes. And with good reason: As we enter the second half of the fiscal year, shrinking global GDP accompanied by inflation and tight labor markets, as well as evolving energy uncertainties stemming from the ongoing geopolitical crisis in Europe, has made resilience a top priority for businesses, politicians, and regulators. Other top priorities for businesses include staying focused on developing effective mitigation strategies to manage the interconnectedness of risks, especially emerging cyber, ESG, and third-party risks, and striving to build robust compliance resiliency initiatives to cope with the unprecedented levels of regulatory change.

We also want to take a moment to thank you for your continuous support. MetricStream won two industry awards—the Bronze Stevie® Award for its Environmental, Social, Governance, Risk, and Compliance (ESGRC) product and the Operational Risk Management Solution of the Year award, at the Risk.Net Asia Risk Awards 2022 for the second year in a row! You can read more about this at the end of the blog.

Several other risk and compliance stories made it to the headlines last month. Scroll down to read a curated account of the latest news in the GRC Universe from around the globe.

What’s New in Risk, Regulation, and Resilience?

  • Michael Hsu, Acting Comptroller of the Currency, a major U.S. bank regulator, has warned of crisis risk from fintech proliferation. “I worry increasingly about the 'unknowns' and am concerned that the less familiar risks of this digital transition are unlabeled and thus unseen. As we learned from the 2008 financial crisis, risks that are unseen have a tendency to grow and later to be the source of nasty surprises," said Hsu.
  • The Federal Reserve Board has invited comment on updates to operational risk-management requirements. This will apply to certain systemically important financial market utilities (FMUs) supervised by the Board. According to Vice Chair Lael Brainard, this initiative has been started "In light of the rapidly evolving risk landscape, (where) the proposed changes will help ensure that key financial market utilities operate with a high level of resilience and remain a source of strength for the financial system."
  • The Office of the Superintendent of Financial Institutions (OSFI) an independent agency of the Government of Canada, anticipates that it will issue a final version of the Draft Guideline B-10 on Third-Party Risk Management by the end of 2022. The Draft Guideline will be more comprehensive than its predecessor, establishing enhanced expectations for Federally Regulated Financial Institutions (FRFIs) who outsource services to third parties.
  • ISACA has released a new white paper, The Great Resignation: Business Challenges and Sustainable Solutions. The paper discusses key reasons for the present labor crunch and offers recommendations for establishing a sustainable, multipurpose workforce-management solution.
  • The Australian Prudential Regulation Authority (APRA) has released a draft new Prudential Standard CPS 230 (Operational Risk Management). Set to replace certain existing prudential standards, the draft version with significant uplifts to governance, compliance, contractual and incident response arrangements will apply to financial institutions, superannuation funds and insurers.

What’s New in IT and Cyber Risk?

  • The Cybersecurity and Infrastructure Agency (CISA) and the National Security Agency (NSA) have published a joint cybersecurity advisory about control system defense for operational technology (OT) and industrial control systems (ICSs). The advisory which provides a comprehensive understanding of the tactics, techniques, and procedures (TTPs) used by cyber criminals will help critical infrastructure owners and operators build cyber resilience.
  • Part one of Securing Software Supply Chain Series - Recommended Practices for Developers, a three-part joint publication series, has been published by CISA, the National Security Agency (NSA), and the Office of the Director of National Intelligence (ODNI).
  • The Government of Canada introduced Bill C-26, An Act Respecting Cyber Security in an effort to “protect Canada’s critical infrastructure” and to provide a new framework for the protection of critical cyber systems for services and systems vital to national security or public safety.
  • The National Institute of Standards and Technology (NIST) has released the second draft of its Artificial Intelligence (AI) Risk Management Framework (RMF) for comment. The framework will help individuals and businesses of all sizes better understand, manage and reduce their respective “risk footprint.”
  • A new EU cybersecurity rule proposed by the EU Commission will ensure more secure hardware and software products. As the first-ever EU-wide legislation of its kind, it will introduce mandatory cybersecurity requirements for products with digital elements, throughout their whole lifecycle.
  • A report by SecureLink and the Ponemon Institute titled, The State of Cybersecurity and Third-Party Remote Access Risk found more than 50 percent of organizations reporting a third-party data breach in 2022 with more than 70 percent reporting that such breaches or cyberattacks in 2022 resulted from giving too much privileged access to third parties.
  • Australia’s second-largest wireless carrier, Optus, suffered a major cyberattack, resulting in the personal data of up to 10 million people being compromised. While operations were not affected, the breach puts all of Optus’ mobile customers at risk, with the company expressing concern about potential phishing attacks against its customers.
  • Key takeaways from the Gartner Security & Risk Management Summit 2022 London, include:
    • 30% of nation-states will by 2025 pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1% in 2021
    • 60% of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements by 2025
    • 75% of organizations are pursuing security vendor consolidation in 2022
       

What’s New in ESG?

  • Gaurav Kapoor, co-CEO and co-founder of MetricStream, shared key steps for leaders seeking to engage their boards for ESG initiatives.
  • A commentary published by DBRS Morningstar focusing on women’s representation at the board and executive levels of European Banks found that while gender diversity was improving at board level, it was lagging behind in executive leadership roles. In a sample of 43 European Banks (2021) women represented 37% of board member seats, but only 26% on executive management teams.
  • An EY survey of 300 European and UK-based fund managers found that German finance boards are the least gender-diverse in Europe. Only 29% of financial services board members in Germany are women in comparison to the European average of 37%.
  • The Office of the Superintendent of Financial Institutions (OSFI), Canada, issued draft Guideline B-15: Climate Risk Management in response to the risks posed by the ever-growing threat of climate change to the Canadian financial system. The guidance will aid efforts by Federally regulated financial institutions (FRFIs) to develop resilience against such risks.
  • According to Bloomberg, more than half of FTSE 100 companies now have ESG committees, with oil, gas and mining companies leading the way.
  • A report by strategic communications firm Luminous, found the introduction of mandatory TCFD reporting is helping to boost awareness of climate-related risk and driving ESG integration in annual reports.

What’s New at MetricStream?

MetricStream Wins Awards for ORM and ESGRC Products

  • MetricStream was crowned the winner at the Asia Risk Awards 2022 for its Operational Risk Management product for the second year in a row. The panel of judges highlighted MetricStream’s commitment to fine-tuning its product and the product’s ability to help businesses generate a deeper understanding of business risks in an increasingly interconnected risk environment.
  • MetricStream was awarded the Bronze Stevie® Award for its Environmental, Social, Governance, Risk and Compliance (ESGRC) SaaS in the New Product Awards category as part of the 19th Annual International Business Awards®. The award is an industry recognition of the business value that MetricStream’s ESGRC can bring to organizations seeking to embed advanced environmental and social initiatives.

Just 42 days until the GRC Summit in London!

Now in the 10th year, the GRC Summit 2022 will feature keynotes from industry leaders, product innovation sessions, MetricStream customer success stories and practitioner-led case studies, deep-dive workshops, GRC journey awards, and more!

Check out the complete agenda and register now!

Mabel

Mabel M Jesudian Manager – Content Marketing

Mabel M Jesudian, Manager – Content Marketing at MetricStream, works closely with the product and digital marketing teams to create compelling content and actionable marketing assets that help drive conversations. Mabel has over 13 years of experience with leading marketing communication and PR agencies where she crafted engaging narratives for diverse B2B and B2C clients. She holds an M.A. and M.Phil. in English and Communication from the University of Madras. In her spare time, she loves to read fiction and try her hand at new dishes.

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

The GRC Summit – Where The Unthinkable Becomes The Thinkable

GRC Summit MetricStream
2 min read

Introduction

Thank you, Ma’am

The UK saw the mourning of the oldest and longest reigning monarch, Queen Elizabeth II at the age of 96, and the appointment of the 56th prime minister, Lis Truss, take place in the same week.

The queen reigned for a magnificent 7 decades and saw 15 Prime Ministers lead the country, from Winston Churchill (born 1870) to our current PM (born in 1970). It’s mind-boggling to even contemplate the historical moments that she lived through, from the Apollo II moon landing, the end of the Vietnam war, the fall of the Berlin wall, 9/11, the COVID-19 pandemic and so many more monumental events. Her majesty was the most famous person on the planet, with her face printed on more currencies than anyone else. You don’t have to be a royalist to know that she was truly remarkable. She was effortlessly resilient, always present, and in changing times constantly relevant. She would have wanted the world to celebrate her legacy and stay connected.

Let’s Shake the World and Stay Connected--GRC Summit

At MetricStream, we are continuing with the connection theme. Now in our 10th year, we will be hosting the GRC Summit in person on 8-9 November, in London. It’s bigger, better, and bolder than before. The power of connections makes you feel heard and understood. It gives you a sense of belonging. This is why the GRC Summit has been a pillar of success. It’s a chance to network with your peers, understand what’s shaping your industry, listen, and learn from veterans on what works and what needs refining. It’s where the unthinkable becomes the thinkable.

GRC leaders across industries come together to discuss, deliberate, design, test, retest, innovate and disrupt the industry.

With keynote speakers, advisory bodies, industry experts, and product demonstrations, it’s where you can get ahead of regulatory developments and thrive on risk.

How do you connect the dots of managing interconnected risks and regulations in a rapidly evolving macro landscape? How do you boost your cyber resilience? How do you increase the trust of your stakeholders with an ESG program that speaks to your customers?

The summit is where journeys, opportunities, and priorities are created.

A Stellar Line-Up of Speakers and Events to Look Forward To!

Join the 2-day event that will host 60+ sessions from 50+ speakers including renowned industry experts and thought leaders including:

  • Gavin Grounds, Executive Director, Information Risk Management & Cyber Security Strategy, Meta
  • Grace Beason, Director of Governance, Risk and Compliance, Guidewire
  • Renisha Rajpaul, Executive Head: Business Risk Management (Project - Head of ERM), Vodacom
  • Jumsheed Hussain, Executive Director Credit & Risk Management, Qatar Development Bank (QDB)
  • Paola Corna Pellegrini, President of AICEO-Associazione Italiana, CEO, President of Winning Women Institute, Vice-President of the Meritocracy Forum
  • Joe Martinez, Chief Security Officer, AON
  • Adrian Furniss, Head of Risk, Lloyds Banking Group
  • Neil Sinclair, Programme Lead, Police Crime Prevention Initiatives

Also watch out for other speakers from Goldman Sachs, Barclays, JP Morgan, AON, Almarai, and many more.

And don’t miss out on the top highlights which include:

  • Keynotes from Industry Leaders
  • Innovation Sessions
  • Customer Success Stories
  • GRC Journey Awards

We look forward to welcoming you to our GRC summit this November. Let’s keep the connection alive and shake the world.

London 2022 | GRC-Summit

Suneel

Suneel Sahi

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

Thrive on Risk by Harnessing the Power of the GRC Community

What’s Next in GRC Blog
4 min read

Introduction

Here in the UK during the last few months, we’ve seen a flurry of events announced. Whether in person or virtually, people are truly wanting to maximize interactions and learn from their peers. At MetricStream, we have been at the forefront when it comes to providing a platform for professionals to connect and help facilitate conversations. This enables discussion around various problems their organization is facing, concerns they have, and subjects they’d like to discuss further.

We’ve recently hosted a few peer-to-peer events and heard from attendees about their take on current industry happenings. Now we’re approaching our next event! This one is slightly larger than a peer-to-peer event but the excitement doesn’t wane. For the past 9 years, our flagship event, the GRC Summit has consistently provided opportunities for the GRC community to connect, share insights, exchange best practices, and most importantly—look to what's next in GRC. As we enter our 10th year, our commitment to building connections remains strong.

Bringing the Industry Together

While MetricStream may host these events, our primary goal is to connect industry practitioners. These events offer the mechanism to form a community of experts, learn from their specific circumstances, develop their professional network, share trends, inspire others and discuss all things GRC.

Of course, there are other benefits to us being a part of such events. GRC events offer a forum where we can have interactive, candid, and engaging conversations with our customers, prospects, and others from the GRC community to understand their pain points, requirements, and thoughts on key trends. It helps us stay close to key market trends and needs. These insights provide us with validated information which in turn helps us improve our products and solutions.

The GRC System is Only as Good as the Data Input

The foundation of GRC is the data—the data that you track, the controls that are managed, and the reporting of adherence to these controls. The processes become incredibly difficult when they are not in a format that talks to each other and are easy to update.

Some of the conversations that we’ve had point to the importance of not only having the proper systems in place but also that these systems are only as useful as the data in them. At a recent peer-to-peer event, we had one attendee mention how important it was to ensure that “when you accurately update your data, that it automatically updates the relevant systems” and “having too many manual Excel documents creates issues with maintenance and updating”. Another attendee mentioned how “If you haven’t got everything being entered in the same way, it can completely skew the results”. Right data, right time, and right use are integral to a GRC system. Quality data forms a foundational step with GRC activities before you even look for a solution. You cannot make a process better if you cannot track the success and metrics around it.

Collaboration is a Huge Differentiator

While technology has always been seen as an enabler, participants confirmed the importance of both ‘culture and education’. The education piece is hugely important in organizations alongside driving a risk-aware culture from the top. It’s also important to remember that educating staff on how to adhere to certain policies and their relevant confines ensures they are better prepared to tackle issues that may arise and deal with them in a compliant manner.

Another attendee brought up the important discussion point that “we’re all human beings but how do we share the knowledge”. Sharing of knowledge sounds easy but without a safe forum to discuss these important topics, our lessons learned don’t get shared. Collaboration for the greater good can be a huge differentiator. Take things you learn, share what you’ve learned – and keep the ball rolling.

What GRC Industry Events Enable:

  • Place to talk about industry happenings and make sense of things collectively
  • Time to discuss implementation with peers and the errors where businesses listened too much to users and over-customized software
  • Discussions around the importance of finding the right balance between business needs and best practices
  • Ability to gain new ideas because people may know things you don’t
  • Take recommendations from peers that may help improve processes in ways beyond what you originally thought possible

There is no doubt that we all have been on a journey together supporting each other as the GRC landscape gets more intense and has emerged as a critical business imperative. At MetricStream, we believe in the power of the GRC community and the power of connection. Our events are designed to help you move beyond just managing risk to embracing it, and ultimately thriving on risk. It's a catalyst to implementing solutions that work for the entire organization, from the risk office to the front line, delivering a connected, single source of truth to business leaders.

Have You Registered for the 2022 GRC Summit in London?

MetricStream’s flagship event, the GRC Summit, will be held in person on the 8th and 9th of November 2022, at the Royal Garden Hotel, London. As we celebrate our 10th year, we have chosen our GRC Summit theme to be Experience the Power of Connection. Join the 2-day event that will host 60+ sessions from 50+ speakers.
 

Top highlights include:

  • Keynotes from Industry Leaders
  • Innovation Sessions
  • Customer Success Stories
  • Deep Dive Workshops
  • GRC Journey Awards

Come, meet us at the GRC Summit in London! Register Now.

Victoria- MetricStream

Victoria Boreham

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

GRC Roundup - August 2022 I What's New in the GRC Universe?

GRC Roundup MSI Blog
5 min read

Introduction

This year has been extremely challenging for businesses around the world. The already inundated governance, risk, and compliance (GRC) teams at organizations are further stretched thin as they try to keep up with the rapidly evolving business, cyber and ESG risks, the ever-evolving regulatory landscape, and escalating geopolitical crises.

Our recent survey with OCEG confirmed how challenged organizations are with GRC today. A large number of organizations are still relying on distributed, segmented, and separate systems for managing GRC. A meager 7% of respondents said they have “excellent” GRC capabilities today.

[For a quick look at the key takeaways of the OCEG GRC Readiness for Rapid Change Survey 2022, click here. To download the complete survey report, click here.]

What are the top concerns of businesses and regulators today? Is GRC still an afterthought? What are the new cyber challenges for companies in this new normal? Are companies going to walk the talk on ESG? Let’s find out what made it to the headlines in August – through the GRC lens.

What’s New in Risk, Regulation, and Resilience

Operational risk and resilience continue to be priority areas for regulators.

The Australian Prudential Regulation Authority (APRA) has started consulting on a new prudential standard that aims to bolster the management of operational risk in the banking, insurance, and superannuation industries. The Monetary Authority of Singapore (MAS) published a paper that sets out its expectations, good practices, and improvement areas for operational risk management at financial institutions based on its inspections of selected banks over 2020 and 2021.

In another update, Germany’s financial market regulator BaFin levied a $5.28 million fine on a leading US-based financial institution for delays in reporting voting rights notifications.

Several survey and research reports published last month underscore the importance of risk and compliance management at banks and corporations alike:

  • Fitch Ratings found regulatory fines to be the overriding theme in news reports centered on corporate-governance failings by banks worldwide. “We believe this reflects both the prevalence of regulatory fines and the media’s propensity to report on bank fines, often headlining the amounts,” Fitch Ratings observed.
  • Based on its recent survey, Gartner said that the most important factor in reporting of misconduct by employees is whether they think it will work well for them. The IT research firm called upon compliance leaders to understand what drives employees to report misconduct.
  • According to FERMA’s 2022 European Risk Manager Survey, resilience has never been higher on the top management’s agenda. For risk managers, risk mapping, which is described as the firm's way to identify and document their important business services, continues to be one of the most important activities. However, there is a growing focus on developing specific risk assessment exercises. “This highlights a trend to continue assessing organisations’ resilience in a context of transition towards more sustainability in a digital world,” the report said.

What’s New in Cyber

A cohort of leading cybersecurity and technology organizations, including AWS, Splunk, IBM Security, and others, have come together for an open-source effort, called the Open Cybersecurity Schema Framework (OCSF) project, to break down data silos that hamper security teams. The project aims to help organizations detect, investigate, and stop cyberattacks more quickly and effectively.

The Australian Council of Financial Regulators released a revised version of the Cyber Operational Resilience Intelligence-led Exercises framework (CORIE framework v2.0). The CORIE framework aims to support the preparation and execution of industry-wide financial sector cyber resilience exercises.

Here’s a look at the current state of cyber risk and compliance management based on recent reports:

  • The global average cost of a data breach reached an all-time high of $4.35 million in 2022, marking a 2.6% increase from the year before, according to the IBM-Ponemon Institute’s Cost of a Data Breach Report 2022.
  • According to ENISA Threat Landscape for Ransomware Attacks, around 10 terabytes of data were stolen each month by ransomware threat actors between May 2021 and June 2022. About 58% of the stolen data included the personal data of employees.
  • In a mid-year update to its 2022 SonicWall Cyber Threat Report, SonicWall said that there has been an 11% rise in global malware, a 77% increase in IoT malware, and a whopping 132% spike in encrypted threats.
  • VMware’s eighth annual Global Incident Response Threat Report identified application programming interface (API) as the new endpoint with 23% of the attacks now compromising API security. The report touted APIs as the next frontier for cyber attackers.
  • In the PwC’s second Pulse Survey of 2022, cyber risk emerged as the top business risk – 40% of respondents categorized frequent and/or broader cyber attacks as a serious risk.
  • In the Cloud Security Alliance and Proofpoint study, 58% of survey respondents said that third parties and suppliers were the target of a cloud-based breach in 2021.
  • According to the 2022 Honeywell Industrial Cybersecurity USB Threat Report, the number of threats designed specifically to target industrial control systems increased slightly to 32% compared to 30% in the previous year.

What’s New in ESG

Regulatory focus on environmental, social, and governance (ESG) aspects continues to gather steam. A joint committee of European Supervisory Authorities, namely the European Banking Authority (EBA), the European Insurance and Occupational Pensions Authority (EIOPA), and the European Securities and Markets Authority (ESMA) published the first annual report on the extent of voluntary disclosure of principal adverse impact under the Sustainable Finance Disclosure Regulation (SFDR).

It lays out a preliminary, indicative, and non-exhaustive overview of best practices and voluntary disclosures. In another update, ESMA called for a “quality label” to prevent investors from being misled by greenwashing.

In Singapore, a new initiative has been launched to set a uniform baseline for banks to engage their corporate clients on environmental risk issues. The Association of Banks in Singapore (ABS) rolled out the ABS Environmental Risk Questionnaire (ERQ), which will enable banks’ customers to collect data points and identify opportunities for financing the transition to a low-carbon economy.

In Australia, the Financial Services Council (FSC) published its guidance on Climate Risk Disclosure in Investment Management. It details a set of common baseline expectations for net-zero commitments for the investment management industry, disclosure of climate-friendly investment features, and reporting of climate change risk.

Here’s a look at the current state of ESG risk management based on recent reports:

  • To offset the impact of rising inflation, talent shortages, and supply constraints, the first areas where organizations will cut investments are mergers and acquisitions (M&A) and sustainability, according to a recent study from Gartner.
  • In a recent survey conducted by Cognizant, 90% of respondents recognized attention to ESG issues as an essential aspect of being a modern business. However, only 35% of respondents said that they are currently incorporating ESG into company strategy.
     

What’s New @ MetricStream

We are gearing up to celebrate the 10th anniversary of our premier GRC event in London on November 8-9. The GRC Summit 2022 will feature keynotes from industry leaders, product innovation sessions, MetricStream customer success stories and practitioner-led case studies, deep-dive workshops, GRC journey awards, and more! To check out the complete agenda, click here.

Shampa-mani

Shampa Mani Assistant Manager – Marketing

Shampa Mani, Assistant Manager - Marketing, at MetricStream, has over 9 years of experience in content writing and editing. Prior to joining MetricStream, she worked in the news and media industry, covering news on fintech, blockchain technology, and digital currencies. Academically, she has an MBA in Business Economics and an MA in Economics. In her free time, she loves to cook, read, and delve into the world of UFOs and extraterrestrials.

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

MetricStream-OCEG Survey Reveals Growing Need for Connected GRC Programs

OCEG GEC MetricStream Blog
4 min read

Introduction

As someone who has been working in the GRC market for more than six years, it’s always interesting to tap into the trends and moods of the market and its buyers. In a former role, I built and ran annual market surveys on GRC systems, capabilities, needs, and evolving top concerns of risk and compliance professionals. This year, MetricStream collaborated with OCEG on an especially timely and topic-rich survey of GRC professionals. The outcomes are surprising, not surprising, and I believe, a strong reflection of the state of the market, all at the same time.

The survey, conducted in February 2022, was focused on GRC program readiness in a highly unpredictable and dynamic time for risk and compliance. Nearly 350 GRC professionals representing a cross-section of roles, industries, geographies, and company sizes completed a broad survey, resulting in a published report.

Download the Report: OCEG GRC Readiness for Rapid Change Survey 2022

The results show a handful of key findings and one trend that bears some analysis. Here’s a quick snapshot of a small handful of findings with data:

1. Too many organizations do not have a fully defined and documented GRC strategy. At a time when the pace and severity of risks and compliance challenges are increasing and intensifying, an organizational strategy that enables a holistic approach to managing, mitigating, and gaining advantage from risks from across the business is essential.

OCESG MetricStream Blog 1

2. Too many GRC approaches rely on distributed, segmented, and separate systems. While virtually all GRC pundits and experts talk about the importance and urgency of investing in improved visibility, insight, and actionability across connected GRC systems, we still see that many are still using separate, unlinked systems and approaches, and far too many are using software not designed to support GRC functionality.

OCESG MetricStream Blog 2

Similarly, we also see that many respondents are still struggling with siloed programs, even while the pressure to perform increases. There is palpable recognition among respondents of the limitations of segmented systems and the vulnerabilities they create. 34% of respondents reported that siloed risk and compliance management was their greatest barrier to rapidly responding to changes in risks.

OCESG MetricStream Blog 3.1

While that chart might indicate a market without clear direction and priorities, we found that many respondents are clear on what they need to address many of their challenges. And given the pace, scale, and severity of risks these days – across economic and financial risk, regulatory compliance, cybersecurity risks, third party risks, audit risks – it’s good to see that so many identify integrated processes, technologies, controls and data as so central to addressing their challenges.

OCESG MetricStream Blog 4

3. Not surprisingly, given the data above, only 7% of respondents said they have excellent GRC capabilities today. And 47% report that their programs are good. This is, ironically, an improvement over the last few years. Yet there are still improvements to make, and most seem to recognize it.

OCESG MetricStream Blog 5

While those points tend to show progression on data that analysts have been collecting for years about the state of the GRC marketplace, the most interesting findings to me relate to how people perceive heightened challenges from the last few years, and how their GRC programs have had to adapt to them.

This survey showed that nearly 85% of respondents report significant changes in their GRC universe in the last two years, with nearly 70% reporting increasing challenges related to employees working remotely, and 60% reporting increased data privacy and cybersecurity concerns. At the same time, nearly 20% of respondents have not acted or can’t report any changes in their programs in response to broadly acknowledged increases in risk.

OCESG MetricStream Blog 6

In terms of adapting to these rapid changes in the risk and compliance environment, 61% of respondents indicate their organizations place maturing cyber security and data protections as very important in the next 24 months, 56% indicate maturing regulatory compliance as very important, 54% operational risk and business continuity strategies as very important, and just over 50% indicate audit and financial controls as very important. In fact, there were no elements of a complete GRC program, including managing third-party risk and ESG risks, that did not score under 50% ranking it very important. Sadly, that’s not surprising, given the risk and compliance environment today.

The recent significant changes in the risk environment and a recognition of a need to adapt GRC programs for risk-readiness and organizational resiliency is central to how those with GRC oversight should be viewing their programs. The days of periodic risk assessments and separate risk and compliance functional teams are over. Any business that wants to be able to rapidly adapt to risks, regulatory changes, and cybersecurity best practices must strive to unify their systems, data, policies, controls, and actions in a connected solution to best enable holistic understanding, management, and advantage.

In an increasingly dynamic and unstable world, isolating risk signals in the noise, linking and aggregating data and enabling real-time insight can make the difference between organizations suffering from unexpected risks and being able to anticipate and gain an advantage from them. We are at a very interesting and consequential point in GRC maturity. GRC is a business-critical function with strategic significance for how businesses operate and succeed. Segmented and separated systems create strategic disadvantage where connected systems help deliver readiness, resiliency, and advantage.

Read the full report:  Download OCEG GRC Readiness for Rapid Change Survey 2022

Check out how MetricStream can help you implement a connected GRC strategy. Explore ConnectedGRC. Request a demo now.

Jump to Topic
Loran MSI

Loren Johnson

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

July 2022 GRC Recap - What’s Trending in the Governance, Risk, and Compliance Universe?

GRC MetricStream
6 min read

Introduction

Two things were on the top of our minds the past month: The sweltering heat and rising concerns about a macroeconomic downturn.

Almost all of the Northern Hemisphere experienced record-breaking heat waves this past month. This has not only created a sense of urgency to address climate change, but has also brought the spotlight on environmental, social, and governance (ESG) risk, reporting, and regulations.

US President Biden announced new executive steps to combat climate change but stopped short of issuing the much-called climate emergency declaration. Meanwhile, on the other side of the Atlantic, the UK is exploring a new task force to help investors measure the ‘S’ in ESG.

The interconnectedness and dynamic nature of risk continued to make headlines in July 2022. Gartner flagged the unusually high degree of interrelated risks as it identified concerns of a macroeconomic downturn as the top quarterly emerging risk in Q2 2022.

State-sponsored cyber attacks and key material shortages also made it into the top five. Chris Matlock, vice president with the Gartner Legal, Risk & Compliance practice, writing in the Gartner’s Quarterly Emerging Risks Report, had this to say: “The top five risks reported by respondents were notable both for their interconnectedness and origination outside of the organization.”

A lot more happened in the month of July. Scroll down for a quick glance at the top stories that made it to the headlines in the world of risk, operational resilience, compliance, IT and cyber risk, and ESG.

Trending in Operational Resilience, Business Risk, and Compliance

  • The war in Ukraine has triggered a re-evaluation of systemic risks. Robert Muggah, co-founder, SecDev Group and co-founder Igarape Institute, in an article for the World Economic Forum, said. “…systemic risks are proliferating faster than the systems in place to address them” requiring both the private and public sector to adopt measures to reduce risk exposure and cultivate the “mindset, capabilities and partnerships to strengthen risk resilience.”
  • The Governmental Accounting Standards Board (GASB), an independent organization that establishes accounting and financial reporting standards for U.S. state and local governments released a proposal that will require governments to disclose information on key risks that could impact the level of services they offer.
  • The Allianz Risk Barometer 2022 highlights the most important global business risks for 2022. The top three risks were cyber incidents, business interruptions, and natural catastrophes.
  • A new article titled, “Why Front-Line Whistleblowers Are Crucial To Your Organization’s Risk Posture” by Gaurav Kapoor, co-CEO and co-Founder of MetricStream explores the benefits of building a culture of compliance for front-line workers.
  • The 2022 State of Risk Oversight by the American Institute of Certified Public Accountants (AICPA) found that more than two-thirds of organizations surveyed “still cannot claim they have complete ERM in place.”
  • Deloitte’s 2022 Banking Regulatory Outlook advises banks to maintain focus on the basics including good governance, risk management, internal controls, and financial strength while also getting ready for emerging laws and regulations in the areas of climate, financial inclusion, and digital assets.
  • The 13th "Cost of Compliance Report" published annually by Thomson Reuters is now out. The speed and volume of regulatory change and shortages of skilled professionals have been highlighted as the most urgent challenges but on the positive side, most compliance professionals felt that outsourcing, and new technology, especially regulatory technology, will help plug some of the gaps.
  • Potential measures that will oversee and strengthen the resilience of services provided by critical third parties (CTPs) to the UK financial sector have been set out by the Bank of England, the Prudential Regulation Authority and Financial Conduct Authority.
  • The Hong Kong Monetary Authority has released the seventh Guide of the series that focuses on Third-Party Monitoring and Risk Management (TPRM) and associated Regtech solutions.
  • Compliance measures to address sanctions enforcement has become a core priority for the US Department of Justice (DOJ).

Trending in Cyber Risk and Compliance

  • A new report titled “Treading Water: The State of Cybersecurity and Third-Party Remote Access Risk” by the Ponemon Institute is out. Top stats to note:
    • 54% of organizations have experienced a cyberattack in the past 12 months
    • 64% of organizations still rely on manual monitoring procedures, costing an average of seven hours per week to monitor third-party access
    • 49% of organizations have experienced third-party attacks in the past 12 months despite being among the 60% who have made changes to their cybersecurity structure 
  • The National Institute of Standards and Technology (NIST) has updated its cybersecurity guidance for the health care industry.
  • A new article by the World Economic Forum (WEF) offers insight into how the cloud has brought a shift in cybersecurity.
  • New research by Trend Micro finds that 54% of global organizations feel their cyber risk assessments are not sophisticated enough.
  • The Office of the Superintendent of Financial Institutions (OSFI), Canada, released its final Guideline B-13. The guideline for technology and cyber risk aims to provide specific guidance to enable organizations to balance innovation and risk management.
  • New findings from Skybox Security found that the top cybersecurity challenge was the insufficient identification of cyber risks with 40% of CISOs saying that they are not prepared to handle the rapidly evolving cyber threat landscape.
  • A new cybersecurity law has come into effect in the state of Virginia. The law requires agencies and local governments to report cybersecurity incidents within 24 hours of detection.
  • A recent article in the HIPAA journal outlines the compliance requirements of the draft American Data Privacy and Protection Act (ADPPA). The first draft of the bill was released in early June.
  • A joint cybersecurity advisory on North Korean state-sponsored cyber actors use of Maui ransomware has been released by the CISA, FBI and Treasury Department

Trending in ESG

July 2022 Webinars at @MetricStream

The webinar Managing the Deluge of New Cryptocurrency and Digital Asset Regulatory Change saw thought leaders Jennifer Clarke, Senior Editorial Manager, Regulatory SME, CUBE, Alex Royle Head of Compliance and Regulatory Affairs, EMEA, Galaxy Digital, and MetricStream Product Marketing leaders Loren Johnson and Suneel Sahi discuss the risk and compliance landscape surrounding cryptocurrency and digital assets.

Watch the recording.

In the webinar Connected, Continuous and Constantly Changing: Tackling the Intersection of Cyber and Third-Party Risks, third-party and cyber risk expert Linda Tuck Chapman and MetricStream Product Marketing leaders Loren Johnson and Patricia McParland participated in an interactive discussion on what’s new, what’s next, and how to thrive in an increasingly complex, connected web of risk.

Download the recording.

Get Ready for the GRC Summit

MetricStream’s GRC Summit 2022—much looked forward to by the GRC community as a platform to share insights, exchange best practices, and more importantly to discover what's next in GRC—is back, with an in-person event as we celebrate the 10th year.

Meet us on November 8th and 9th in person at the Royal Garden Hotel in London, UK. Register Now.

Mabel

Mabel M Jesudian Manager – Content Marketing

Mabel M Jesudian, Manager – Content Marketing at MetricStream, works closely with the product and digital marketing teams to create compelling content and actionable marketing assets that help drive conversations. Mabel has over 13 years of experience with leading marketing communication and PR agencies where she crafted engaging narratives for diverse B2B and B2C clients. She holds an M.A. and M.Phil. in English and Communication from the University of Madras. In her spare time, she loves to read fiction and try her hand at new dishes.

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

GRC Roundup – June 2022 | What’s New in Governance, Risk, and Compliance?

MetricStream GRC Bolg MSI
6 min read

Introduction

As we enter the second half of 2022, businesses around the world are bracing themselves for a potential economic downturn. The US Federal Reserve announced its biggest interest rate hike in nearly 30 years in a bid to control inflation, and in Europe, many central banks are following suit. Companies and startups are resorting to substantial measures, including workforce reductions. Furthermore, the ongoing geopolitical crisis and supply chain woes are adding to the challenges faced by businesses worldwide. At the same time, regulators continue to increase their focus on areas such as data, privacy, compliance, operational resilience, and business continuity.

Against this backdrop, here’s a quick recap of the latest happenings in the governance, risk, and compliance (GRC) universe in June.

Jump to Topic

In the World of Risk, Regulation, and Resilience

The chairman of the U.S. Senate Banking Committee called upon a leading financial services company to address the weaknesses in its "governance, risk management, and hiring practices."

Regulatory Focus: Operational resilience continues to be a top priority for financial regulatory authorities around the world.
 

  • UK-based financial firms have been given three years to amp up their operational resilience. In a speech, Duncan Mackinnon, Executive Director for Supervisory Risk Specialists at the BoE, provided guidance to firms in meeting operational resilience requirements, including implementing operational resilience policy, scenario testing, building resilience, and embedding operational resilience in the way firms do business.
  • HM Treasury announced its plans to mitigate the risks from ‘critical third parties’ to the UK finance sector.
  • The Monetary Authority of Singapore (MAS) revised business continuity management guidelines for financial institutions.
  • The Hong Kong Monetary Authority published a supervisory policy manual on operational resilience. The Hong Kong Institute for Monetary and Financial Research (HKIMR) released a new Applied Research report, titled “COVID-19 and the Operational Resilience of Hong Kong’s Financial Services Industry: Preliminary considerations from the 2020-2021 experience”.


The State of Risk Management: Industry visionaries and thought leaders published survey reports, providing insights into the current risk landscape and the state of risk management at organizations:
 

  • In its Semiannual Risk Perspective for Spring 2022, the US Office of the Comptroller of the Currency (OCC) highlighted operational, compliance, interest rate, and credit risks among the key risks faced by the federal banking system.
  • The Federation of European Risk Management Associations (FERMA) published its European risk manager survey 2022. It said the top business threats this year, including cyber threats, supply chain & disruption failure, geopolitical uncertainties, and uncertain economic growth are linked or amplified by the COVID-19 pandemic and the ongoing geopolitical crisis.
  • In PwC’s 2022 Global Risk Survey, 79% of respondents said that keeping up with the pace of digital and other transformations is a major risk management challenge and 65% of respondents admitted to increasing their overall spending on risk management technology.
  • Gartner found the rate of compliance reporting to have dropped by 30% compared to pre-pandemic levels. It said that employees now are less likely to observe misconduct and also less likely to report it even when observed.

In the Cyberverse

Cybersecurity firm Proofpoint thwarted a phishing attack trying to exploit the “Follina” vulnerability. In a blog post, Qualys explains the vulnerability in detail.

“The Follina vulnerability’s footprint is significant as it affects ALL Microsoft Office versions – 2013 and above – on ALL currently supported Microsoft Windows operating systems – even the latest: Windows Server 2022!” Qualys noted.

With the escalating number of cyber attacks on organizations, including state-sponsored attacks, the US Cybersecurity & Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory with the National Security Agency (NSA) and the Federal Bureau of Investigation (FBI). The advisory details how People’s Republic of China (PRC) state-sponsored cyber actors are exploiting publicly known vulnerabilities to establish a broad network of compromised infrastructure. CISA also added 36 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.
Gartner listed 8 cybersecurity predictions for 2022-23. The IT research firm believes that 60% of organizations will use cybersecurity risk as a primary determinant when engaging with third parties by 2025.

A new survey from Cloud Security Alliance (CSA) and Google found that cloud adoption improves enterprise risk management and mitigation processes. The CSA said that evaluating cloud and business risk together improves the understanding of IT's impact on an organization’s overall risk maturity, including adopting a shared fate partnership between cloud service providers and customers.

Regulatory Focus: June saw heightened cyber and data-related regulatory activity around the globe:
 

  • The National Institute of Standards and Technology (NIST) is consulting on a new guidance document ‘Using Business Impact Analysis to Inform Risk Prioritization and Response’.
  • The California Privacy Protection Agency (CPPA) published the first draft of the California Privacy Rights Act draft regulations.
  • UK announced its Data Reform Bill that will “remove the UK GDPR’s prescriptive requirements giving organizations little flexibility about how they manage data risks.” The proposal is expected to deliver around £1 billion in business savings.
  • Australian Securities & Investments Commission (ASIC) executive director for markets Greg Yanco called upon listed entities to boost cyber resilience measures.
  • The Central Bank of Malaysia published its proposed guidance on assessing key risks and considerations of control measures when financial institutions adopt cloud services.
  • In Thailand, the Personal Data Protection Act (PDPA) came into force on June 1, 2022.

In the Era of ESG

FM Global released the online 2022 FM Global Resilience Index, which now includes 15 economic, risk quality, and supply chain measures that offer executives insights into the vulnerabilities of a country’s business environment and, conversely, its resilience.
There’s a growing call for tying leadership compensation to ESG metrics. Sustainalytics said, “Now that companies are integrating material ESG issues into their strategies, it is the logical next step to incentivize executives to improve performance on these issues in a measurable way.”

In a new study, Moody’s Analytics found that organizations that develop more responsible ESG practices and focus on mitigating ESG risks experience generate better shareholder returns.
In its tenth SONAR report, Swiss Re explored a new generation of emerging risks resulting from climate change, particularly the thawing of permafrost.

Regulatory Focus: Environmental, social, and governance (ESG) aspects continue to make waves in the regulatory landscape.
 

  • The Basel Committee on Banking Supervision issued principles for the effective management and supervision of climate-related financial risks.
  • The US Commodity Futures Trading Commission (CFTC) is seeking public comment on climate-related financial risk to better understand its relevance to the derivatives markets and underlying commodities markets.
  • The European Council and Parliament reached a provisional political agreement on the corporate sustainability reporting directive (CSRD).
  • In Canada, the Office of the Superintendent of Financial Institutions (OFSI) released guidance on climate risk management.
  • The Monetary Authority of Singapore (MAS) published information papers on environmental risk management for banks, insurers, and asset managers.

From the MetricStream Corner

Speaking at a recently held MetricStream webinar, “Utility Data Management and ESG Reporting – The ‘Elephant in the Room’,” Anand Hanchinamani, Senior Director, Audit Product Management, MetricStream, said, “Climate risk is a global problem with a local impact. It can lead to probably hotter working conditions in India or increased tidal flooding in Florida or coastal regions. But, [climate risk] is systemic – one particular problem can lead to a series of supply chain issues or [result in] add-on impacts around the world on different kinds of operations. So, that is why board of directors, investors, customers, and regulators demand accuracy with reporting and responses on ESG-specific issues.”

MetricStream attended the recent Gartner Security and Risk Management Conference and the Marcus Evans' 13th Edition Third Party Risk Management for Financial Institutions Conference. Key themes at both the events included the importance of automation, interconnected risk management, and risk quantification.


MetricStream GRC Blog

MetricStream at Gartner Security and Risk Management Conference (L); MetricStream at Marcus
Evans' 13th Edition Third Party Risk Management for Financial Institutions Conference (R)
Shampa-mani

Shampa Mani Assistant Manager – Marketing

Shampa Mani, Assistant Manager - Marketing, at MetricStream, has over 9 years of experience in content writing and editing. Prior to joining MetricStream, she worked in the news and media industry, covering news on fintech, blockchain technology, and digital currencies. Academically, she has an MBA in Business Economics and an MA in Economics. In her free time, she loves to cook, read, and delve into the world of UFOs and extraterrestrials.

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?
Blogs

Insurance Industry: We Have You Covered

Instagram of Risk Blog 4
4 min read

All That Glitters Is Not Gold

The Bank of England on Threadneedle Street London is the eighth oldest bank in the world. Don’t ask me how I know this or to name the other seven, but last week while having dinner with some colleagues overlooking this remarkable building, we were discussing how this bank’s vault stores over 40,000 gold bars.

As conversations go, we moved from topic to topic during our first course. We discussed the state of the world and how central banks are taking an aggressive timeline to tame spiraling inflation rises. We also pondered on the cost-of-living crisis, squeezing oil supplies, plummeting equity prices (at least for the first half of 2022), ongoing geopolitical tensions, and possibly the start of a recession. The dialog gradually morphed into how the bank insures itself against this gold and how resilient the insurance industry is.

Onto the Starter Course: Insurance Is Transforming

Along with having to deal with the post-pandemic effects, the insurance industry is grappling with accelerating regulatory pressures, mounting cyber risks, and increasing climate catastrophes. You can add supply chain disruptions, migrating to the cloud, and a drop in talent retention to the list. Commercial insurance started hundreds of years ago within the shipping industry as a means to protect against looting. Cyber insurance is a more recent development that began around the 1990s and is critical, as today, the most valuable assets are stored in the cloud.

Insurance companies have built and acquired vast customer databases that reside in detached and disconnected systems and human intervention is usually required to locate, gather, and operationalize them. Data and consumer protection will always be driving forces in this industry, with further reliance on digital networks. But what we are witnessing is the revolution of digitalization and how in recent times it has been transformative with technology innovation. This includes intelligent automation, cloud computing, and automated claim processing leading the way in projecting efficiencies across automated workflows. Another name to describe this positive disruption is InsureTech.

Main Course: Business, Cyber, & ESG

We have entered a new era with sensitive information, data breaches, and ransomware dominating the headlines. Cyber risk has more than quadrupled since 2002 and tripled since 2013.

At the end of March 2022, all European Union (EU) institutions and agencies were required to have cyber security frameworks in place for governance, risk management, and controls. And with regulation, it does not stop there as these changes will need to be reflected in business processes.

A common risk language makes it simpler to communicate and report risks. Meanwhile, standardized issue management processes allow stakeholders to identify quickly which issues are associated with which risks.

As a heavily regulated industry, insurance companies are now grappling with the interconnectedness and multifaceted ESG challenges that need urgent attention to identify, collate, and report the correct data through an ESG framework. Outsourcing has become an established way of working for (re)insurance leading to third-party risk management (TPRM) gaining an increasingly important part of your risk profile. The ESG objectives and mission need to be clearly demonstrated. The purpose and ethos of a company are up there with profitability.

Insurers have embraced cloud technology. As well as allowing organizations to be more agile, the cloud is an ideal platform for data storage across the systems as it is secure, scalable, and reliable.

Dessert: MetricStream Brings the Next Generation of ConnectedGRC System for Insurers

At MetricStream, we have been working alongside insurance giants for years. Our solution is built to identify, manage, collate and operationalize risks across the enterprise.

Whether it is internal audit, enterprise/operational risk management, third-party risk, incident management, compliance and policy management, cyber and IT risk, or ESG, at MetricStream, we have you covered with:

  • Real-time aggregated view of risks and compliance status
  • Quantifiable risks to prioritize risk treatment plans and investments
  • Advanced AI-enabled automation and continuous monitoring capabilities
  • Federated data model to bind together your core GRC libraries
  • Secure private cloud architecture

Read the case studies from the insurance industry:

A Fortune 1000 Insurance Company Moves Up the GRC

Major Insurance Firm Engages All Lines of the Business in GRC

The dinner conversation then moved to digital assets, stable coins, and NFTs. At that point, I knew it was time to leave.

If you want to know more about how we can help your insurance company effectively manage and mitigate multi-dimensional risks, reach out to me at ssahhi@metricstream.com

You can also request a personalized demo of our product.

Stay up-to-date with the trending discussions and insights in the risk community. Subscribe to the Instagram of Risk Blog Series authored by Suneel Sahi, VP, Product Marketing at MetricStream.
 

Check out Suneel’s other ‘Instagram of Risk’ ’blogs:

OMG, It’s ESG

Be Resilient, I Whispered to My Car

If You Think Compliance is Expensive, Then Try Non-Compliance

An Ounce of Prevention is Worth a Pound of Cure

Don’t Aim To Be Perfect, Aim To Be Anti-Fragile

Enforcements Will Come in All Directions

There is One Way Traffic – Downhill

Suneel

Suneel Sahi

 

Related Resources

Blog
Blog
4 mins
DBV Phanindra Kishore
The Future of GRC: AI GRC, Integrated GRC, or Agile GRC?