ConnectedGRC

Drive a Connected GRC Program for Improved Agility, Performance, and Resilience

MetricStream Named Category Leader in All Seven Quadrants of the Chartis Research RiskTech Quadrant® for Integrated GRC Solutions, 2024

MetricStream Named Category Leader in All Seven Quadrants of the Chartis Research RiskTech Quadrant® for Integrated GRC Solutions, 2024

Learn More

Discover ConnectedGRC Solutions for Enterprise and Operational Resilience

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn about the EU’s Digital Operational Resilience Act (DORA) and how you can prepare for it.

Learn More

Explore What Makes MetricStream the Right Choice for Our Customers

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Robert Taylor from LSEG shares his experience on implementing an integrated GRC program with MetricStream

Learn More

Discover How Our Collaborative Partnerships Drive Innovation and Success

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Watch Lucia Roncakova from Deloitte Central Europe, speak on how the partnership with MetricStream provides collaborative GRC solutions

Learn More

Find Everything You Need to Build Your GRC Journey and Thrive on Risk

Download this report to explore why cyber risk is rising in significance as a business risk.

Download this report to explore why cyber risk is rising in significance as a business risk.

Learn More

Learn about our mission, vision, and core values

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Gurjeev Sanghera from Shell explains why they chose MetricStream to advance on the GRC journey

Learn More
+1-650-620-2955
+1-650-620-2955 Contact Us Request Demo
×
Hit enter to search or ESC to close
Blogs

Bank OZK Enhances Risk Posture and Agility with Increased Risk Visibility

Weekly-Blog-Upload-16-May-2024-dsk
4 min read

Introduction

At our recent GRC Summit 2024 in Baltimore, Arindam Majumdar, Deputy Chief Risk Officer, Bank OZK, presented on Bank OZK’s GRC journey, taking the audience through the challenges of operational risk management within a growing financial institution, the effective strategies implemented, and the business value being realized.

Bank OZK is a high-performing U.S. regional bank with deep expertise in specialized lending businesses nationwide .Bank OZK operates through 230 retail branches and is noted for its significant presence in construction lending, being among the top five in major cities like New York, Chicago, Miami, and San Francisco.

Here are the key takeaways from Arindam’s session.

Bank OZK’s GRC Program Objective: Challenges and Needs

Arindam: We are one of the largest domestic CRE construction lenders in the country. In the last eight years, we've grown three and a half fold, and we are moving towards 50 billion in total assets. The board has given us the mandate to prepare a risk management organization that can support $100 billion bank.

Now our vision is obviously not only to maximize our strength, which is motion lending, but also diversify our asset base, which is look at other lines of lending, such as CNI, consumer lending, asset-based lending, equipment financial lending, etc. So, we are pursuing those opportunities as well as diversify our geographical footprint.

We have certain systemic challenges which are not unique to us. Current environment with inflation longer rates is certainly a challenge for us. Another challenge is that we are growing exponentially. Our ability to integrate our workforce during this growth map, while we have a wide foot footprint with remote work, has been a challenge as well as the need to prep the risk management frameworks and infrastructure to be ready for $50 billion plus. We transitioned over to MetricStream and in 2023 we went live. This is our second year on the platform, and I'll get to our unique journey with GRC solutions.

GRC Journey with MetricStream

Arindam: We were looking for a solution that would provide some degree of customization, especially on the reporting side. We wanted custom reports, and a solution that we could, with a high degree of confidence, expand to our user base.

What we've also done with our GRC program is a quarterly attestation of our risk and control universe. We at present, do annual testing with our controls, with our operational controls. We've also gone about integrating the solution with our internal audit solution, we have a different internal audit solution within the bank, but through MetricStream’s API connections, we've been able to pull all our audit data into the MetricStream platform as well.

We’ve adopted the issue management model, which has been a game changer for us, especially as we have tried to mature our data risk programs. Data issue management and operational risk management has been the two biggest pieces in our issue management module within MetricStream.

Business Value Realized

Arindam: Using MetricStream’s Operational Risk, RCSA Control Attestation, Issue Management Module and the integration with the internal audit solution, we have realized the following benefits:

  • Support for 100 users – risk assessments, issue tracking to all employees
  • Support for risk-based audit planning, audit execution and reporting
  • Facilitation of continuous control monitoring
  • Increase in risk visibility through efficient reporting
  • Increase in efficiency of RCSA controlled monitoring and testing
  • Use of RCSA residual risk profile for enterprise risk profile monitoring
  • Use of insights from control health for Stress Testing
  • Use of the RCSA results for Economical Capital framework development for Operational Risk Economic capital calculations

Our biggest challenge is to keep our controls live , which is why we have 40 attestations also tested from an operational risk standpoint. Building feedback with audit, issue management and your own control environment is critical. You want to try and keep it as simple as possible. Find the right balance between information and noise.

Looking Ahead

Arindam: We're moving towards enhancing our operation of our capital model. We're trying to build a Bayesian network-based model, with real time key control indicators to make this even more live.

Watch the full session here.

 

I recently had the chance to discuss in depth with Arindam on the challenges of operational risk management within a growing financial institution, and the effective strategies and programs to enhance operational risk management.

Watch the webinar recording here: https://grc-summit.wistia.com/medias/spcgu7gkw3

Registrations are open for our London GRC Summit 2024 on November 6-7! Join us for groundbreaking discussions and exceptional networking opportunities with top industry leaders and experts as we unlock the latest insights and strategies in operational resilience, AI for GRC, risk management, compliance, cyber risk, and more. Register now:

Pat McParland

Patricia McParland AVP – Marketing

Pat McParland is AVP of Product Marketing at MetricStream. She is responsible for creating product messaging, product go-to-market plans, and analyzing market trends for MetricStream's cyber compliance and third party risk product lines. Pat has more than 25 years of financial data and technology marketing experience at Fortune 1000 brands as well as startups and has led product and marketing teams at Dow Jones and Dun & Bradstreet. She has a BA from the College of William and Mary and lives in Summit, New Jersey.

 

Related Resources

Blog
Blog
5 mins
Simrin Jhangiani
GRC Summit 2024, London: Get to Know the Speakers