Importance of RiskTech in Financial Services: Interview with Bruce Dahlgren, CEO of MetricStream

By Joy Dumasia

MetricStream, the independent market leader in enterprise and cloud applications for Governance, Risk, Compliance (GRC) and Quality Management, makes GRC simple. MetricStream apps improve business performance by strengthening risk management, corporate governance, regulatory compliance, vendor governance, and quality management for hundreds of thousands of users in the financial services industry.

GRC as an acronym stands for governance, risk, and compliance, but the term GRC means much more than that. Governance, risk management, and compliance have been key elements of company management for a long time. But the concept of GRC has been around only since about 2007.

IBS Intelligence sat down with Bruce Dahlgren, CEO of MetricStream to discuss Governance, Risk and Compliance in the financial services industry.

What are the offerings and services of MetricStream and its client base?

MetricStream is the global SaaS leader of Integrated Risk Management and GRC solutions that empower organizations to thrive on risk by accelerating growth via risk-aware decisions. We connect governance, risk management and compliance across the extended enterprise. Our ConnectedGRC solutions, which include three product lines BusinessGRC, CyberGRC, and ESGRC are based on a single, scalable platform that supports companies wherever they are on their GRC journey.

MetricStream enables organizations to achieve operational resilience with actionable insights to respond more quickly during a crisis. A unified and integrated platform empowers institutions to connect data across operational risk, regulatory compliance, cybersecurity, vendor risk and ESG to turn risk into a strategic advantage in the form of new business developments, innovations, faster time to market, and much more. While we serve across industries, Banking, Financial Services, and Insurance (BFSI) comprise more than 60% of our customers.

How can Risk be converted into an advantage? 

By controlling risk, resiliency can be created. But even beyond that, it’s time that organizations learned to thrive on risk by turning risk into a strategic advantage in the form of new business developments, innovations, faster time to market, and much more. Taking a strategic approach to risk whether financial, reputational, legal, regulatory, third-party and even environmental will allow organizations to reap the rewards.

While risks should not be taken lightly, they do not need to be viewed negatively. We believe well-transformed operational risk management functions provide insights into hidden opportunities and the various risks they bring with them. For example, a thorough analysis of a new product risk may provide insights into process improvements, new unidentified markets/segments, and increased profit margins, giving users a competitive edge and valuable feedback from the frontline enabling businesses to make strategic decisions.

Traditionally, Market and Credit risks have taken prominence due to their direct financial impact and managing them effectively has proven to be beneficial to businesses. However, organizations, especially large financial institutions, are looking to quantify non-financial risks using various analytical methods to achieve measurable outcomes and take strategic advantage of such risks.

Furthermore, risk can be converted into an advantage through quantification to make sense of disparate sets of inputs. By measuring non-financial risk exposure in monetary terms, quantification helps determine which risks to focus on first and where to allocate cybersecurity resources for maximum impact raising your risk ROI.

The importance of ESG and cyber security for investors?   

Organizations are increasingly held accountable for corporate practices regarding climate sustainability, social responsibility, and governance. ESG risk factors are also emerging as financial risk that significantly impacts a company’s bottom line and valuation. Investors and asset managers are shifting their investment appetite toward companies with sound ESG management programs. Companies are also beginning to experience intense external pressure to define a measurable performance around their environmental and social impact. ESG is the next frontier for global business and a natural progression to GRC.

Cybersecurity is one of the top priorities and existential threats for organizations today. Concerns about ransomware, malware and other attacks are escalating to the board level. A company’s cyber-risk posture is also critical for investors because even a single risk event such as an attack or data breach can cause tremendous damage, ranging from financial consequences to supply chain disruptions and reputational impact.

Elaborate about the technology and methodology used in the MetricStream platform and why is it crucial for organizations to take up such a platform?

MetricStream is uniquely positioned to solve organizations’ Governance, Risk and Compliance (GRC) related problems. Our products and solutions offer a 360-degree view of risks and compliance to strengthen decision-making while accelerating risk response and mitigation. This enables organizations to improve business resilience and agility and build trust with regulators, investors, and customers. These include operational risk management, compliance, cybersecurity, vendor risk management, operational resilience, and business continuity management. With support for AI-powered recommendations, mobility, real-time reporting, advanced risk analytics, and regulatory notifications, MetricStream solutions are comprehensively designed to meet the GRC needs of today’s complex ecosystem of all industries, especially global banks and financial services institutions.

The MetricStream platform brings together data across departments empowering organizations to have enhanced visibility while helping them evolve from reactive risk management to proactive resilience-building. The platform also allows organizations to address evolving business and market needs and accelerate decision making with contextual, real-time intelligence delivered through advanced reports and analytics. It provides a single, integrated data model that removes friction between functional silos and serves as a single source of truth for real-time, risk-aware decision making.

What is in the pipeline for 2022?

In January, we announced ConnectedGRC solutions addressing the most urgent business challenges related to risk, compliance, audit, cyber risks, and environmental, social governance (ESG). Over the last 24 months, organizations have been challenged by a rapid increase of cybersecurity risks, business disruptions, regulatory pressures, and a constantly evolving need to demonstrate responsible business practices.

The old ways of managing risk siloed, compartmentalized, and manual are no longer effective or efficient. Risk is pervasive, stretching across the enterprise. Our focus for 2022 will be to enable leaders to manage, embrace, and thrive on risk by breaking down silos and implementing a Connected GRC strategy that becomes a single source of truth to make more strategic business decisions.

ConnectedGRC is powered by MetricStream Intelligence which includes embedded best practices, deep domain capabilities, artificial intelligence (AI) powered real-time insights, and risk quantification capabilities. Designed to address the primary challenges for today’s GRC professionals, ConnectedGRC offers three distinct product lines with a rapid time to value: BusinessGRC, CyberGRC, and ESGRC.

ALSO READ: Risk Management Systems and Suppliers Report 2021