Multinational Bank based in the Netherlands

Profile

This Dynasec client is a full-range financial services provider and is a global leader in sustainability-oriented banking. The Group is comprised of 183 independent local Dutch banks (1200 branches), a central organization, and a large number of specialized international offices. This bank serves 9 million clients with 56.000 employees working in 42 countries.

Background

As a multinational financial institution, the bank is required to comply with over 50 different Governance Risk and Compliance (GRC) processes including:

• International regulations such as Basel II
• Regional regulations like MiFID in Europe and Sarbanes Oxley in the US
• Local regulations in each and every country such as Tabaksblat in the Netherlands
• Internal Governance standards of the different business units, departments and IT

Client Challenge

The bankÔÇÖs cost and efforts in managing this multitude of GRC regulations and standards were rising rapidly. Within the project over 200 compliance personnel were involved. There was a strong counter-reaction from the business department managers in the field. They complained they were spending too much time answering repetitive questions from different auditors and consultants supporting separate audit processes for several regulations and not leaving them and their workforce enough time to perform their day to day business tasks.

PricewaterhouseCoopers (PWC) was assigned to reduce the complexity and achieve a consolidation of the separate GRC processes into one embedded GRC process. PWC recognized that a software solution is required to accomplish this goal. After examining several BPM and GRC software vendors, PWC selected Dynasec as the only software vendor with real multi-compliance capabilities.

The Dynasec Solution: easy2complyÔäó

PWC introduced the bank to the Dynasec solution composed of two elements: DynasecÔÇÖs integrated GRC software platform, together with DynasecÔÇÖs GRC modeling approach, a process that provides for the integration of separate GRC processes based on the softwareÔÇÖs unique data model and architecture: a common data repository for all GRC processes, a common management layer for reports, dashboards, simulations, etc., and the softwareÔÇÖs Entity Relation Diagram technology that enables control reduction and efficient GRC architecture via complex relationships and hierarchies between the data entities.

The initial Proof of Concept consisted of integrating two regulations and it was completed successfully by Dynasec and PWC within 45 days. PWC and Dynasec together implemented GRC Modeling at the bank which allows each regulatory process to run individually with its own functionality, workflow and best practices, and at the same time provides a rationalized data model for all the GRC processes.

Consequently, the bank decided to expand the project to include 8 additional standards. The full-fledged project of 10 standards was successfully implemented within 4 months.

Today, the project continues to expand and currently supports already twenty GRC processes including: Basel II, Sox, MiFID, IT Security based on ISO 17799, CobiT v4, ITIL/ISO20000, Local Dutch regulations such as: ROB, WFD, Tabaksblat, Privacy Law, etc.

Results

To date, the bank has reduced the number of controls in the 20 GRC processes from nearly 5,000 down to 1,200 controls, achieving a reduction of 76% in the number of controls being managed and tested. This has enabled the bank to reduce the overall costs by 50% and to substantially reduce the time to compliance.