International Bank Resets GRC Practices With Archer

From compliance with changing regulations to market fluctuations to security threats, managing risk across an enterprise is a constant and complex endeavor. And for an international banking institution, taking a holistic approach with a governance, risk, and compliance (GRC) platform across major business units was the way to go.

The bank had been using solutions from Archer, a premiere GRC vender. But the installations were aging, located on-premise, and overengineered with connections to numerous, and in many cases, unnecessary data feeds. Consequently, the systems in place were sluggish, cumbersome to use, and did not meet the requirements of business units that needed governance and compliance tracking. These systems that were so critical to healthy banking operations were severely underutilized. Furthermore, the bank suspected that it was overpaying for licenses that were not yet in use and that the operational spend was excessive.

The bank felt it was time to audit and refine its GRC solutions, and determined a number of goals:

• identify performance improvements
• improve user interaction
• set new design standards
• identify waste

The bank hired SoHo Dragon for its Archer Health Check & Roadmap offering based on its brand excellence and prior working relationships. SoHo was asked to assess existing Archer modules and to optimize the bank’s use of the tool.

Over a three-month period, SoHo did a thorough review of both the Archer use cases (solutions) and the back office of the platform at the bank for each business unit where the software was deployed. The 220-page audit findings confirmed the bank’s suspicions: of 11 use cases that were deployed 2 were unused and unnecessary. That translated into 33 applications and seven assessments that were currently not being utilized. Along with the baggage of excess applications, there were nearly 100 data feeds flowing into the system that were not in use and were causing excess performance consumption that slowed down the system. Additionally, SoHo found that the solutions in use were siloed so that user experiences were not uniform across the use cases.

SoHo’s audit showed that streamlining solutions would not only reduce costs, but also would ease the bottleneck and speed the flow of data, helping the risk and compliance workflow run more smoothly. To further slim down use cases and simplify the bank’s GRC infrastructure, SoHo recommended moving GRC operations from on-premise deployments to the cloud using Archer’s SaaS offering and implementing the vendor portal to streamline integrations with third-party assessments

Soho audited Archer use cases for these purposes:

• Operational Risk Management
• Regulatory Change Management
• Third-Party Risk Management
• New Product Assessments

The bank was pleased with the audit results and proceeded to follow SoHo’s recommended roadmap, including a decision to migrate GRC solutions to the cloud. After making strides against the SoHo roadmap in certain areas but finding roadblocks and challenges in others, the bank contacted SoHo Dragon to return to the engagement and execute its recommendations as the lead strategy, architectural, and technical best practices partner. The bank needed not only the architectural expertise, but also GRC program governance and it awarded SoHo Dragon this contract. SoHo is currently engaged in a multi-vendor implementation in this capacity with constant cross-collaborations, workstreams, and deliverables.

With SoHo Dragon on board to guide the engagement to conclusion, the client is well on its way to achieving its goal to have updated use cases with a consistent user experience tailored to its respective business units, with data integration across the solutions. With fewer and less costly licensure, streamlined data integrations based on regulatory requirements, and a reduction of data blockages, the bank looks forward to enhanced performance and increased user adoption across the enterprise. Here are some of the anticipated outcomes.