Waystone -Enterprise Risk Management
About ERMA
The Enterprise Risk Management Application (ERMA) is a sophisticated platform designed to manage various risk factors across the enterprise, with its primary components being Events and Decisions.
Events, within the context of ERMA, are defined as any occurrences or potential scenarios that might adversely impact Waystone, be it financially, operationally, or from a regulatory or legal standpoint.
These events are meticulously logged by personnel spanning across Waystone’s diverse business units. Upon logging, these events undergo a comprehensive review process by both the Compliance and Risk departments, which contribute their insights for the formulation of appropriate Corrective Actions. Furthermore, these events can be categorized into several types such as pre-emptive (Internal Audit findings), non-events, breaches, or incidents that transpire.
On the other hand, Decisions encapsulate situations where a business unit (BU) necessitates guidance from a pertinent Risk Committee or other control functions. Decisions may pertain to policy and procedure exceptions, establishment of new outsourcing partnerships, data privacy impact assessments, recommendations for existing high-risk clientele, or the introduction of new products, licenses, or business lines requiring a decision from a relevant Risk Committee.
- .Net Core
- Razor
- Azure Data factory
- Microservices
- Azure MS SQL
- CSS
- jQuery
- JavaScript
Events, within the context of ERMA, are defined as any occurrences or potential scenarios that might adversely impact Waystone, be it financially, operationally, or from a regulatory or legal standpoint.
These events are meticulously logged by personnel spanning across Waystone’s diverse business units. Upon logging, these events undergo a comprehensive review process by both the Compliance and Risk departments, which contribute their insights for the formulation of appropriate Corrective Actions. Furthermore, these events can be categorized into several types such as pre-emptive (Internal Audit findings), non-events, breaches, or incidents that transpire.
On the other hand, Decisions encapsulate situations where a business unit (BU) necessitates guidance from a pertinent Risk Committee or other control functions. Decisions may pertain to policy and procedure exceptions, establishment of new outsourcing partnerships, data privacy impact assessments, recommendations for existing high-risk clientele, or the introduction of new products, licenses, or business lines requiring a decision from a relevant Risk Committee.
About Waystone
Waystone leads the way in specialist services for the asset management industry.
Partnering with institutional investors, investment funds, and asset managers, Waystone builds, supports, and protects investment structures and strategies worldwide. With over 20 years of experience and a comprehensive range of specialist services to its name, Waystone is serving assets under management in excess of $2Tn.
Waystone provides its clients with the guidance and tools to allow them to focus on managing their investment goals with confidence.
CHALLENGE
As Waystone expanded, the risks the company faced needed to be centrally managed, this made reporting labor-intensive, and data was scattered across various platforms, making it difficult to access and interpret.
A system was needed to provide in-depth insights into the data to create the level of detail required for a control library and audit trail. It had to ensure robust compliance and incident reporting mechanisms across all entities within Waystone.
Waystone selected CliffAir to develop its customized ERM system, to ensure scalability and a simple yet intuitive user interface.
SOLUTION
CliffAir developed a customized software solution (ERMA) to transform Waystone’s previouslytime and labor-intensive risk management processes into a single integrated platform.
ERMA acts as a central hub for various jurisdictions while at the same time segregating data to ensure data security and privacy and simultaneously allowinggroup reporting on them for the region and business unit heads, and the events and decisions logging process can be customized per each jurisdiction’s requirement.
Key functionality within ERMA includes risk event or incident reporting and remediation, risk and control self-assessment, risk appetite, key risk indicators, and reporting.
ERMA has various modules:
The app required several complex features and integrations
Events and Decisions Module
Standardized, detailed, and auditable recording of events occurring and decisions made within Waystone Business Units overseeing each to completion and are required to meet regulatory expectations.
Control Inventory
An inventory of Business Units and Core Functions controls, with a review date (at least annually) and an owner facilitating the tracking of annual reviews. Automated notifications ahead of review dates are sent to the owners.
Risk Dashboard
Provides an overview of the real-time risk impact assessment arising out of events occurring and decisions made within Waystone Business Units is used to guide Risk Register adjustments.
Risk Registers
Inventory of risks identified within eachWaystone Business Unit, whereby the inherent risk rating, mitigants, and residual risk rating for each risk is documented. It also highlights whether the Waystone Business Unitis within risk appetite by comparing the residual risk rating against the risk appetite.
Compliance Dashboard
Compliance ensures that all events that impact regulations or enterprise risk management meet regulatory expectations.
Operational Resilience
The Operations Resilience Module allows Waystone Business Unit and Group to have a full-service catalog that clearly illustrates the dependencies between the regulated service, core functions, outsourcing, GDPR, etc., and all relevant owners. It also houses Crisis Management Protocol for an appropriate response to a severe but plausible incident impacting regulated services.
Reporting Modules
The app required several complex features and integrations
RCSA
This module in ERMA facilitates a self-assessment of controls in place and an attestation as to whether the controls are considered fit for purpose by the Business Units & Core Functions leads. Business Units & Core Functions on a half-yearly basis undertake an assessment in ERMA with definitive deadlines set and results reported to both Business Units and Waystone Group Boards.
Client Risk Assessment
This module contains two risk assessments Jurisdiction and Strategy Risk Assessment.
BURC (Business Unit Risk Committee)
This module contains auditable records of changes made to Risk Registers by Risk Committees quarterly.
Risk Committee Preparation
Facilitates efficient auditable preparation for Risk Committees within Waystone entities.
The Value Add
Identify Emerging Risks And Opportunities
Empowers decision-makers to take quick and confident decisions by linking data from multiple sources into custom dashboards from tools like PowerBI
Comply With Standards And Regulations
Demonstrate compliance to regulators and key stakeholders with a smart and modernized risk management tool.
Seamless digitalization
Without losing anything in translation, Waystone could easily consolidate data from a wide range of digital sources within ERMA.
Organization-wide insights
Central management enjoys holistic views of the entire organization as well as granular views of individual business units.
Improved international collaboration
ERMA has been designed to facilitate linkages between it and other systems to enhance user experience and ease of information gathering on items such as SharePoint and Power BI.
Improved risk controls
Since the right staff members are immediately alerted and kept aware of any issues or outstanding assignments, they can take swift and accurate action – and with an increased understanding of ERMA, they are better placed to identify new risks.
Real-time reports and audits
Using a system or application such as ERMA to house risk assessments will make the decision-making process more efficient and robust as will maintain a full audit trail
Managers can consolidate real-time data from multiple sources and create custom reports for boards, committees, and regulators.
Informing the board
ERMA’s Power BI reporting tool provides Waystone’s Board visibility of dashboards and trackers to stay informed about key actions and themes.
Contact us
Get Expert Advice
Friendly Consultants
No-Obligation Meeting
We Sign NDA
100% Confidential
