Mitsui Sumitomo Insurance Europe

Profile

Mitsui Sumitomo Insurance Co. Ltd. is one of the largest general insurers of the world with over £6.4 billion and assets of more than £41.4 billion. Its European arm, Mitsui Sumitomo Insurance Europe, provides integrated underwriting, risk management and claims management services in Europe and also services global clients of its parent company in Japan.

Background

Compliance, governance and risk management reforms that followed the corporate failures of the past decade have dramatically changed today’s business environment. The Sarbanes-Oxley Act (SOX), a landmark regulation, was intended to make the financial reporting of public companies in the US more transparent, thus avoiding Enron-style scandals in the future. Mitsui, like many organizations that are not (yet) subject to SOX provisions have begun to adopt and implement SOX on a voluntary basis. The European Internal Audit team together with management has responsibility for managing SOX compliance for the London Syndicate and all the European branches in addition to ongoing activity running Internal Audit reviews through out Europe.

Client Challenge

Mitsui began complying with SOX manually using Microsoft Office™ tools such as Excel, Word and Visio which required maintaining and updating numerous spreadsheets, documents and related reports across multiple business entities. Manual processes are prone to error or omission and aggregating paper based results across the enterprise proved inefficient. Their existing technology was highly reliant on centralized staff know-how, making it difficult to delegate responsibilities to the field and adding complexity to the compliance process. In addition, Mitsui recognized that many activities overlapped with their existing Internal Audit ongoing process which resulted in unnecessary cost.

The Dynasec Solution: easy2comply™

Mitsui recognized the need to find an application that would help them achieve ongoing and efficient SOX compliance that would work in a more integrated manner with its Internal Audit activities.

After investigating market possibilities Mitsui chose easy2comply™, the Dynasec software application which provides a comprehensive GRC solution for managing multiple GRC processes in a single, integrated platform.

The software proved to be intuitive and quick to implement within Mitsui and used by many employees. The software provides all the functionality, workflow and management tools needed and can also be supplied with relevant best practice data.

The web-based software provides an all-in-one environment for both ongoing SOX compliance as well as Internal Audit. The solution can track, recognize and manage common controls across multiple processes and regulations and allow Mitsui to configure which information to share between the separate GRC functions. For example, easy2comply™ can allow the SOX testing results to be used as input to the Internal Audit Risk Assessment phase that determines the frequency of specific Audits.

Results

easy2comply™ provides a ‘state of the art’ solution for automating Mitsui’s SOX compliance and Internal Audit functions. The application enables a rationalized environment where all processes, risks and controls are managed in a single, non-redundant data model. The software reduces the time to compliance and increases overall efficiency by allowing Mitsui to hand over responsibility in the future for periodic control testing to the designated business process owners rather than forcing the centralized compliance staff to rely on external consultants. The system has addressed concerns over version control, which was an issue when using Excel/Word/Visio, and helped Mitsui spot discrepancies and inconsistencies between processes and documents.

“One of the unique feature of easy2comply™ is its ability to link controls between processes, thus enabling us to only update the results of our testing once for duplicated controls. This will be of increasing importance as our company grows seeing that the maintenance of multiple documents and numerous, overlapping controls is already unwieldy. The fact that the system can aggregate the underlying data into multiple report formats automatically saves us time compared to reproducing this manually for each process.”

Multinational Bank based in the Netherlands

Profile

This Dynasec client is a full-range financial services provider and is a global leader in sustainability-oriented banking. The Group is comprised of 183 independent local Dutch banks (1200 branches), a central organization, and a large number of specialized international offices. This bank serves 9 million clients with 56.000 employees working in 42 countries.

Background

As a multinational financial institution, the bank IT department faced the brunt of compliance and was dealing with over 50 different Governance Risk and Compliance (GRC) regulations and standards affecting including:

• International regulations such as Basel II, ISO17799, etc.
• Regional regulations like MiFID in Europe, Sarbanes Oxley in the US
• Local regulations in each and every country such as Tabaksblat in the Netherlands
• Internal of the different business IT and business units and departments

Client Challenge

The IT cost and efforts in managing this multitude of GRC regulations and standards were rising rapidly. There was a strong counter-reaction from the department managers that complained they were spending too much time answering repetitive questions from different auditors and consultants supporting separate audit processes and not leaving them and their workforce enough time to perform their day to day IT and business tasks.

PricewaterhouseCoopers (PWC) was assigned to reduce the complexity and achieve a consolidation of the separate GRC-IT processes into one embedded GRC process. PWC recognized that a software solution is required to accomplish this goal. After examining several BPM and GRC software vendors, PWC selected Dynasec as the only software vendor with real multi-compliance capabilities.

The Dynasec Solution: easy2comply™ CobiT

PWC introduced the bank to easy2comply™. At the heart of the proposed solution was the CobiT module. In the first phase, all the relevant requirements of high-level regulations were mapped in the software to CobiT’s 215 detailed control objectives CobiT within the software. In the second phase, all the detailed and legacy controls of IT standards and regulations were likewise mapped in the software to CobiT. In the final stage, the consultants reviewed each CobiT control objective and with the help of extensive tools provided by easy2comply, they identified and resolved redundant controls, created hierarchies of controls and when needed, added missing controls.

The initial Proof of Concept consisted of integrating two regulations for the IT department and it was completed successfully by Dynasec and PWC within 45 days. PWC and Dynasec together implemented a framework that will continue to allow audit and regulatory process to run individually with its own functionality, workflow and best practices, and at the same time provide a rationalized data model for all the IT-GRC processes.

Consequently, the bank decided to expand the project to include 8 additional standards. The full-fledged project of 10 standards was successfully implemented within 4 months.

Today, the project continues to expand and currently supports already twenty GRC processes including: Basel II, Sox, MiFID, IT Security based on ISO 17799, ITIL/ISO20000, Local Dutch regulations such as: ROB, WFD, Tabaksblat, Privacy Law, etc.

Results

To date, the bank has reduced the number of controls in the 50 GRC processes from nearly 5,000 down to 1,200 controls, achieving a reduction of 76% in the number of controls being managed and tested. This has enabled the bank to reduce the overall costs by 50% and to substantially reduce the time to compliance.

Multinational Bank based in the Netherlands

Profile

This Dynasec client is a full-range financial services provider and is a global leader in sustainability-oriented banking. The Group is comprised of 183 independent local Dutch banks (1200 branches), a central organization, and a large number of specialized international offices. This bank serves 9 million clients with 56.000 employees working in 42 countries.

Background

As a multinational financial institution, the bank is required to comply with over 50 different Governance Risk and Compliance (GRC) processes including:

• International regulations such as Basel II
• Regional regulations like MiFID in Europe and Sarbanes Oxley in the US
• Local regulations in each and every country such as Tabaksblat in the Netherlands
• Internal Governance standards of the different business units, departments and IT

Client Challenge

The bank’s cost and efforts in managing this multitude of GRC regulations and standards were rising rapidly. Within the project over 200 compliance personnel were involved. There was a strong counter-reaction from the business department managers in the field. They complained they were spending too much time answering repetitive questions from different auditors and consultants supporting separate audit processes for several regulations and not leaving them and their workforce enough time to perform their day to day business tasks.

PricewaterhouseCoopers (PWC) was assigned to reduce the complexity and achieve a consolidation of the separate GRC processes into one embedded GRC process. PWC recognized that a software solution is required to accomplish this goal. After examining several BPM and GRC software vendors, PWC selected Dynasec as the only software vendor with real multi-compliance capabilities.

The Dynasec Solution: easy2comply™

PWC introduced the bank to the Dynasec solution composed of two elements: Dynasec’s integrated GRC software platform, together with Dynasec’s GRC modeling approach, a process that provides for the integration of separate GRC processes based on the software’s unique data model and architecture: a common data repository for all GRC processes, a common management layer for reports, dashboards, simulations, etc., and the software’s Entity Relation Diagram technology that enables control reduction and efficient GRC architecture via complex relationships and hierarchies between the data entities.

The initial Proof of Concept consisted of integrating two regulations and it was completed successfully by Dynasec and PWC within 45 days. PWC and Dynasec together implemented GRC Modeling at the bank which allows each regulatory process to run individually with its own functionality, workflow and best practices, and at the same time provides a rationalized data model for all the GRC processes.

Consequently, the bank decided to expand the project to include 8 additional standards. The full-fledged project of 10 standards was successfully implemented within 4 months.

Today, the project continues to expand and currently supports already twenty GRC processes including: Basel II, Sox, MiFID, IT Security based on ISO 17799, CobiT v4, ITIL/ISO20000, Local Dutch regulations such as: ROB, WFD, Tabaksblat, Privacy Law, etc.

Results

To date, the bank has reduced the number of controls in the 20 GRC processes from nearly 5,000 down to 1,200 controls, achieving a reduction of 76% in the number of controls being managed and tested. This has enabled the bank to reduce the overall costs by 50% and to substantially reduce the time to compliance.

Generali Group Subsidiary Migdal Insurance
and Financial Holdings Ltd.

Profile

Migdal Insurance and Financial Holdings is a subsidiary of Generali Group the 3rd largest insurance group in Europe and the 30th largest company in the "Fortune Global 500" worldwide ranking, with a 2007 total premium income of over € 66 billions.

As of December 2007, Migdal Group is the leading insurance and financial services company in Israel and provides its customers with a wide variety of insurance products, pension and long-term financial holdings services.

Background

Migdal Group like many insurance companies today is facing increased risk and regulatory pressures. The Capital Markets, Insurance and Savings Division of Israel’s Ministry of Finance which regulates the local insurance and financial services industry has seriously toughened its regulatory arm and has issued new and toughened regulations in the past few years. The heightened regulations cover all facets of business operations including SOX for financial internal control management, Solvency II for Operational Risk management, Information Security standards enforcement as well as multiple legislations for specific financial service providers such as insurance, pension funds, capital markets and others, almost all of which are relevant for the Migdal Group.

Client Challenge

Complying with each individual regulation is always complicated and costly and at Migdal, involved managing lengthy Excel spreadsheets. Complying with the multiple new and existing overlapping regulations was becoming a burden which Migdal decided to handle strategically.

Migdal surveyed the market for risk management and compliance solutions that were able to manage risk and compliance holistically throughout the enterprise. Several suppliers were researched including ERP vendors, Business Process Management (BPM) vendors and GRC specific companies, among them Dynasec. The ‘instinctive’ choice for Migdal was to use the GRC solution offered by its ERP vendor since the ERP system was widely implemented throughout the organization.

The Dynasec Solution: easy2comply™

Migdal ultimately selected easy2comply™ solution to provide an enterprise wide risk management and compliance solution.

"Time to implement was a major decision factor for us”, says Yossi Kelberman, SOX Project Manger who managed the GRC vendor selection process at Migdal. “Before taking a decision, we conducted a pilot and found easy2comply™ solution to be intuitive, practical and therefore easily deployed and implemented at Migdal."

“Migdal has different teams managing difference compliance processes separately but we were looking strategically for an enterprise wide risk management system.” says Yossi Gavish, VP of Operational Risk at Migdal. "We liked easy2comply™'s integrated approach that provides a common platform for integrating and sharing information between the different compliance processes while allowing each team to manage its process independently”

Before project implementation, Dynasec and Migdal performed a GRC Modeling process at Migdal in order to define a common terminology and define the relationships between the GRC building blocks and entities at Migdal.

Results

easy2comply™ provides a ‘state of the art’ solution for automating Governance, Risk Management and compliance processes at Migdal.

Currently the system supports 4 separate risk management and compliance ‘silos’ at Migdal: Internal Control management based on SOX, Operational Risk based on Solvency II, Information Security and regulatory compliance. easy2comply™ implementation started at the core insurance company and within several months was expanded to include other companies in the Migdal group and continues to grow.

“easy2comply™’s multi-regulatory capabilities are perfectly suited to meet the enterprise wide needs of a large insurance conglomerate such as the Generali subsidiary Migdal.” says Ayelet Porat, VP of Sales at Dynasec. “We are honored that the Generali subsidiary Migdal joins our growing list of insurance customers and even prouder of the quick implementation and adoption of our platform at Migdal."