Multinational Bank based in the Netherlands

Profile

This Dynasec client is a full-range financial services provider and is a global leader in sustainability-oriented banking. The Group is comprised of 183 independent local Dutch banks (1200 branches), a central organization, and a large number of specialized international offices. This bank serves 9 million clients with 56.000 employees working in 42 countries.

Background

As a multinational financial institution, the bank IT department faced the brunt of compliance and was dealing with over 50 different Governance Risk and Compliance (GRC) regulations and standards affecting including:

• International regulations such as Basel II, ISO17799, etc.
• Regional regulations like MiFID in Europe, Sarbanes Oxley in the US
• Local regulations in each and every country such as Tabaksblat in the Netherlands
• Internal of the different business IT and business units and departments

Client Challenge

The IT cost and efforts in managing this multitude of GRC regulations and standards were rising rapidly. There was a strong counter-reaction from the department managers that complained they were spending too much time answering repetitive questions from different auditors and consultants supporting separate audit processes and not leaving them and their workforce enough time to perform their day to day IT and business tasks.

PricewaterhouseCoopers (PWC) was assigned to reduce the complexity and achieve a consolidation of the separate GRC-IT processes into one embedded GRC process. PWC recognized that a software solution is required to accomplish this goal. After examining several BPM and GRC software vendors, PWC selected Dynasec as the only software vendor with real multi-compliance capabilities.

The Dynasec Solution: easy2comply™ CobiT

PWC introduced the bank to easy2comply™. At the heart of the proposed solution was the CobiT module. In the first phase, all the relevant requirements of high-level regulations were mapped in the software to CobiT’s 215 detailed control objectives CobiT within the software. In the second phase, all the detailed and legacy controls of IT standards and regulations were likewise mapped in the software to CobiT. In the final stage, the consultants reviewed each CobiT control objective and with the help of extensive tools provided by easy2comply, they identified and resolved redundant controls, created hierarchies of controls and when needed, added missing controls.

The initial Proof of Concept consisted of integrating two regulations for the IT department and it was completed successfully by Dynasec and PWC within 45 days. PWC and Dynasec together implemented a framework that will continue to allow audit and regulatory process to run individually with its own functionality, workflow and best practices, and at the same time provide a rationalized data model for all the IT-GRC processes.

Consequently, the bank decided to expand the project to include 8 additional standards. The full-fledged project of 10 standards was successfully implemented within 4 months.

Today, the project continues to expand and currently supports already twenty GRC processes including: Basel II, Sox, MiFID, IT Security based on ISO 17799, ITIL/ISO20000, Local Dutch regulations such as: ROB, WFD, Tabaksblat, Privacy Law, etc.

Results

To date, the bank has reduced the number of controls in the 50 GRC processes from nearly 5,000 down to 1,200 controls, achieving a reduction of 76% in the number of controls being managed and tested. This has enabled the bank to reduce the overall costs by 50% and to substantially reduce the time to compliance.