Using data and analytics to shift the discussion from risk ......Oct 10, 2018 · Expertise:...

ServiceNow® GRC at MLC Life Insurance

Using data and analytics to shift the discussion from risk to control

Manager, Risk Systems and Data Analytics,

MLC Life Insurance

Greg Dominish

© 2018 ServiceNow, Inc. All Rights Reserved. Confidential.

Who we are and who we work for.

What’s interesting:

• Our 130 year old company is in “start-up

mode” as we become a standalone Australian

Life Insurer

• Opportunity to build risk and compliance

systems and capability …from scratch

• 80% owned by, Nippon Life – opportunity to

benefit from their experience as the world’s 8th

largest life insurer.

Agenda Know the Context

Set Outcomes and Goals

Use Data and Analytics

Work towards automation

Build maturity as you go


Name: Greg Dominish

Title: Manager, Risk Systems and Data Analytics

Function: Line 2 Risk

Company: MLC Life Insurance

Speaker Introduction

Experience/Expertise: 4 years in Risk and Compliance systems, prior to that 20 years as a SAP consultant

with Accenture, IBM, Open Text and independent consultant across multiple industries.

Expertise: ServiceNow Administrator, Performance Analytics, GRC

Achievements: Implemented risk systems at National Australia Bank and MLC Life. Increased risk event

management compliance at MLC Life Insurance from 20% to 80%.

Current Projects: Driving process efficiencies, implementing data analytics, upgrade to Kingston.

Company Bio: Managed Risk Systems since Day 1 of MLC Life Insurance.


The MLC Life Insurance business provides the following products to it’s customers via:

• Advisers, and

• Group Insurance providers, such as employers or superannuation companies:

MLC Life Insurance

Complex product offering = complex risk/ compliance profiles

• Life Cover

• Income Protection

• Total and Permanent

Disability TPD

• Child Critical Illness

• Business Expenses

• Debt Protection

• Accidental Death

• Occupationally Acquired Infection

• Critical Illness


Digital Transformation. Cloud Focus. Customer focus.

• MLC Life Insurance is undertaking Digital Transformation – including big data and cloud technology.

• This significant overhaul of our technology provides better, more tailored solutions for our customers. Examples include:

• “Best Doctors” network of worldwide medical

specialists

• Wearable technology options linked to our

products.

• Digital underwriting platform delivers speed

and certainty for customers & advisers

Technology Transformation


• Do something new: deliver the same or better GRC capability as the more

established GRC providers

• Make risk management more effective:

move away from traditional approaches to risk management,

monitoring and reporting

• Transition to transformation: keep it

simple, build don’t assume maturity, be ready for transformational opportunities

Our Challenges

Likelihood = Risk x Consequence

Risk Profile Heat Map

A New Approach Needed


The key outcomes wetargeted were:

• Integration of risk and compliance into operational management, using…

• Controls management as an integral part of operations, to create…

• A risk and compliance culture







Key outcomes: to integrate risk and compliance into operational management … using controls.

Goals to achieve this: ServiceNow provided us with the ability to:

Outcomes and goals

Enable data-driven decisions

Build a user-friendly system

Provide a clear pathway to automation

Outcome: Integration of risk into operations management


System Usability

Technology

Language

Partner engagement

KEEPIT

SIMPLE

Build a user-

friendly system


A single platform

Technology


Phased approach

Technology


System Usability

Partner Engagement

Old EMS

36 fields required to

be completed when

raising an event

New EMS

10 fields required to

raise an event

Time to complete event form

40 minutes down to

3 minutes

Technology


Clear system/business outcomes

Partner EngagementTechnology

Outcome Before After

Single point of entry

• Mult iple platforms

• Dispersed and silo based report ing

• Single platform, single sign on

• Transparency and accountability -

what gets measured gets managed

Self-service • Data on personal drives

• Manual report ing service (takes

hours)

• Data often 3 weeks old by the

t ime it gets to Board

• Cloud

• Self-service, tailored automated

report ing (takes seconds)

• Resources redirected to more value-

added activit ies

Accessibility • Upon request only

• Desktop access

• Onerous audit reviews

• Up to the minute data

• Mobile app

• Independent audit reviews


“MLC Life” friendly language

Language

• Aligned to our ambition of being Australia’s biggest and most trusted

Life Insurer – effective risk management protects our customers, our

reputation, each other and our business.

• The language of risk and compliance is often over-complicated

• ServiceNow allowed us to translate the out-of-the-box language into

MLC Life Compliance English, for example:

“Creating central

libraries for risk,

compliance and

control was key”

Service Now GRC MLC Life

Authority document Obligation source

Citation Obligation library

Policy statement Obligation

Profile type Business unit

Profile Cost Centre/ Business unit relationship

Policy (N/A)


Choosing a partner

Partner Engagement

ServiceNow Consulting Services


Enable data-

driven decisions

Having established the system, we

now needed to capture the data…

…and report on it

ServiceNow Performance Analytics provided a simple way of delivering

data to our key stakeholders







Data cleansing

Prior to the implementation of the GRC system – spread-sheet chaos!

• Data stored in multiple locations and in multiple formats

• Inconsistent use of labels and terminology

• No single view of the organisation, no ability to collate information

Post implementation of the GRC

Single source of truth

Consistency of language

Data rationalisation

Connectivity & alignment

Obligations

6600 1900

Risks

700 63

Controls

4000 103

Enable data-

driven decisions


Performance analytics

Live demonstration from system

• The Monthly Events Report is sent to out each month

• Historical monthly events reports can be accessed via the Governance,

Risk & Compliance (GRC) Knowledge Page

• Real-time events information can be accessed via the Risk Events

Dashboard, and are sent out weekly via an automated email

• Tailored Dashboard have been setup for Executive and Nippon

• Risk and controls libraries

Enable data-

driven decisions


This is what cultural change looks like...

…and the Executive started

calling individuals who had

overdue actions…

Events process

compliance

…events raised on time,

actioned on time

20%

80% Other key figures:

• Events closure rate

• Number of events open > 1 year

• Time taken to report events to regulator

Events users

…improved operational

transparency

281

514

Enable data-

driven decisions


Provide a clear

pathway to automation

• Automation isn’t just sending

workflow notifications

• It’s also about using the simplicity

of the system to make it

“automatic for the people”

• What gets measured gets done –

establish key metrics







Working towards automation

Simplified Forms and

data libraries

Pre-population of

compliance fields

Automated reporting

Data correlation

analysis

Workflow

notifications

Risk and Control test

notifications

Automated data

integration

Enterprise risk

reporting

Provide a clear



Business benefits of automation

Better Insights

• Focus where the risk and rewards are high

• Risk now being engaged more often and

earlier

Resource Efficiencies

• ~160 hours of work time saved through

reduced administration. This is equivalent

to four FTE

Move away from rigid review cycles and reports

• Real time reporting direct from the system

• 7 paper based reports removed from

circulation

Refocus FTE

• Risk resources now focused on more value

added activities such as critical control

integrity reviews, risk deep-dives and

enterprise change initiatives

Provide a clear



This is just the beginning…







Building risk maturity

Do I have to do this? Let’s do this! / Just do it!

- Trusted business advisor


Building risk maturity – with Agility


Building maturity

Outcome: Risk management, by definition, is the exercise of control

Understand the risk

and compliance

environment

Analyse the

effectiveness of

controls

Take Action!

Most systems stop here!


What maturity means for us

• The Automate administrative tasks

• Align to core business processes

• Simple, effective, rapid screening of risks

• Allows refocus of expert resources onto value-added activities

• Positive assurance

• Shift from reviewing risk to pricing of controls

• Genuine management of high risk exposures


How to build maturity

Agree terminology upfront

The system is a tool. It augments

existing expertise

Leverage your internal business

experience

Involve key stakeholders early

& often

[email protected]

Questions?

Thank you

Using data and analytics to shift the discussion from risk ......Oct 10, 2018 · Expertise:...

Documents

Transcript of Using data and analytics to shift the discussion from risk ......Oct 10, 2018 · Expertise:...