RiskBusiness is an award winning provider of Risk Content for use within both Graci and the RiskIntelliSet solution, or alternately for use in other third party GRC solutions or any in-house application developed by the firm itself.
The Risk Content Taxonomy Library consists of a number of pre-defined libraries of core data hierarchy elements, with full definitional content, including libraries of Risk Types, Risk Categories, Business Lines, Products Types, Process Types (Business Functions), Causal Types, Control Classes, Control Types and various Impact Types. These taxonomy elements are supported by taxonomy attributes, that is, various common classification mechanisms in the public domain, such as industry types, geographic segmentations, etc. and taxonomy dimensions, low-level sub-classification structures. The Taxonomy Service is delivered as an online encyclopaedia which can be used as-is or where unique internal taxonomies can be customized to meet firms individual needs and strategies.
The KRI Library consists of over 2,500 fully specified risk, control and performance indicators focussed on banking and asset management, as well as over 1,500 fully specified indicators focussed on (re)insurance, with many of the 4,000-odd indicators equally relevant to non-financial services firms. Each indicator was generated by industry practitioners, linked to specific business lines, product types risk categories and process types where they may be applied. Each indicator in the KRI Library is fully specified in order to ensure complete clarity regarding the nature of the data to be collected – important when you want to ensure ‘apples-to-apples’ comparisons between businesses and critical where you intend to aggregate individual indicator data across your organisation. You have the option to use indicators as specified, to amend indicators to meet your own specific requirements or to document your own private indicators in the KRI Library.
Many organisations create their own scenarios, using different methods to assist in identifying possible scenarios, such as expert opinion, public loss data sources and brainstorming techniques. But merely identifying a possible scenario is just the starting point – how can we be sure we have covered all the possible types of risks we may face? How do we classify or categorise our scenarios? How do we cross-reference our scenarios to our loss data, risk and control assessments, KRIs and to consortium or public loss data? How do we know that the parameters we are using are both realistic and in line with our industry peers?
The Risk Content Scenario Library is an online database containing both individual scenario events and consolidations of scenario events into complete multi-variable scenarios of adverse and unexpected events which may impact negatively on an organisation. Firms can browse the different categories of scenario, select those they feel could apply to them and then download the scenario for their own internal use and evaluation, while adding their own scenario events or entire scenarios if they wish to.
In today’s world, the financial services sector is perhaps the most heavily regulated industry of all, with a multitude of rules, laws and regulations which need to be complied with, issued by local, state, federal, national and pan-national bodies with various forms of authority. And it is not just the existing body of rules, laws and regulations, but the apparently never-ending tsunami of new rules, laws and regulations which firms need to comply with and ensure that all their staff also comply with.
It is against this background that the Risk Content Regulations Library has been developed, which both provides standard rules, laws and regulations and facilitates each firm adding those rules, laws and regulations specific to them which the firm needs to comply with. With additional licenses from third party content providers, such as law firms and commercial legal/regulatory content providers, the Regulations Library becomes the cornerstone of the firm’s compliance programme, facilitating compliance assessments, compliance attestations and the management of compliance findings, if and wherever the risk of non-compliance is detected.
For each rule, law or regulation, the various sections and sub-sections can be defined, providing both the original text, relevant footnotes or references and illustrations, with a link to both the external source where that rule, law or regulation can be found and to a downloadable copy of the rule, law or regulation.
Every day, literally hundreds of firms suffer actual or near-miss adverse or unexpected events, from which other firms can learn valuable lessons and learn about emerging threats and risks. Covering all forms of banking and insurance, as well as many other non-financial services industry sectors, governance, risk, audit and compliance-related news stories from around the world are collated and presented in a structured manner in the Risk Content Newsflash Library. The Newsflash Library is updated daily as and when relevant new stories emerge, resulting in a database currently containing more than 50,000 individual newsflashes, which facilitates the firm comparing the information provided to its own internal controls, processes, exposures and business activity. While, as is the case with all information in the public domain, the information provided is only as good as what has been released or discovered, wherever possible each newsflash identifies the primary party(s) involved, indicates the industry and within each industry, the specific business line involved and provides a quantification of the estimated or actual impact of the event, as well as indicating the appropriate risk category the event would be classified into and the process type where it occurred.
Graci’s Intelligence module is focused on bringing together a diverse set of information from within and outside the firm, then interpreting and aggregating that information into intelligence to facilitate informed business and risk decision making. Graci Intelligence employs cognitive behaviour theory, augmented machine learning, the Gracie intelligent digital assistant and an army of Crawlies (data collection applications) to harvest, classify, monitor and aggregate data, then to alert those individuals with a specific need-to-know at the earliest possible opportunity.
The Intelligence module hosts the Newsflash Library of public loss events; supports industry loss data consortia; industry benchmarking and industry risk profiles; provides benchmarks and ratings on risk governance, cyber security and related industry metrics; and supports establishing and monitoring the firm’s reputational barometer, both for itself and for its critical business partners and supply chain.
The Graci Core Infrastructure module provides a wide range of common functionality used across the five core functional modules within Graci, namely: Governance, Risk, Audit, Compliance and Intelligence.
The Core Infrastructure includes remedial and corrective action management; authorisation and attestations; meetings, agendas and minutes; documents and notes; audit trails; calendars, notifications and alerts; review cycles; the management of rating bands, frequency bands and impact bands; currency exchange rates; and technical and functional administration of Graci itself.