bankingciooutlook

Nasdaq BWise: Holistic Management of Key Financial Risks

Adena Friedman, President, Nasdaq BWiseAdena Friedman, President In today’s highly competitive business environment and surging customer demand, managing risk and compliance has evolved as a crucial factor for success. Now, more than ever, the dynamic banking arena is facing constant changes in compliance expectations—driving financial institutes to the threshold. The risk and compliance paradigm has changed—they are not only bound to rules-based banking regulations, but have become more convoluted and entwined; ultimately causing compliance control breakdowns. In such a scenario, financial institutions need a new approach to compliance and operational risk management that would help them solve the multiple regulations puzzle and meet the changing demands of stakeholders—shareholders, regulators, and credit rating agencies. “Being in control of an enterprise’s risk management and regulatory compliance is essential to the survival of banks or financial services firms,” remarks Adena Friedman, President, Nasdaq BWise. Heading into this situation, the industry requires an able coryphaeus— Nasdaq BWise, the risk and compliance division of Nasdaq which provides a Governance, Risk management, and Compliance (GRC) platform that assists financial institutions to manage and ensure compliance and empower stakeholders with more transparent insights into their operations.

"Bwise is the cornerstone of our GRC portfolio"

Being an innovator in delivering risk and compliance software, BWise’s integrated GRC platform helps organizations track, measure, and manage key risk using a single system. The BWise GRC platform entails multiple role-based solutions, which are seamlessly integrated into one system to help departments across an enterprise work from one common risk taxonomy. Additionally, the GRC platform offers a common language for internal audit, risk, and compliance and helps companies identify, understand, measure, and manage risks on a holistic level. This not only delivers increased corporate accountability, improved financial, strategic, and operational efficiencies, but also lowers risk profiles, incident costs, and enhances overall business performance. The platform offers role based solutions for internal audit, risk management, compliance and policy management, internal control, information security and sustainability performance management.

BWise GRC platform focuses on the use of portlet technology to create highly flexible role-based interfaces, providing its users the information and functionalities needed to perform all their tasks on a single screen. With this technology, BWise combines the GRC information gathered from different sections of the application in a flexible manner to create pages that are highly tailored to the specific needs of each role.

The platform includes further features such as sending alerts, automatically attaching emails, and RESTful API enhancement enabling integration of the BWise GRC Platform with any third party application such as audit planning, incident management or trade surveillance; and improved usability combined with the portlet technology—allowing easy and flexible maintenance of process diagrams and approval workflows.

End-to-End Compliance and Policy Management

In addition to its GRC offerings, BWise’s Compliance and Policy Management captures regulatory alerts and ensures follow-up. The solution is also a part of the BWise integrated GRC Platform and provides enhanced visibility on internal compliance activities and real-time regulatory alerts from various sources, such as StateScape, ERC Portal, FINRA, and UCF. It assists compliance teams to identify how the regulations impact the company policy and business process. Through this, the team can determine whether to engage business process owners using targeted compliance assessment campaigns and action plans to remediate compliance issues as efficiently and effectively as possible. With the help of the Compliance and Policy Management platform, organizations can analyze and assess the impact of regulatory changes.


Being in control of an enterprise’s risk management and regulatory compliance is essential to the survival of banks or financial services firms


Being a content independent platform, BWise can accept information from any relevant regulatory content provider. Further, the company aids organizations gain better transparency on compliance and regulatory requirements and issues, enact informed risk steering with a view on the balance between performance and risk, and ensure an extended perspective. The platform also supports risk based scoping and gap analysis to relate regulations to internal controls and monitor the progress of the control implementation using status tracking, robust reporting, and dashboard capabilities. Possessing a strong workflow engine, the platform delivers policy creation, maintenance, dissemination, and attestation and bestows check-in/check-out features and smart policy management portal, and flexible compliance assessments.

For instance, BM&F BOVESPA is a leading exchange company that offers a wide range services in terms of spot FX, equities, and fixed-income securities trading. The main challenge endured by BM&F BOVESPA was to create an efficient, integrated environment for both the risk and audit departments with a common risk language. Taking hold of the situation, the BWise enterprise GRC platform supported the client with its internal audit and risk management processes to manage strategic and operational risks, including the risk of non-compliance.

The BWise GRC Platform measured the customers’ risks in both corporate and business processes, and provided them the necessary controls to mitigate it. Through this, BM&F BOVESPA was able to closely monitor risks, and identify control gaps and ineffective controls.

Streamlining Operational Risk Management Process

Today, financial institutions have to meet region specific, stringent regulatory requirements requiring an Operational Risk Management (ORM) system to integrate risk management practices with people, processes, and systems. BWise’s Operational Risk Management (BWise ORM) takes care of all the aspects of integrated risk management—from initial risk identification, assessment, and evaluation to risk mitigation and monitoring, tracking, and managing incidents. BWise ORM embeds ORM framework throughout the organization, enabling them to control the financial and reputational risks, and check bank-wide key risks along with potential reputational impact. This ultimately improves operational efficiencies, lowers risk profiles and incident costs, and enhances overall performance.

Managing Information Security with BWise InfoSec

BWise is disrupting the Information Security technology market with its BWise Information Security (BWise InfoSec) that helps organizations implement, maintain, and continually improve their Information Security Management Systems (ISMS). The solution assists enterprises meet relevant information security regulations, industry standards, and contractual obligations. Through this, organizations can manage the constant stream of changes in their IT environment more easily. The easy to implement and integrate platform provides a comprehensive overview of policies and requirements and real-time information on assets, threats, and vulnerabilities. “BWise is the cornerstone of our GRC portfolio,” states Adena. “By integrating information security within the BWise GRC platform, we can take a targeted approach to risk assessment, enabling Chief Information Security Officers to focus on the most pressing IT risks and cyber threats.” This new solution is among the first outcomes of BWise’s increased investment in R&D in 2015. BWise InfoSec can be integrated with vulnerability scanners, security incidents, event monitoring tools, baseline analyzers, and IT incident ticketing tools.

With a strong heritage in business process management assessment and analyzing risks, BWise aims to assist its clients improve documentation of internal control work.

Keeping the future in mind, the firm plans to continue investing in R&D and conduct user review sessions throughout its product development process to deliver best-of-the-breed solutions. With clients like Electrolux, Portucel Soporcel Group, and more, the company intends to deliver solutions that would improve reliable reporting and communications with external audit and the audit committee. Moving forward, BWise will continue to deliver better transparency as well as provide clients with greater oversight of company-wide risk mitigation and compliance action plans in one integrated system.

- Urmi Sengupta
    November 24, 2015