LEADINGWITHGRC

CaseStudyofIntegratedGRCMarketAxess

GRCforHighPerformers

Agenda1.Introductions2.OrganizationOverview:Vision,KeyFactsandNeeds3.GRCFootprintacrossMarketAxess4.GRCFramework5.GRCProgramChallenges6.GRCProgramRoadmap&Rollout7.DecidingwhentoImplementGRCTool8.KeyBenefits9.KeyLearningsandBestPractices10.AudienceQuestionsandDiscussion

2

GRCforHighPerformers

Introductions

JosephMonks

Audit&ChiefRiskOfficerMarketAxess

- Prior:HeadofOperationalRiskCitibank,NorthAmerica.

- ManagingDirector,JapanChiefAuditoratCiti;ExecutiveDirectorandChiefAuditorJapanatMorganStanley.

- GlobalRisk,InternalAudit,BankingandSecurities,TechnologyControls,SOXandRegulations.

MandarSoman

Audit&RiskManagerMarketAxess

- Prior:ManagerofOperationalRiskDivisionatKPMG

- Experienceinadvisoryservicestoinvestmentmanagementandbankingclients

- Experienceinenterpriseriskmanagement,managementconsultingforbankingcapitalmarkets

ParulJain

Audit&RiskAssociateMarketAxess

- Prior:InformationAuditAnalyst

- Experienceininternalaudit&externalauditwithbankingclientsinIndia

- MastersinInformationSystems,CISA(Examcleared)

3

GRCforHighPerformers

MarketAxess- OverviewOverview:MarketAxessistheleaderinelectronictradingofglobalcreditproductsoperatingintheregionsofNorthAmerica,EuropeandAsia.Ouraward-winning,patentedelectronicplatformenablesfixedincomemarketparticipantstosourcecompetitiveandexecutablebidsoroffersinthebroadestrangeofcashcreditandcreditderivativesforover1,200globalinstitutionalinvestorsandbrokerdealers.MarketAxessbringsoveradecadeofunparalleledtrading,marketdataandtechnologyinnovation,shapingthefutureofthecreditmarkets. MarketAxessoperates“OpenTrading”onitselectronicbondtradingplatformwhichallowsinvestmentmanagers,broker-dealersatinvestmentbanksandothermarketparticipantstotradedirectlywithoneanotherelectronicallyonananonymousbasis.Oursuiteoftradingprotocols,whichincludesMarketLists,foranonymousall-to-allinquiries,andPrivateAxes,whereusersanonymouslymatchblockorders,providinggreaterdiscretionandcontrolwhentradinginlargersizes,areseamlesslyintegratedintoMarketAxess’well-establishedRFQplatform,resultinginsingle-screenaccessforallmarketliquidity.

Vision:Ourvisionistoshapethefutureofthecreditmarkets.Ourgoalistobecometheglobalelectroniccreditmarketplaceofchoice.

Mission:MarketAxesswasfoundedin2000withasimplemission:togiveinvestorsasingletradingplatformwitheasyaccesstomulti-dealercompetitivepricinginawiderangeofcreditproducts.Tenyearslater,wearetheleadingelectroniccredittradingplatformforcorporatebondsandCDS.InnovationisattheheartofwhatwedoatMarketAxess,andthebestisyettocome.

GRCforHighPerformers

GRCFootprintacrossMarketAxess

SOX/Audit

• InternalAudit• OperationalAudits• Financial&SOXAudits• ITComplianceAudits

ISM

• Routeforreview,updates,andapproval

• LinktoRisks,controls,Audit,pastissues,regulationsetc.

• LinkactionplanstoIssues• Robustreporting

VRM

• SupplierInformation,On-boarding

• SupplierRisks• SupplierPerformance

OperationalRiskManagement

• EnterpriseRisk• OperationsRisk• Risk-ControlAssessments• Heatmaps,KRI

Tableau

• AnalysisofGRCdata• RobustReporting• IntegratedGRCdataatone

place

IT-GRC(NotImplementedyet)

• Incident management• ITAuditManagement• Threat&Vulnerability

Management• ITRiskManagement

GRCforHighPerformers

GRCFrameworkandProgramComponents“genericpicture”- Tobe“rightsized”toMarketAxess

ComprehensiveRisk,ControlsandComplianceCoverage

Busine

ssStrategy

KeyBusinessRisk

StrategicRisk

Operations

Financial

Compliance

RiskandControlActivities

AssessRisk

ImproveEffectivenessofControls

MonitorControls O

peratio

nsand

BusinessU

nits

Man

agem

entA

ssuran

ceFun

ctions

Inde

pend

entA

ssuran

ceFun

ctions

Oversight

LineofDefense

GRCSolutionComponents

Accounting & Finance

Record to report

Human Resources

IT

Payroll

LegalDevelopment

Infrastructure

Internal Audit

Other Risk Functions

External Audit

Executive Management

Board

Audit Committee

Risk Committee

FirstLineofDefense

SecondLineofDefense

ThirdLineofDefense

Oversight

ContinuousControlMonitoringComplianceManagementRisk/AuditManagement

DashboardReportsKPI/KRI

GRCforHighPerformers

GRCProgramChallenges

People

•GettingExecutiveSponsorsinplaceforeachsolution.

•BuildingStrongStakeholderRelationships(Audit,Legal,Finance,ITSecurity).

•GovernanceModelfortheGRCprogram.

•Dedicateresourceformanagingtheplatformandadministrationforallthebusinessareas.

Process

•AgreementonRiskdefinitiontoallowstreamliningofGRCreportinginthefuture.

•Replacingmultiplesysteminuseofbusinessfunctions.

• CommittedSubjectmatterexpertstoviewtheendgoal.

Technology

•Buildingasustainableteamforamulti-yearinitiativetoimplementtheGRCtool.

•Gettingaccesstoexpertsattherighttimeintheprocess.

• SecurityControlsinplacetoin-housetheconfidentialdata.

• Customizationofchartsandgraphsforgreaterimpact.

GRCforHighPerformers

GRCProgramRoadmapandRolloutRoadmap:

• ImportanceofPreparing“Roadmap”fordeployment• FoundationalActivities:Libraries– EnterpriseRiskThemes• DependenciesbetweenInitiatives

ImplementationRolloutStrategyandTactics:• LifeAfterUAT:BuildEnthusiasmandApplicationUserAdoption• OrganizationChangeManagement• Communications• ContinuousImprovement

GRCforHighPerformers

FY15 FY16 FY17

PMO – GRC Program Governance, Management and Communications of Progress, Organizational Change

GRC Program Plan

GRC Initiatives: Workstreams

Infolet Integrations: Data feedsGRC Intelligence Content Feeds

PROGRAM

PROCESS

&

TECHNOLOGY

MetricStream Platform and GRC FoundationRisk and Control Framework, Risk Reporting, Analytics and Governance

GRC Organization Hierarchy. Asset Integration

InternalAudit

IT-GRC

ISM

SOX

VRM

GRCProgramRoadmapandRollout– MarketAxess

FastTrack

Tableau

Metrics

GRCforHighPerformers

DecidingwhentoImplement- CapabilityMaturityModelforGRCSoftware ToolImplementation

INITIAL OPTIMIZEDMANAGEDDEFINEDREPEATABLEDefinegoalswithsuccesscriteria;Initialstagecommunicationistypicallyhappeninglessfrequently.

StartingelementsforaGRCtool;communicationmayexistthroughspreadsheets/email.

Atthisstage,aGRCtoolmakessense,andiswelldefinedasbusinessprocessescontinuetomature.

Typically,thisorganizationisalreadyleveragingGRCtools.

Toolsareperformingatahighlevelofefficiency.

Beginning to adopt Likely adopted

GRCforHighPerformers

GRCJourney- KeyBenefitsq MAKEBETTERDECISIONS,LOWERRISKS:Manageitsmosturgentbusinessrisksacrossthesilosof

finance,legal,compliance,operationsandIT/Security

v KeyBenefit:ReduceRiskbygainingvisibilityandcontext

q IMPROVE PERFORMANCE AND GAIN EFFICIENCIES: Collaborate, through a federated governance model,with other major programs in place or being implementing – bringing all the key stakeholders togetherthrough a common risk and control framework

v Key Benefit: Gain efficiencies and lower costs by streamlining processes and leveraginga consistent risk and control framework, collaboration and overall methodology

q OPTIMIZEREPORTINGandGOVERNANCE:Reporttherightinformationtotherightpeople,attherighttime

v KeyBenefit:ClearunderstandingoftheinformationandanalyticsrequiredfortheBoard,Regulators,Leadership,ExternalandInternalstakeholders

GRCforHighPerformers

KeyLearningsandBestPractices

• TobuildoutasuccessfulGRCprogram,therightpeople,processes,andtechnologyneedtobealignedtogether.

• GetthebusinessinvolvedquicklytoidentifywheretheyneedtotakeresponsibilityandaccountabilitywithintheGRCprogram

• Trainingoftheenduserisimportanttobetterunderstandtheobjectiveoftheprogram

• Togainthebusinessvalueoftheprogramsooner,Implementinphasedapproach

• Enhancereportingcapabilitiesformanagement

• Streamlinetheworkflowprocesstosimplifythesolution

• Definenewrolestoallowbetterreportingandcontinuetoadjustnewreportingneeds

• Changesshouldbemadetoadoptchangingriskwithinthecompany

GRCforHighPerformers ©GRCSummit2017|AllRightsReserved

Q&A

ThankYou!

©GRCSummit2017|AllRightsReservedGRCforHighPerformers

Continuetheconversationonline#GRCSummit