MetricStream is building GRC for high performers

Chief Risk Officers (CROs) today are no longer asking the “why” of Governance, Risk, and Compliance (GRC). They are convinced it’s a must-have within their organisations. The question today has evolved to “how” and “what next”. CROs are looking for the best-of-breed GRC solutions that enable them to sleep well at night. GRC guarantees peace of mind and that is why it’s indispensable to your business.

MetricStream, a leading GRC company for modern and digital enterprises, enables organisations to strengthen risk management, regulatory compliance, vendor governance, and quality management while driving business performance. In the recently-concluded 4th edition of its annual GRC Summit in Europe (November 6 – 7) 2017, the event brought together leaders and domain experts in GRC to debate and explore strategies and solutions in order to meet the demands of a constantly changing and dynamic business environment.

This year’s summit themed around “GRC for High Performers” covered in-depth analysis of current trends around regulations and challenges in risk, compliance, audit, IT, and cybersecurity. It featured several GRC use cases and best practices from mid-sized and large enterprise from across Europe and conducted workshops that deep dived into readiness and preparation for GDPR (General Data Protection Regulation) and Brexit. The summit featured over 60 expert speakers, 50 insightful sessions and over 400 minutes of networking with the 250+ attendees and technology partners at the event.


In a thought-provoking panel discussion, the panellists discussed and debated some of the fundamental issues surrounding Brexit (which refers to Britain’s exit from the European Union (EU)). Brexit is a pressing issue given the financial and political uncertainties that Britain could be facing in the medium to long term. Currently, negotiations are on as to how much the UK owes the EU, the fate of Northern Ireland border and the UK citizens living elsewhere in the EU and EU citizens living in the UK. While the UK wants to talk about future trade relations including plans for a two-year “transition period”, the EU has maintained they will not talk about the future until enough progress has been made on the other issues.

Keynote speaker at the Summit, Lord Alistair Darling, former MP and former Chancellor of the Exchequer says that a hard exit is not in the interests of either sides. “It’s really difficult to plan this because no one had intended to do this before…we should wait and see but it’s already November 2017 and there’s no agreement of anything at all…”

“Brexit reminds me of an unknown unknown,” says William Bain, Policy Advisor (Europe and International), British Retail Consortium suggesting that businesses don’t know what they are transitioning to. “That’s very different from what we experienced when UK joined the EEC (European Economic Community) in 1973.” To sail through Brexit, Bain says it is imperative for both sides of the deal to show strong leadership, prepare for a best-case scenario as well as the worst-case scenario (including delays in customs, cash flow, etc).

Steve Fowler, Managing Director, Amarreurs Consulting, talked about how a depreciating pound and labour shortage especially in areas of medicine and engineering could emerge as serious causes of concern. He clarified that the labour shortage might not actually be a direct consequence of Brexit but something which was so far camouflaged by the ability to import labour. He asserted that when it comes to addressing some of the world challenges – such as cybercrime, climate change etc – it’s always better to do these together.

The panel discussed the implications Brexit could have on Europe’s GDPR which will come into effect in May 2018. The panellists also touched upon the fact that while most organisations currently have dedicated teams for GDPR, they don’t seem to have anyone to handle issues directly arising out of Brexit. The panel also agreed that Brexit ignored that the world is fundamentally connected – with technology, social media, digital, cryptocurrency – and this is really the first action which is a reversal of globalisation.


Furthering its mission to build GRC for high performers, in April 2017, MetricStream announced the release of its M7 platform and apps for risk, compliance, audit, IT security, third party management, and other GRC professionals. MetricStream refers to M7 as the “4th generation GRC technology” designed to help companies “preserve their corporate integrity, protect their brand, and drive high business performance through GRC that is simple, pervasive, and delivered in the cloud.” M7 focuses on “enabling high performers through an engaging user experience, high degree of configurability, enhanced mobility and layering, sophisticated reporting and analytics, and a future-ready architecture.”

Commenting on the launch of the M7 platform, Shellye Archambeau, CEO, MetricStream, said, “M7 enables high performing organizations by making GRC simple, intuitive, and more deeply embedded across the enterprise and extended ecosystem. M7 gives our customers real-time intelligence that they need to anticipate risk, and balance opportunities effectively.”


In November this year, the company announced the completion of a $65 million financing round led by Clearlake Capital, a leading private investment firm based in Santa Monica, California, with participation from EDBI, a Singapore-based global fund, and contributions from existing investors including Goldman Sachs, Sageview Capital and others. As part of the transaction, Prashant Mehrotra, Partner at Clearlake Capital joined MetricStream’s board of directors.

MetricStream is using the funds to accelerate its global growth, enhance its customer support and success, expand further into Asia through Singapore, drive innovation in the industry, and increase GRC application adoption with its latest product, M7.

MetricStream already has a strong presence in India with over 1,000 employees in Bengaluru. In India, the company has forged partnerships with many leading IT service providers such as Infosys, Wipro, Mindtree, and Tech Mahindra. In 2016, Tech Mahindra established a dedicated MetricStream GRC Centre of Excellence (CoE) in Bengaluru, supported by expert consulting services worldwide across various geographical markets. The combined GRC offerings target verticals such as BFSI, Retail, Manufacturing, Healthcare, Telecom and Infrastructure.

Clearly, MetricStream is on a serious mission to build and grow the GRC ecosystem in India and globally. Its laser-sharp focus on the domain coupled with its ability to bring together some of the best GRC talent in the industry under one roof makes MetricStream the undisputed leader in this space.


As GRC is evolving beyond the four walls of the organisation to become simpler, more pervasive and much more intelligent, MetricStream Executive Chairman, Gunjan Sinha has shared a list of predictions for the GRC industry which are enumerated below:

The cloud is the future

The cloud will continue to change the economics of software across the board, including GRC. MetricStream has spent the last few years developing the next-generation of GRC cloud infrastructure based on the latest technologies such as VMware and Docker, as well as Amazon’s AWS and the Google Cloud. The GRC cloud will go beyond a traditional multi-tenant architecture in which data is co-mingled, and instead adopt a multi-instance approach. That means that customers will be able to fire up various GRC app instances in near real time. Already, 80% of our customers are deploying their GRC apps on the cloud, and more companies are likely to follow suit.

Customers: The ultimate regulators

With the increasing adoption of social media and hyper-connectivity, the voice of the customer will grow louder than ever. Consumers will hold companies to standards higher than those of regulators. We saw it happen at United Airlines when a video of a passenger being mistreated went viral, hurting the company’s brand. We saw it when scores of customers deleted the Uber app because they disagreed with the company’s practices. That’s the power of the collective voice of the customers. And companies will have to pay attention. They will have to consider the risks associated with the voice of the customer, right at the centre of their GRC programs.

The power of ‘now’

In a world of Instagram, Facebook, and Snapchat, companies and businesses will increasingly demand instant value. They will want to see results today, not after multiple quarters, or long deployment cycles. Therefore, GRC professionals will need to find ways of meeting this need – be it through real-time reporting of risks, or through mobile audits that can be conducted anywhere, anytime. At MetricStream, we’ve built a mobile app called GRC Pulse, which can be downloaded in minutes from the Apple or Android app store and leveraged in compliance activities such as policy attestations or training videos. It’s an instant-download-instant-use kind of innovation, and that’s the direction that we need to continue heading in.

The promise of Artificial Intelligence (AI)

Who would have thought that someday, restaurants would make entire pizzas using AI, or that you could have personalized robotic chefs in your own kitchen thanks to Moley Robotics? It’s already happening! AI is changing the world as we know it, and it will also change how GRC is performed and delivered. Future generations of GRC software will have natively built AI algorithms that can perhaps discover risk automatically, or predict compliance behaviours and patterns based on machine learning. Many GRC tools are already incorporating capabilities such as predictive modelling, mind maps, and advanced visualization. But these are just baby steps. GRC teams and solution providers will need to work together, and collectively find ways of making AI a real asset in GRC.

Turning data into insight

Over the next ten years, we will see a massive explosion of data. It will create tremendous opportunities from a business perspective. But companies will also have to learn how to be able to harness data into their GRC programs, and find the needle in the haystack (i.e. areas of critical risk, compliance, or governance) that need to be addressed with priority. Data will need to be tamed, both in terms of volume and velocity, as well as security.

Previous article‘IBM is focussed on fostering the growth of startups in the country’
Next articleAssam aims to become a hub for startups and entrepreneurs
Ayushman Baruah
Ayushman Baruah is the founder & Editor-in-Chief of The Startup Observer. With 10+ years of rich experience in journalism spanning across newspaper, magazine, and news wire, Ayushman takes a conscious effort to stay away from the rat's race and the noise of breaking news. The Startup Observer is a noble initiative to serve the readers with ideas that go beyond news. In 2013, Ayushman won the prestigious 15th Annual PoleStar Award in jury's category for excellence in technology journalism. He loves writing, public speaking, observing, travelling, aquariums, and anything that makes him think. He believes in keeping his feet on the ground but eyes on the stars.