Predict360 Risk Intelligence and Management Platform

Predict360 enables functional managers and staff to optimize day-to-day risk and compliance responsibilities while providing executive stakeholders real-time visibility into the risk and compliance profile of all business lines, locations and assets. The artificial intelligence (AI)-powered platform vertically integrates risks and controls, KRIs, regulations and requirements, policies and procedures, audit and examinations, and training in a unified, cloud-based system. Predict360’s SaaS architecture and modern technologies deliver predictive analytics, data insights for predicting risk and streamlined compliance.

Predict360 automates many tasks and workflows while improving quality and value of risk and compliance activity execution. The highly configurable platform creates risk and regulatory relationships between organizational activities and provides visibility into where risks intersect, providing stakeholders a deeper, wider and holistic view of risk and compliance. The platform includes the following modules, features and functionality:

-Regulations and Obligations Repository

Predict360 provides a repository that can capture all an organizations obligations, including regulatory requirements, business requirements, standards and frameworks that the organization needs to comply with. This repository allows the organization to link all of their policy & procedure documents, risks and controls, training programs, audits and assessments to these obligations and regulations, effectively creating a “map” of all related risks, control and governance items with the organization. This functionality enables the organization to identify gaps where they might not be meeting their regulatory obligations, identify risks to the organization and to quickly understand and assess the impact of a change in a regulation or obligation.

·This module also includes proprietary artificial intelligence (AI) technology using natural language processing (NLP) technology to categorize a regulatory requirement to a particular subject area as well as to identify the second and third-party requirements of a requirement requirement based on the regulatory text (effectively the “who” and the “what” should be done).

Optional content plug-ins are available to provide the complete Code of Federal Requirements (CFR) final test for both federal and state level requirements pre-loaded into the system. And a regulatory intelligence feed of all news and notifications related to relevant regulatory topics, sources, justidictions, agencies and news sources is also available.

-Task Management for Risk and Compliance Issues

This module provides a complete task & activity management system. This includes pre-built and customized forms and workflows to capture relevant details/fields, assign owners and impacted users, manage due dates and notifications, enable collection of supporting documentation, link to other tasks/issues, create project plan/subtasks, provide audit trails of changes and status updates, and enables effective collaboration among users while providing complete real-time visibility to all activities across the risk and compliance group.

·Instead of using disparate systems like email, shared folder and multiple spreadsheets to track details, this module provide a single source of record repository for all this information while enabling an effective evidence locker and audit trail to meet regulatory requirements while providing complete visibility to the organization.

Each product or solution contains pre-built forms and workflows for common risk and compliance activities, such as compliance monitoring & testing (QA/QC), complaints, regulatory changes, document update requests, training requests, internal audits, external audits, regulatory examinations, findings, cases & investigations, self-assessments, risk assessments/RCSA, IS/Cyber security assessments such as NIST and FFEIC CAT, control tests, loss events, risk incidents and many other common risk and compliance scenarios.

The benefits of this module is that all risk and compliance issues and tasks are captured in one system for complete visibility across the organization, a common user-interface reduces training efforts while ensuring consistency, and a complete evidence audit trail is available for regulatory examiners, auditors executive management to prove compliance and activities performed.

-Risk and Control Repository

Predict360 provides a repository that can capture all of an organization’s risk and controls, including all risks across across the enterprise as well as risks for each individual business units and product line risks (both enterprise-level risks as well as for localized operational risk).

Details on each risk that can be captured include the inherent & residual risk levels along with risk owner, impact details of the risk, management comments, associated regulations or obligations related to the risk, links to controls to manage those risks, and links to any activities or tasks designed to manage or mitigate those risks.

For controls, details on each control such as which risks they are linked to, the effectiveness of how well the controls are working, links to related documentation such as policies or proedures, and links to associated activities such as control tests, design effectiveness tests, control improvement plans and control incidents can also be captured.

-Document Management System (DMS)

Predict360 includes a document management system that provides versioning, access control and workflow capabilities. Documents can be linked to associated regulations or obligations, expiration dates can be managed and document owners can be identified. Policies, procedures, checklists, templates, audit reports and types of risk and compliance documents can be stored in this module by the other solutions in Predict360 to provide a single document repository. These documents can also be linked to any risk or compliance activity or task as well, and all types of documents including PDF, Word, Excel and JPG file formats can be stored.

The Policy & Procedure Document Management product solution provides approval workflow for policies and procedures, as well as an acknowledge workflow to distribute updated policies or procedures to all effected employees and to electronically capture their acknowledgement of receiving these new documents for evidence of compliance.

Store, track and manage risk and compliance documentation in common business formats – PDF, Word, Excel, JPG, etc. Link documents to activities, actions, assessments, and more. Includes version control.

-Learning Management System (LMS)

Predict360 includes a built-in learning management system (LMS) based on the industry-leading Moodle LMS system.

Predict360’s Training Management product can deliver training to end-users via this LMS and enables customers to create training classes using Adobe’s Capitivate. Training records are captured and the system provides a repository for training content/courses. In addition, each employee’s training records and requirements can be tracked in solution to ensure they have the proper and current qualifications (compency) to ensure compliance with their job requirements.

Available training courses include content plug-ins from 360factors (over 50 frontline personnel course for banking professionals or credit union professionals are available) as well as linking to training delivered by other partners such as ABA. Training classes can also be created by your organization and delivered via this LMS system.

-Assessment & Questionnaire Functionality

This feature enables organizations to manage their various questionnaires, checklists and templates that are used for functions such as risk assessments, internal control questionnaires, pre-audit questionnaires & checklists, controls, control tests, surveys, inspections and more.

User-configurable and flexible data-gathering forms and aggregation response mechanism enables organizations to set up any questionnaire imaginable to collect responses from single or multiple parties, analyze the responses and then take action based on the results.

Dynamic logic execution enables managers to trigger corrective actions, investigations, compliance tasks, audits, training, document changes or business risks based on the results of these assessments. Flexible reporting and analytics enable enhanced visibility and smarter and faster decision making. Questions can be mapped directly to the regulatory and standards requirements as well as the business objectives that drive them, which allows unprecedented coverage, extensive reporting and a comprehensive response to changes in those requirements.

-Business Intelligence (BI) Reports and Dashboards

Predict360’s Business Intelligence (BI) engine provides advanced reporting, dashboard and analytic capabilities with striking visual components along with self-service reporting that is simple enough for casual users, yet very powerful for more sophisticated users and complex analytical tasks.

This built-in Business Intelligence engine provides managers, executives and board members with unparalleled insight into the state of their business’ enterprise & operational risks as well as compliance to regulatory requirements along with the data and metrics to understand how those risks and compliance issues can be better managed. Providing a variety of KPIs/KRIs, reports and documents, compliance managers and risk officers can respond to executives, board members and regulatory examiners faster with less effort and more effectively. Whether you need a snapshot of action plans for a department down to an individual or historical trending of KRIs and assessments over time, this powerful engine delivers the business intelligence and predictive analytics necessary to proactively address risk and compliance within your organization.

-Content Distribution System

Predict360 includes a unique content distribution system that allows 360factors or any of our consulting partners to push down pre-loaded content such as risk control libraries/taxonomies, assessments and checklists, regulatory knowledge bases, document templates (such as policies & procedure templates) and other types of content to provide best-practice content and processes for managing risk and compliance. This content can then be modified and updated by the customer to fit their business needs and requirements.

In addition, as updates to this content is made by 360factors or one of our consulting partners, those updates can automatically flow down to the customer’s instance where appropriate. This enables organizations to receive updates to new risks, controls, regulatory changes, checklists & assessments and more.

This feature effectively provide organizations with a “quickstart” to getting their risk and compliance system up and implementing best practices based on content from industry-leading partners and/or 360factors as well as remaining up-to-date and current on risks and regulations.

Predict360’s Risk Management products enable organizations to identify, quantify, monitor, and minimize/mitigate risks.These products allows businesses to manage the business, credit, interest rate, liquidity, operational, strategic, compliance, reputation, and cyber risks at the business unit level and as enterprise-wide risks.

Risk Management and Assessments (RCSA)

Predict360’s Risk Management and Assessment product enables organizations to manage risks using proven enterprise risk management techniques such as Risk Control Self-Assessments (RCSA) to capture inherent and residual risk ratings and controls as well as additional details including risk owners, risk type, management comments, monetary impact and more. Individual risks can also be linked with their associated regulations and/or business obligation as well.

·An industry-standard or company-standard risk library can be set up in the system to provide guidance to each business unit or product line owner when completing a risk assessment to ensure they identify all potential risks that can their impact business or product while ensuring a common risk taxonomy across the entire organization.

·Inherent and residual risk ratings can either be captured as user-specified impact and likelihood values, or the system can prompt the end-user through a company-defined set of questions/criteria to ensure a consistent risk rating is calculated across the organization.

·Control Information can be captured in a summary control text field or as individual control items with attributes including efficacy, % implemented and weight to calculate the effectiveness a control has on managing a particular risk.Functionality linking multiple controls to a single risk and/or a single control linked to multiple risks is supported.

oUsing the efficacy, implemented % and weight, a current risk rating is calculated and updated in real-time to identify controls that are operating outside tolerance levels. Those values can be updated any time that an incident occurs or control tests fail to instantly flag emerging risks to the enterprise.

Periodic risk assessments can be scheduled on a re-occuring basis and automatically assigned to individual risk owners within each business unit and/or product line.Upon completion of these risk assessments, the system automatically rolls up the individual risk assessments to provide an enterprise view of the organization’s enterprise risk profile.

And each risk item and/or assessments can have an action items created to perform any type of remediation or improvement plan to manage the risk or improve the controls.

·Using the optional Issues and Incident Management product allows individual issues and/or incidents that occur within the organization to captured in a consistent fashion and linked with their associated risks, providing valuable information to the risk owners when the update their risks assessments.

·Additional content plug-ins can be purchased to provide an industry-standard risk library/taxonomy and/or risk assessments.

Controls Management

Note:The Risk Management and Assessments product includes basic control details such as control name, efficacy, % implemented and weight impact on a particular control.The Controls Management product delivers additional functionality to the Risk Management and Assessment product, including:

The Controls Management product enables additional details to be captured for each control, including:

·Links to each control’s documentation

·Action items linked to each control such as control design effectiveness tasks and/or control tests

·Incidents that can be captured as they occur within the business and linked to the associated controls (beneficial during the next RCSA)

·Action plans to improve or implement new controls

In addition, support for implementing and managing control tests is provided.These control tests can be scheduled on automatically reoccurring bases to verify that controls are working properly, and this product manages all the assignments, notifications, evidence captures and reports.And, if a control test fails, the efficacy value of the controls linked to the control tests can be automatically updated and thus the system automatically flags enterprise risks that are operating outside of tolerance.

·Additional content plug-ins can be purchased to provide an industry-standard control library/taxonomy and/or recommended controls that can mitigate particular risks.

Issue and Incidents Management

Predict360’s Issues and Incidents Management product enables organizations to manage, track, collect evidence and collaborate on all risk-related tasks, activities and incidents in real-time.Issues types can include include regulatory examination and agency findings, internal and external audit findings, risk or compliance issues, risk remediation plans, control improvement plans and other risk-related issues.Issues can be linked to their associated risks, regulatory requirements or control documentation.

·A configurable workflow engine supports unique workflow processes for different types of issues, tasks and incidents with easy-to-use data collection forms and automated alerts.

·Automatic notifications and due dates can be distributed via email to related parties and owners.

·A calendar provides visibility to all risk issues being managed and their associated due dates.

·Dashboards and reports provides complete visibility in real-time to the status of all risk issues to risk owners, risks manager, senior executives and boards of directors.

Operational Risk and Loss Event Management (ORM)

Predict360’s Operational Risk Management (ORM) product enables organizations to capture process details and failure conditions for each business process, and to link those processes and failure conditions to their associated risks and controls.Loss Events that then occur in the business can be captured by business line users, and business process managers can then link those loss event incidents to the associated process and/or failure conditions.

·By analyzing the loss events, business process owners can make improvements to their business operations, while risk managers have improved clarity to risk issues and incidents, better visibility to how well controls are operating and a better understanding of the potential losses to the organization while managing enterprise risks.

Risk Insights with KRI Engine (Insight360^tm)

Insight360 provides real-time insights into predicting emerging risk and identifying risk that are not operating within your expected tolerance levels. Insight360 dramatically reduces the effort to create risk reports and actionable intelligence while enabling real-time visibility to your organization’s risks and risk management efforts by using Artificial Intelligence (AI) to augment internal and external risk data.

While Key Risk Indicator (KRI) metrics can help predict risks that are operating out of tolerance, risk managers often have difficulty obtaining this data from the business lines in a timely and efficient manner.Insight360 automates this process, dramatically reducing the effort required to collect this information and to provide this information to risk managers.

And while KRIs can often indicate problem areas, linking those KRIs to the associated risks and identifying the risks operating outside of tolerance in real-time is hard to accomplish.

·Insight360 solves this by linking the KRIs to their associated risks, and any change in a KRI can instantly flag that a risk level has increased for a particular risk that the KRI is linked to.

And even if an organization is already using internal KRIs, they often ignore external data, trends and news that can indicate emerging areas of risk within the industry until annual risk assessments or as part of a regulatory examination.

·Insight360 addreesses this by linking these external data trends with associated risks and the organization’s view of their current risk levels to identify discrepancies, enabling Insight360 to predict emerging risks before they become a problem!

For more information on Insight360, visit https://www.360factors.com/insight360/.

Note:Insight360 can be used as an integrated part of Predict360, or Insight360 can be used as a standard solution that integrates with your other existing GRC applications or spreadsheet-based risk assessments (RCSAs) and/or databases.

Internal Audit and Findings Management

Predict360’s Internal Audit Management product enables organizations to manage the workflow associated with conducting both internal audits as well as external audits conducted by third-parties.Thie product provides a single repository to:

·Capture all the details associated with an audit,

·Identify ownership and team members,

·Manage due dates and notifications,

·Provide checklists and templates,

·Capture all supporting document and workpapers,

·Track all activities,

·Manage all collaboration comments from team members, and

·Provide a complete audit history log of changes and completion dates for evidence.

Findings and recommended remediations are individually tracked and assigned to relevant business owners, who can then provide their action plan and expected completion dtes.

Any sub-tasks (action items) related to the audit or to associated findings can be linked to the audit record, thus providing a complete project management system to ensure that action items get assigned to relevant parties and completed by according to their due dates, while providing visibility and reports to managers, executives and board members.

Third-Party and Vendor Risk Management (VRM)

Predict360’s Third-Party Risk Management product helps organizations manage risk and minimize risk exposure from vendors, suppliers and consultants by ensuring their compliance with applicable laws, regulations and standards, and internal policies and requirements by driving operational excellence.

The software provides a centralized data repository that collects information and documents about third-parties using configurable checklists from onboarding to security assessments & due diligence to periodic supplier performance evaluations. Functionality includes:

·Automated workflow processes collect information from internal employees as well as external contacts (at the vendor or third-party),

·Drives the workflow for review and approval of this information,

·Enables categorization of the type and level of risk for each vendor or third-party, and

·Automates ongoing controls and assessments to periodically measure and manage their performance and compliance.

·Create, assign, track and manage any action item or task related to a particular vendor or a third-party.

With advanced reporting and dashboard capabilities providing visibility into the risk and status of every organization providing a product for, performing a service for, or performing work on behalf of your organization, you can effectively manage compliance and risk exposure.

-Artificial Intelligence:With its unique mapping abilities and patent-pending Artificial Intelligence with Natural Language Processing technology, Predict360 semi-automates the process of determining the impact a changing regulation may have on your organization by automatically alerting users of regulatory changes or updates, visually identifying those changes, determining what may be impacted by those changes, and providing unique visibility into where risks intersect.This feature is highly unique and unmatched in the industry.

-Small and Mid-Market Expertise:360factors has built and targets our solutions for small and mid-market banks, financial institutions, energy and other highly regulated industries.The small and mid-size segment requires easy to use and intuitive solutions, less implementation effort and quicker deployment timelines, and is very cost sensitive whereas both initial and ongoing price is a major factor in the decision process.

-Business Intelligence and Analytics:With a strong focus on reporting, dashboard and analytics supported by a built-in business intelligence engine, 360factors’ platform provides reporting for risk and complaince team members, managers, CRO/CCO/CISOs, executives and board of directors. Combining internal and external data with predictive analytics, 360factors solutions predict risks and streamline compliance to improve profitability, accelerate innovation and increase productivity.