RiskWatch
RiskWatch International · Founded 1993 · Sarasota, FL, USA
Financial-services enterprise risk platform: one global register from threat to treatment, with KRIs and 40+ examiner-recognised frameworks underneath.
Summary
RiskWatch is an enterprise risk management platform built around a Global Risk Register that rolls up operational, IT, cyber, vendor, and physical risk into one view, with business-unit-to-enterprise aggregation for the board. It runs a risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk breaches its threshold, a treatment workflow with owner assignment and tasks tracked to closure, and native threat and vulnerability libraries that feed risk scores; heat maps and executive dashboards turn the register into board- and examiner-ready reporting. Its differentiator is Risk-to-Compliance bi-directional mapping: audit and examination findings flow back into risk scores and the register feeds control-assessment scope, so risk and compliance are not two disconnected tools. Pre-mapped control libraries for 40+ frameworks (FFIEC CAT, NYDFS Part 500, GLBA Safeguards, SOX, PCI DSS v4, ISO 27001, NIST 800-53, NIST 800-171, GDPR, CMMC) sit underneath, cross-mapped so the same evidence file satisfies multiple examinations. Financial-services customers include US state-chartered banks, credit unions, insurance carriers, and bank holding companies; the product has been in the field since 1993. Pricing is quote-only, and the single-tenant deploy-as-tenant architecture means buyers retain full control of their data and can answer examiner data-locality questions without a vendor escalation.
Strengths
- Global Risk Register consolidates operational, IT, cyber, vendor, and physical risk into one register with business-unit-to-enterprise rollup for the board
- Risk assessment engine with a KRI (Key Risk Indicator) library and auto-escalation when a risk crosses its threshold, so breaches surface between examination cycles
- Risk treatment workflow with owner assignment, tasks, and recommendations tracked to closure, plus native threat and vulnerability libraries, heat maps, and board- and examiner-ready dashboards
- Risk-to-Compliance bi-directional mapping: examination and audit findings flow back into risk scores and the register feeds control-assessment scope across FFIEC CAT, NYDFS Part 500, GLBA Safeguards, SOX 404, PCI DSS v4, and FedRAMP / FISMA, so the same evidence file satisfies multiple examinations
- 33-year operating history with examiner-recognised assessment artefacts; auditor and examiner export packs are first-class output, not a custom report build
- Single-tenant deployment with customer-owned data residency, an advantage for state-chartered banks subject to data-locality rules
- Vendor risk management with BAA and SOC 2 tracking is a first-party module, which matters for NYDFS Part 500 third-party-service-provider obligations
- Physical security assessment runs in the same tenant as cyber and compliance risk, useful for branch-network banks and physical-cash-handling firms
Weaknesses
- No native quantitative financial-risk modelling for Basel market / credit / liquidity risk (we cover operational and IT risk; pair RiskWatch with OneSumX or an internal credit engine for IFRS 9 / FRTB)
- Public pricing is quote-only, so buyers need a scoping call before seeing a number; this listicle marks the category transparency problem with an opaque badge for RiskWatch
Mid-market regional banks, credit unions, community banks, and insurance carriers that want one global register for operational, IT, cyber, vendor, and physical risk, with KRI-driven escalation, treatment tracking, and board- and examiner-ready heat maps, plus cross-mapped FFIEC CAT, NYDFS Part 500, GLBA, SOX, and PCI compliance underneath and strong examiner export artefacts.
G-SIBs and tier-1 global banks running quantitative financial-risk models for Basel FRTB; OneSumX or a dedicated treasury / market-risk engine fits that brief better.
Key features
- Global Risk Register with business-unit-to-enterprise rollup across operational, IT, cyber, vendor, and physical risk
- Risk assessment engine with a KRI (Key Risk Indicator) library and threshold auto-escalation
- Risk treatment workflow with owner assignment, tasks, and recommendations
- Threat and vulnerability libraries plus heat maps, risk dashboards, and executive / board risk reporting
- Risk-to-Compliance bi-directional mapping (examination and audit findings update risk scores)
- Cross-mapped control libraries for FFIEC CAT, NYDFS Part 500, GLBA Safeguards, SOX 404, PCI DSS v4, ISO 27001:2022, NIST 800-53 r5, NIST 800-171 r3, GDPR, CMMC 2.0
- Examiner-export packs (PDF + Excel) for SEC, OCC, FRB, FDIC, NCUA reviews
- Evidence vault with versioning and audit-ready export
- Vendor risk management with BAA + SOC 2 tracking aligned to NYDFS Part 500 §500.11
- Policy management with approval and attestation workflows
- Single-tenant deployment for state-chartered-bank data-residency requirements
Integrations
25+ native. Notable: Microsoft Entra ID (SAML SSO), Okta, Microsoft 365 / SharePoint, Slack, Jira, Salesforce, Custom REST API.
Target size
100 to 25,000 employees · US · Canada · EU · UK · AU