This report provides an independent evaluation and description of Aravo Solutions’ leading practices and competitive position. The analysis is based on information in the Chartis Report Enterprise GRC Solutions: Market Update 2017, and the RiskTech Quadrant® for third-party risk management solutions.
The report also includes brief coverage of:
- The main demand-side trends in this market, with an analysis of the key business and regulatory challenges.
- The supply-side dynamics, with a focus on the vendor landscape.
Enterprise Governance, Risk and Compliance (GRC) is now well established. The concept of ‘connected’ GRC is becoming more important, but end users and vendors are largely struggling with the concept; financial institutions in particular are still taking a mostly siloed approach to GRC, with weak links between departments. There is, however, potential for significant and widespread changes to enterprise GRC. The trend continues toward increasingly integrated GRC platforms, despite regulatory uncertainty and shifting definitions of what constitutes misconduct. This trend is driven largely by costs and supply-side factors, including:
- An increasing focus on the cost of GRC and compliance-specific technologies. Firms’ aggressive cost prioritization programs have placed a greater than usual emphasis on the cost of GRC and compliance technology.
- The need to keep customers front and center of all operations.
- Developments in sophisticated data-driven technologies. A whole new ecosystem of data analytics has developed, including standard Big Data platforms such as Hadoop, Artificial Intelligence (AI) in the cloud, and analytical languages such as Python, R and Lua.
- The emergence of AI and robotics (software that controls and automates rule-based processes, removing the need for human supervision) as fundamental components of workflow platforms.
A particular focus within Enterprise GRC is conduct risk; regulators are giving out larger fines and increasingly targeting individuals for misconduct. And tightening regulations mean that firms, in addition to managing misconduct within their own organizations, are increasingly required to deal with misconduct originating from their business and supply chain partners, as well as other sources of disruption, including data breaches and natural disasters. Doing this requires third-party risk management: firms must apply due diligence when selecting and evaluating their business partners, which relies heavily on access to data from internal and external sources. To protect themselves from third-party failures, firms must generate their own data, or get it from other sources. This focus on data gives vendors with strong data provision and management backgrounds a distinct advantage.