Operational Risk (OpRisk) and GRC have emerged as top priorities for financial institutions (FIs) in recent years. This is partly due to an increasing emphasis by supervisory authorities who are pressing for increasingly stringent regulations and more punitive measures for non compliance. It is also due to the clear evidence of the harm that non compliance can do to a company’s reputation.
These coupled with the backdrop of the financial global crisis have helped to push both OpRisk and GRC to the forefront of FIs’ thinking. The crisis has also helped to highlight the interrelationship between OpRisk, GRC and enterprise risk management (ERM) and the need for FIs to tackle them in an integrated way. Having a single, centralized system that feeds into different risk systems and addresses the silos of risk management provides a clearer picture of the risks that firms face and the controls they need to put in place.
Chartis’ research suggests that many firms have already implemented elements of GRC and that others are in the process of implementation. Other trends include an increasing emphasis on the personalization of OpRisk and GRC systems, a greater focus on the potential cost benefits rather than just the requirement to comply with the regulations and increased demand for real-time technologies.
That convergence between the risk disciplines has also been emulated by the risk technology vendors, who have lost no time in tailoring their product offerings accordingly. They have focused on improving the flexibility and user configurability of the products and the integration of components such as loss data, risk control self assessment (RCSA), key risk indicators (KRIs) and scenario analysis.
However, since most of the standard functionalities of OpRisk and GRC, such as RCSA and loss-data collection, have been commoditized, the real differentiator between vendors is the quality of post-sales execution or a step change innovation. The ability to deliver continuous monitoring or to integrate an Enterprise Architecture solution enabling improved GRC will set certain vendors apart from their competitors.
This report updates Chartis’ 2010 report on Operational Risk & GRC software solutions and includes sections on OpRisk and GRC trends and the regulatory agenda behind the two risk disciplines, updated market forecasts, the success factors critical for vendors operating in this sector and the competitive landscape. Leading vendors covered in this report are Archer (EMC-RSA), Active Risk, Algorithmics, ARC Logics/Wolters Kluwer, BPS Resolver, BWise, Chase Cooper, Corprofit, Cura, Enablon, EVMTech, Mega, Methodware, MetricStream, IBM OpenPages, Optial, Oracle, Protiviti, SAP, SAS and Thomson Reuters.