The concept of enterprise Governance, Risk and Compliance (GRC) – in which multiple aspects of GRC are integrated with each other across an organization – is now well established. When we last analyzed the market for enterprise GRC solutions, in 20151, we highlighted the growing importance of ‘connected’ GRC, and how end users and vendors have largely struggled with the concept. It’s easy to see why: the practicalities of integrating systems from different sources and time periods, often in different languages, make achieving true enterprise GRC a considerable task.
Broadly speaking, little has changed in the intervening years. Despite some industry-specific developments, financial institutions (FIs) still take a mostly siloed approach to GRC, with weak links between departments. However, there is currently potential for significant, widespread changes in future, driven by the current political environment, which could result in rapid changes to enterprise GRC.
The trend continues towards increasingly integrated GRC platforms. This will continue despite regulatory uncertainty and shifting definitions of what constitutes misconduct, largely driven by a set of supply side factors and costs:
- An increasing focus on cost of GRC and compliance specific technologies. Firms’ aggressive cost prioritization programs have placed a higher than usual emphasis on the cost of GRC and compliance technology.
- The need to keep customers front and center of all operations.
- Developments in sophisticated data-driven technologies. A whole new ecosystem of data analytics has developed, including: standard big data platforms such as Hadoop, AI on the cloud, and new analytical languages such as Python, R, and Lua.
- The emergence of AI and robotics as fundamental components of the workflow platforms and robotics (technological mechanisms to mimic humans).
This report gives an overview of the current state of the risk technology market for the main areas of enterprise GRC: operational and conduct risk, model risk governance, artificial Intelligence (AI) for GRC, third-party risk, IT risk management, internal audit management. Specifically, we will consider some of the trends in the areas where we believe progress toward the goal of true enterprise GRC is being made – notably conduct risk, model risk and the application of AI. We will also examine the technology vendors’ approaches in these areas.