Thomson Reuters and Celent have published a report on how companies are approaching the challenge of managing effective GRC programs. The authors interviewed close to 30 Tier 1 financial institutions globally to better understand the challenges facing risk and compliance executives, as well as the technology improvements that are needed to support an integrated GRC paradigm to
overcome these issues.
The report finds that leaders responsible for the various lines of defense must think of their areas as technology-enabled business ecosystems. They operate more like a central nervous system — one that governs the health of an organization through responsive two-way feedback and risk mitigation mechanisms. At the same time, they must be able to be managed and operated in a decentralized way by various stakeholders and end-users. Fortunately, the same processes that make for strong GRC controls also make good business sense and will increasingly differentiate winners from losers.
The risk and compliance executives that were interviewed expect to see real benefits from digital technologies. The current state of the art is focused on moving away from incumbent platforms towards an open, integrated GRC hub.
Such a next-gen platform would support real-time, rules-based monitoring of data and models and would enable an integrated, dynamic approach to managing risk and controls across functional areas and lines of defense. Starling is currently working with banks to realize this vision whereby behaviors and relational dynamics can be monitored in real-time to provide feedback on the effectiveness of risk management processes and controls. Further enhancements are available as Starling is able to make the connection between risk team dynamics and critical outcomes measurable.
The Report is Available: Achieving Integrated GRC in an Interconnected Digital Age