Next-generation governance, risk and compliance

Financial Services Specialist, IBM

Business decision makers are confronted by global economic and regulatory volatility on a scale not seen in generations. Accelerated by disruptive innovation in cloud technologies and social media, governance, risk and compliance (GRC) challenges and solutions are evolving at unprecedented rates, carrying transformative consequences for the global marketplace.

Emerging governance, risk and compliance challenges

Emerging GRC challenges are developing at the intersection of two interrelated spheres of risk:

  • Regulatory risks
    The accelerating rate of regulatory change is becoming an ever more critical issue for businesses in many sectors. As a prominent GRC practitioner observes, “regulatory change is overwhelming organizations across industries . . . . Regulatory compliance and reporting is a moving target as organizations are bombarded with thousands of new regulations and changes to existing regulations each year.”
    This is a significant concern for business, for the costs of regulatory noncompliance are significant—and they are not diminishing. For example, total noncompliance fines and damages imposed on 10 leading global banks by their supervisors are estimated at an incredible $226 billion since 2009.

  • Business operational risks
    Existing operational risk challenges are intensified by GRC threats—both initiated and accelerated by disruptive technological innovation. As Figure 1 indicates, such operational risk threats have caused billions of dollars of losses for a range of businesses.

Escalating costs of governance, risk and compliance loss events in the marketplace

Next-generation governance, risk and compliance solutions

Risk professionals are creating innovative solution designs and technologies to meet emerging GRC challenges. Some defining features of these next-generation solutions follow:

  • Platform design
    Next-generation GRC solutions are being designed as platforms to enable businesses to meet emerging GRC challenges not only in isolated silos, but also—which is a critically important design feature—in metastasizing forms across the organization. As one GRC practitioner observes, a traditional siloed approach to risk is doomed to failure:

Each of these vortexes of change is hard to monitor and manage individually, let alone how they impact each other. Change in economic or market risks bear down on the organization as it impacts regulator oversight and requirements. Internal processes, people, and technology are impacted as well. As internal processes, systems, and employees change, this impacts regulatory compliance and risk posture.

  • Data management and application programming interface integration
    Considering how commonplace big data—both external and internal—is in the marketplace, business users demand technology that can aggregate and analyze immense volumes of data. Accordingly, a key value proposition of next-generation GRC lies in enabling businesses to integrate and analyze data from both organizational and external sources, regardless of format. Such a capability allows businesses to make use of both internal and external market data from a variety of sources, translating existing GRC investments into transformative business value.

  • Predictive analytics
    Next-generation GRC solutions should not only meet today’s operational challenges, but also strategically empower decision makers to meet coming risk and regulatory challenges. Doing so requires a significant leap from traditional GRC capabilities, for a next-generation GRC solution must not stop at integrating predictive capabilities but must also be powerful enough to model future trends from large data sets.
  • processing capabilities
    The GRC challenges that face business decision makers are rapidly increasing in both number and complexity. For example, even within a single jurisdiction such as the US, banks face ever higher costs in complying with the dictates of the Federal Reserve, the Office of the Comptroller of the Currency, the Securities and Exchange Commission, the Commodity Futures Trading Commission, the Federal Deposit Insurance Corporation, the Financial Stability Oversight Council, the Bureau of Consumer Financial Protection, the Office of Foreign Assets Control and the Financial Industry Regulatory Authority—among still other regulatory entities. Considering the sheer number of different regulations that can affect global businesses, GRC solutions require unprecedented levels of sophistication—and computing power—to effectively meet regulatory and risk challenges.

Today, one company provides businesses with a next-generation GRC solution that offers the capability to meet such requirements. Building on the unified IBM OpenPages GRC Platform, IBM is integrating OpenPages risk analytics with the advanced cognitive computing power of IBM Watson—in partnership with Deloitte—to create a next-generation regulatory risk solution.

Learn more about how the IBM OpenPages GRC Platform is driving innovation in the industry thanks to next-generation GRC technologies.