Skip to content
Thomson Reuters

The Financial & Risk business of Thomson Reuters is now Refinitiv. Visit Refinitiv.com
All names and marks owned by Thomson Reuters, including "Thomson", "Reuters" and the Kinesis logo are used under license from Thomson Reuters and its affiliated companies.

Regulatory Change Management

GRC systems in a data-driven world

Editor @Refinitiv

12 Oct 2018

Photography: REUTERS/Nigel Treblin. GRC systems in a data-driven world
Photography: REUTERS/Nigel Treblin

Breaking the GRC Mold, our new three-part series on the challenges facing risk, compliance and audit professionals, examines why an integrated approach to GRC systems are critical in a data-driven world.


  1. An integrated Governance, Risk & Compliance (GRC) is more critical than ever in today’s business and regulatory climate.

  2. Old siloed technologies do not allow for cohesive GRC insight.

  3. Firms need to invest in technology that provides a holistic, enterprise-wide view of risk.


The recent debate about the value and feasibility of GRC models, and supporting solutions, has escalated. There are now many contributing factors, including growing pressure for firms to reduce costs, conflicting industry guidance and analyst reports, a hyper-focused regulatory landscape, and the need to manage risk in a more disruptive environment.

Furthermore, how organizations think about risk and compliance is changing; traditional functions are being challenged to avoid a silo mentality, and fueled yet by more regulations, front-line management must now take responsibility for compliance or face severe consequences.

As these lines of responsibility blur, information becomes far more important as companies increasingly look to pursue a holistic, data-centric philosophy. It is critical to know where data is stored, how it is processed, and how it links to other data sets.

Drawing connections between inter-related information from disparate sources often reveals new and interesting conclusions, but how is it possible to achieve an integrated approach to GRC?

How the explosion of data is revolutionizing GRC systems

Integrated approach to GRC

The importance of revealing critical risk hot spots is ultimately what drives risk, compliance, and assurance professionals to invest in technology.

The survey we commissioned, with research firm Celent, highlighted that risk and compliance executives, now more than ever, need greater and more timely information, and expect that a seismic change in technology capability is what is needed to achieve this. Right now they are hampered by inflexible technology that prevents them from gaining a critical, enterprise-wise view of risk.

That is why a new breed of technology is required to help firms manage their risks in today’s complex regulatory environment.

Watch this video to learn how we can help you achieve a more integrated GRC systems approach.

Connected GRC systems

Many compliance and risk managers have been investing in GRC technology for years, but no single GRC technology could truly cover all risks. Risk and compliance executives need to work with a vendor that provides them with a platform for capturing and aggregating risk data that already exists and providing automated risk management procedures where there are gaps.

Typical key issues and focus areas for 3LOD models. GRC systems in a data-driven world

The most effective platforms are those based on an open architecture and those that are able to seamlessly connect to and co-exist with other IT applications that provide data to facilitate risk, compliance, and audit exercises. Better still, they should leverage existing risk solutions that are fit-for-purpose. As GRC should be managed in an integrated manner, connectivity between the systems that house relevant data is key for obtaining an inclusive view of risk. This is significant not only for the security and the health of the firm, but also for complying with newer and stricter regulatory requirements around data.

Steps towards best practice in integrated GRC. GRC systems in a data-driven world

Meeting regulatory demands

Regulators want to see compliance information quicker than ever before, and to be provided with supporting data on request.

Demonstrating regulatory compliance is not always about providing a firm-wide perspective, instead the compliance professional is expected to provide information on specific legal entities, business units, geographies, and processes. The challenge of gathering data from multiple, disparate systems and sources inhibits this, but a platform approach encourages it.

As data continues to grow exponentially, it is clear that organizations need to choose a technology partner that gives compliance, risk, and audit professionals an enterprise-wide view of their data. One that pulls together data from all sources — including third party and non-standardized data — into a single, aggregated view of risk. This enables firms to reach more informed decisions, all delivered in a customizable, dashboard tailored to meet each individual client’s needs.

Find out how our next-generation GRC systems can give you an edge by visiting our Connected Risk website.

  • In part two, we look at the limitations of current technology and the impact on compliance and risk professionals. What are some common obstacles created by legacy technology, and how can modern, integrated GRC systems help risk managers overcome them.
Is KYC in your Brexit planning? Why consume Tick History via the cloud? Reviewing MiFID II and the Systematic Internaliser regime RFET: How do U.S. FX options perform? Corporate bonds and the Risk Factor Eligibility Test Compliance outsourcing: Why it’s key to regulatory strategy National Express wins commodity price risk award RTS 27 reporting and the issues to address Conduct risk in the spotlight after first fine under SMR A focus on corporate treasury regulation in 2018