Skip to content
Thomson Reuters
Risk Intelligence

Risk technology: What’s driving new GRC investment?

Gareth Evans

18 Apr 2018

As enterprise risk technology evolves to meet a more diverse and exacting range of demands, what are the key drivers prompting banks and financial institutions to consider fresh governance, risk and compliance (GRC) investment?


  1. Banking sector research highlights some of the requirements for enterprise risk technology, and also, where firms are looking to make investment.
  2. The research paper reveals four areas of focus for GRC investment, including the preference for specialist solutions but within an overarching platform.
  3. We will use the report to shape the direction of future GRC investment, including to meet demands for ever more flexible reporting.

The recent independent Celent report that we commissioned offers clients, partners and ourselves a valuable reference point on the development of risk technology investment.

Achieving Integrated GRC In An Interconnected Digital Age, which was independently produced by research firm Celent, highlighted some of the risk management trends that might otherwise have been overlooked.

From our viewpoint, we have already seen some of these common drivers emerge through our Connected Risk platform, which has addressed needs that previous generations of GRC technologies failed to meet.

4 drivers for GRC investment

The use cases we are asked to address on our governance and compliance software platform have become increasingly diverse.

For example, we have supported financial institutions (FIs) seeking better ways to meaningfully compare relative risk/reward intra division.

Other FIs want our technology to expedite and better automate complex regulatory reporting requirements, while other organizations are looking for solutions to better manage third party risk.

Most recently, we were selected by a large infrastructure client to provide a project risk solution.

In themselves, none of these are new needs and, in many cases, technology was in place to address them. But we’re starting to observe some common drivers as to why clients nonetheless were looking to make fresh investment:

  • Data volumes: Our clients’ in-house and regulatory data demands appear exponential. Previous generation technologies were failing.
  • Inflexibility: Five to ten years ago there was a shift from build to buy, but the solutions acquired were found to be too inflexible to meet the diverse needs of risk and compliance professionals, or to accommodate the organization’s unique reporting structures that are rarely static.
  • Specialism vs integrated reporting: Organizations are looking for that single, enterprise-wide perspective, but also need methodologies and technologies that, day-to-day, align with the specifics of each risk horizontal. So a combination of specialist solutions, and an overarching platform, feels preferable.
  • Cost management: A prevailing need to reduce the cost of compliance meant that a technology that allows more self-development and support will always be compelling.

Connected Risk – Learn how to connect internal and external information from disparate sources for a holistic view of the risks that matter to you

Current GRC strategies

So that is what we observed, albeit across early adopters. We now needed to more objectively test what the broader market was saying.

Hence the research exercise focused on three fundamental questions:

  1. Irrespective of technology, what are the main challenges facing risk and compliance officers today?
  2. In seeking to address these challenges, what limitations do they encounter with current GRC strategies, processes and supporting technologies?
  3. Assuming challenges remain, what capabilities are needed in new technologies to help close the gap?

We focused this research on the banking sector (with 25 banks, spanning all regions, being surveyed). This reflects where we see most demand for addressing problems with existing technology, although we consider most findings will no doubt resonate with heads of risk and compliance in most corporates, too.

Cubillas Ding, Research Director at Celent, presents the findings of the Achieving Integrated GRC In An Interconnected Digital Age report
Cubillas Ding, Research Director at Celent, presents the findings of the Achieving Integrated GRC In An Interconnected Digital Age report

GRC investment case

The report’s key findings were presented by Celent’s research director Cubillas Ding at the March 2018 Risk and Compliance Summit in London. You can watch a recording via our first ever virtual summit.

So what does it mean for us, as we continue to invest in enterprise risk technologies?

  1. It provides us with further assurance that the new trends we observed, and that shape our proposition, are more than just a fad.
  2. It galvanises our need to accelerate some of our current development areas that align to immediate sector needs. For example, the demand for ever more flexible reporting and visualisation capabilities and an API that provides more manageable and unlimited connection capabilities between effective but isolated risk technologies.
  3. It also provides some direction as to our future investment. For example, we’re proud of the capabilities we offer allowing solution self-development but, client feedback and survey findings show that further investment in these capabilities will be beneficial.

We are very grateful to those who took part in the exercise and hope all those who read the final report find it to be informative and compelling. Future blogs will provide more in-depth analysis of the findings and how this shapes what we do.

Read: Achieving Integrated GRC In An Interconnected Digital Age

Connected Risk — Connect internal and external information from disparate sources for a holistic view of the risks that matter to you

A compliance and risk summit with innovation at its heart The inside story of our Salesforce digital partnership Culture and Conduct Risk Survey: How do you compare? Meet the U.S. top 50 social influencers in risk, compliance and RegTech How sanctions screening can mitigate treasury risk Risk technology: How to fix common frustrations with risk Fintech and RegTech win over compliance skeptics Wealth management: Meeting high client expectations Third party risk requirements for financial institutions Can AI help compliance teams work smarter?