Skip to content
Thomson Reuters
Enterprise Risk

Risk technology: What’s driving new GRC investment?

Gareth Evans

18 Apr 2018

Risk technology: What’s driving new GRC investment? Photography: Bobby Yip
Photography: Bobby Yip

As enterprise risk technology evolves to meet a more diverse and exacting range of demands, what are the key drivers prompting banks and financial institutions to consider fresh governance, risk and compliance (GRC) investment?


  1. Banking sector research highlights some of the requirements for enterprise risk technology, and also, where firms are looking to make investment.
  2. The research paper reveals four areas of focus for GRC investment, including the preference for specialist solutions but within an overarching platform.
  3. The report will be used by Thomson Reuters to shape the direction of future GRC investment, including to meet demands for ever more flexible reporting.

The recent Thomson Reuters commissioned, independent Celent report offers clients, partners and ourselves a valuable reference point on the development of risk technology investment.

Connecting processes, information and ecosystems with Smart GRC architecture

Achieving Integrated GRC In An Interconnected Digital Age, which was independently produced by research firm Celent, highlighted some of the risk management trends that might otherwise have been overlooked.

From our viewpoint, we have already seen some of these common drivers emerge through our Connected Risk platform, which has addressed needs that previous generations of GRC technologies failed to meet.

4 drivers for GRC investment

The use cases we are asked to address on our governance and compliance software platform have become increasingly diverse.

For example, we have supported financial institutions (FIs) seeking better ways to meaningfully compare relative risk/reward intra division.

Watch: Thomson Reuters Connected Risk Platform

Other FIs want our technology to expedite and better automate complex regulatory reporting requirements, while other organizations are looking for solutions to better manage third party risk.

Most recently, we were selected by a large infrastructure client to provide a project risk solution.

In themselves, none of these are new needs and, in many cases, technology was in place to address them. But we’re starting to observe some common drivers as to why clients nonetheless were looking to make fresh investment:

  • Data volumes: Our clients’ in-house and regulatory data demands appear exponential. Previous generation technologies were failing.
  • Inflexibility: Five to ten years ago there was a shift from build to buy, but the solutions acquired were found to be too inflexible to meet the diverse needs of risk and compliance professionals, or to accommodate the organization’s unique reporting structures that are rarely static.
  • Specialism vs integrated reporting: Organizations are looking for that single, enterprise-wide perspective, but also need methodologies and technologies that, day-to-day, align with the specifics of each risk horizontal. So a combination of specialist solutions, and an overarching platform, feels preferable.
  • Cost management: A prevailing need to reduce the cost of compliance meant that a technology that allows more self-development and support will always be compelling.

Watch: An interview with Gareth Evans at the Risk and Compliance Summit 2018

Connected Risk – Learn how to connect internal and external information from disparate sources for a holistic view of the risks that matter to you

Current GRC strategies

So that is what we observed, albeit across early adopters. We now needed to more objectively test what the broader market was saying.

Hence the research exercise focused on three fundamental questions:

  1. Irrespective of technology, what are the main challenges facing risk and compliance officers today?
  2. In seeking to address these challenges, what limitations do they encounter with current GRC strategies, processes and supporting technologies?
  3. Assuming challenges remain, what capabilities are needed in new technologies to help close the gap?

We focused this research on the banking sector (with 25 banks, spanning all regions, being surveyed). This reflects where we see most demand for addressing problems with existing technology, although we consider most findings will no doubt resonate with heads of risk and compliance in most corporates, too.

Cubillas Ding, Research Director at Celent, presents the findings of the Achieving Integrated GRC In An Interconnected Digital Age report
Cubillas Ding, Research Director at Celent, presents the findings of the Achieving Integrated GRC In An Interconnected Digital Age report

GRC investment case

The report’s key findings were presented by Celent’s research director Cubillas Ding at the March 2018 Risk and Compliance Summit in London. You can watch a recording via our first ever virtual summit.

So what does it mean for us, Thomson Reuters, as we continue to invest in enterprise risk technologies?

  1. It provides us with further assurance that the new trends we observed, and that shape our proposition, are more than just a fad.
  2. It galvanises our need to accelerate some of our current development areas that align to immediate sector needs. For example, the demand for ever more flexible reporting and visualisation capabilities and an API that provides more manageable and unlimited connection capabilities between effective but isolated risk technologies.
  3. It also provides some direction as to our future investment. For example, we’re proud of the capabilities we offer allowing solution self-development but, client feedback and survey findings show that further investment in these capabilities will be beneficial.
How Connected Risk can help you
How Connected Risk can help you

We are very grateful to those who took part in the exercise and hope all those who read the final report find it to be informative and compelling. Future blogs will provide more in-depth analysis of the findings and how this shapes what we do.

Read: Achieving Integrated GRC In An Interconnected Digital Age

Thomson Reuters Connected Risk

A new approach to compliance management Connected Risk named Risk Management System of the Year Third party risk: Are you scoring an own goal? Will AnaCredit be another compliance epic? Why third-party risk shouldn’t mean sleepless nights Risk technology: How to fix common frustrations with risk An agile approach to managing operational risk From MiFID II to GDPR: RegTech summit lights the way How to achieve a connected view of risk Fintech, regtech and the role of compliance: what’s your view?