New governance, risk and compliance (GRC) tools can significantly enhance your risk and compliance technology. Nikhil Asthana and Maria Phillips explain how we supported a client to transition from their old manual risk systems into a new centralised GRC platform.

Good governance is essential to fulfilling regulatory expectations, but it can be challenging when working across a complex global footprint. An automated governance, risk and compliance (GRC) tool will help firms meet all reporting requirements and maintain good practice.

New regulatory technology (regtech) needs to add genuine value, however. You need to evaluate the costs versus features and functionality, and consider the needs of the user. A tool that effectively manages automated workflows with embedded hierarchies, for example, is key to user acceptance of the platform. 

The challenge

A large financial services firm engaged us to help them replace their hybrid manual reporting process and understand how to start the transition to an automated GRC system. They required a new governance, risk and compliance platform that could provide them with a thorough overview of their range of risk and compliance functions. Previous systems had relied on a slower and less reliable manual process to aggregate and accumulate management information. But for governance to fit their scaling and service offerings, the business needed a centralised system.

They also wanted help to understand and embed the updated process. To this end, the client specifically requested an individual who had a deep understanding of the selected GRC platform, and the ability to help them visualise how a new system would integrate with their existing technologies within the risk and compliance function.

The solution

Building a governance solution

GRC platforms have been available to firms for decades but older versions are rarely set up correctly. We helped our client select a GRC system to provide a robust target operating model that would effectively monitor their data and information collection in the long term – ultimately helping them develop a more reliable GRC strategy. When assessing the appropriate GRC system, we looked at data and information lineage which we see as integral to the decision-making and selection process to help our client select and embed an appropriate GRC platform. 

Our Data, RegTech and Digital Advisory team helped the client to build a governance solution that was right for them, supporting them to realise efficiencies and evolve their internal, complex processes into a new frictionless and streamlined process. 

Employing and embedding regtech expertise

We provided GRC and other platform options with the features and functionality needed to centralise the client's risk and compliance data to streamline their reporting.

Our regulatory technology team and subject matter experts also helped de-escalate all issues that arose during the deployment and embedding of the chosen GRC platform. We coordinated responses and feedback on behalf of the relevant functions and became the single point of contact for compliance with the risk management GRC delivery team.

The diagram below outlines our approach to deploying and embedding the GRC platform. 

DS3780 GRC platform diagram   (Louis R Dein)-01.svg

Covering off that knowledge gap for our client and getting them familiar with the overall mechanics of the GRC platform empowered them to take over at the end of the project. This required upskilling and knowledge transfer to their relevant teams. We established strong relationships with a variety of stakeholders to help deploy the product seamlessly and effectively.

Knowing where to start is key

The primary challenge for our client was understanding where to start. This was where our knowledge of the regtech, and the SME knowledge around risk and compliance, meant came in. The team were able to design a start-to-finish project plan that incorporated the nuances of the business with the client’s strategic goal.

Once the set-up and deployment of the tech was complete, embedding the new process was key to its success. It's not uncommon for users to reset back to Excel and PowerPoint, which can disrupt the flow of information and leave businesses open to risk in terms of human error and misreporting. Bringing our client on the journey of migrating to a new way of doing their work was part of our regtech project delivery. It also allowed us to manage resistance and have someone in place to fill the knowledge gap, helping to make the platform accessible for their team.

The results

More informed decisions

The delivery of an GRC framework that is more accurate and precise enabled the business make more informed, data-focused choices in line with the company’s risk profile. Consistent metrics and reporting provided by an automated system also ensure that the chances of non-compliance are mitigated.

Greater problem solving

By embracing a new GRC platform, the client became more knowledgeable on its governance, risk and compliance, and able to engage with peers to make better decisions from the top down. Resolving the knowledge gap helped them manage their day-to-day challenges more effectively and provide insights into what was restraining them.

Having somebody to help also allowed them to voice their needs and wants for the company more effectively, and come up with greater solutions as a result.