December 14, 2018 | Written by: David Marmer
Categorized: Banking | FinTech | IBM RegTech Innovations
Share this post:
This past year brought governance, risk and compliance (GRC) to the center stage. Organizations in financial services and other sectors witnessed an increase in “airtime” given to risk and compliance issues at the board level. Stories of improper conduct, and new regulations on data protection and privacy such as GDPR, continued to dominate the business headlines, moving from water-cooler conversation to “what about us?” The resulting impact has run deep in the form of escalating fines, reorganizations, reviewing of business objectives, and managing tarnished corporate reputations. As a result, three themes emerged this year: the meaning of GRC is evolving, organizations are viewing non-financial risk not as a function but as everyone’s responsibility, and the connection between compliance and risk must be stronger.
GRC coming of age in 2018
- Defining GRC
In our close engagement with clients and industry leaders, the IBM GRC team has seen the continuing evolution of the definition of GRC, which many analysts have noted for some time. We have observed that organizations, marred by surprises despite having risk programs in place, have recognized the need for a more comprehensive and connected approach to identify, classify, and manage their risk. The new GRC needs to be more inclusive across all lines of defense.
- Risk is everyone’s job
In working with our clients, soliciting and implementing their feedback, the IBM GRC team has seen key industry stakeholders coming to the realization that risk management is not simply a business function. Rather, effectively managing risk comes with a recognition that it is both essential and the responsibility of everyone across the organization. Risk cannot be seen as someone else’s job. It must be understood as being embedded as part of the organization’s overall system. Organizational decision making should be made, in part, through a risk lens by the people accountable and closest to the decision. While this concept may appear obvious and simple on the surface, to date many organizations have yet to develop their risk systems as integrated to the first line of defense at a greater scale. Similarly, these organizations have not developed cultures in which risk and performance go hand in hand. What this has meant for our clients is that many are now reexamining and redefining their viewpoint on the meaning of effective GRC. Those who were once believed to be casual users have been transformed to those who must be actively engaged on the front line of risk threats. Data volumes are increasing, and as more information is captured into risk systems, the value increases for the first line, creating institutional memory in their line of business.
- Connecting compliance and risk
A growing recognition of the need for a stronger link between Compliance and Risk has been a dominant theme in our discussion with clients. Explicitly they have expressed the need for an end-to-end framework that removes the manual administration of monitoring external regulation changes, determining the applicability of those changes to the organization, understanding the impact of the applicable changes and developing a plan to assess and remediate the risk of implementing those changes.
- The takeaway
Organizations have shared that they are rethinking their overall GRC model looking for efficiencies in the systems to drive productivity, increase agility and drive out costs of running their applications. From our engagement with clients and prospects, we see three GRC objectives as paramount:
- Preserve trust & reputation with clients, employees, regulators, partners and the board
- Drive efficiency across risk & compliance processes
- Improve performance using a risk lens to enrich decision-making.
Innovating in the open
These insights have not only driven the investment strategy in our portfolio, but our clients have also been active participants as we reimagined OpenPages with Watson in a process we refer to as “innovating in the open” (IO). We are organized to incorporate client perspectives at all stages of the new offering process. Our GRC product team has executed design sessions, biweekly sprints and six week updates with a large cross-section of our clients to ensure the offering direction is both transformative and pragmatic in their evolution. These client interactions have been invaluable.
Our commitment to IO is reflected in the portfolio investment strategy, with the latest version of OpenPages with Watson v8 centering on four major themes:
- Risk-aware decisions
IBM OpenPages with Watson v8 offers a completely reimagined user experience with a specific focus on engaging the first line of defense (or infrequent user) with a low touch, zero training model. New dynamic dashboards, layouts, visualizations, colors, and task guidance accentuate the most critical information and required activity. The reception to this advancement has been overwhelmingly positive with clients rapidly adopting these new features and citing productivity improvements.
Figure 1: Dynamic User Interfaces
In addition to the new user interface, an additional integrated user experience element is being introduced, a powerful native workflow which allows business users to author risk and compliance specific workflows in minutes. These workflows take full advantage of the new UI and APIs to expose the appropriate data, guidance and activity choices to the first line of defense, keeping them focused on the task at hand.
Figure 2: Easy to define business workflows
We have continued to enhance our portfolio with advancements in such modules such as Watson Regulatory Compliance (WRC) with investments in software, content and advisory. For example, we have created options for even deeper levels of granularity (definitions, sub requirements, exceptions, conditions, etc.), additions of regulations and obligations to our content libraries, and improvements to our interface for greater efficiency.
Figure 3: Granular obligations for better efficiency
On top of the foundation of embedded workflow, reimagined user experience (UX) and analytics we are shifting risk activities from “what happened?” to “what’s coming?” through timely, relevant and predictive information. New dashboards and the inclusion of next-generation business intelligence provide insights across domains in ways far more accessible and contextual than ever before. Everything from spotting trends in issues, to recalibrating workloads for self-assessments are now at the fingertips of specialists, managers and executives in a personalized view.
Figure 4: Complete line of sight for better decision making
In 2019, our investment will continue into these four themes with some exciting developments in our labs and the continued direct input from our clients and partners. We are extremely excited by the transformations we are seeing and look forward to the success of our clients in the year ahead.