“Yours was by far the best event I’ve been to this year.”
That’s what one attendee told us after Resolver’s Ascend GRC London 2025. And while the venue might’ve helped, what stood out most was the level of honest, practical conversation happening between peers.
As a product manager, I usually hear feedback one email or roadmap meeting at a time. But something different happens when 40+ audit, risk, and compliance leaders get in a room — many from regulated industries like finance, insurance, and government. Give GRC professionals space to talk peer-to-peer, challenge ideas, and compare how they manage the same pressures in different ways, and the insights come quicker than I could write them down.
When I was asked to write a recap of our annual GRC customer event, I figured it’d be simple: recap the sessions, highlight a few quotes, and post. But these weren’t surface-level chats. They were deep, thoughtful exchanges about what’s changing in GRC and what comes next.
Here’s what stuck with me and what it signals for anyone running a risk, audit, or compliance program in 2025.
1. AI is no longer a “what if?” It’s a “where next?”
12 months ago, every conversation about AI came with cautious caveats:
“We’re not ready,”
“Our teams won’t trust it,”
“It feels risky,”
“Our IT team will say no.”
Teams weren’t sure how it fit or how to roll it out responsibly. This year? There’s been a seismic shift.
Risk and compliance leaders at the event were asking where AI belongs, whether in control testing, evidence collection, or executive reporting. Some GRC teams are already running AI pilots. Others are looking at how it could help reduce effort without reducing oversight.
The shift in AI mindset came into sharp focus during one of the most talked-about sessions of the day: Alexia Konstantinidi’s keynote on AI and deepfakes. As part of Kroll’s Cyber & Data Resilience team, Alexia helps lead more than 3,000 cyber investigations each year. Her background in digital forensics and offensive security brought a practical, real-world lens to a topic that often feels abstract. She pushed the room to consider how AI is already shaping the risk landscape, and what that means for risk and compliance leaders now. It was eye-opening, actionable, and sparked conversations that carried through the rest of the event.
For teams still waiting on AI “readiness,” the message was clear: Integrating AI solutions to common, repetitive tasks and problems is a strategic decision. That shift from hesitation to momentum is a big one. And it’s going to shape how teams set budgets, evaluate vendors, and build capacity in the year ahead.
2. Nobody’s doing GRC “wrong,” but nobody’s doing it the same
One of the biggest takeaways? Everyone’s GRC setup looks different. And that’s not a problem. It’s a sign that GRC is maturing.
Across the roundtables and peer sessions, we saw real variation in how teams structure risk registers, track issues and risk events, test controls, and define ownership. The workflows were different. So were the levels of maturity. Even the language teams used to describe their processes didn’t always align.
For us, it’s a reminder: the goal isn’t to prescribe one “right” process. As we add new features to Resolver’s GRC platform, it’s about balancing flexibility with focus, while resisting the urge to build sprawling, behemoth features that take years to finish. We want to build tools that work with how teams already solve problems, and get them in your hands quickly.
Regulators want standardization. Organizations need flexibility. We aim to help our customers strike that balance. And when platforms respect how teams really operate, adoption of a new solution happens faster. And so does your strategic impact to the businesses you support.
3. Sneak peeks spark useful feedback (even when it’s messy)
We showed customers a few early-stage product ideas during the day. Nothing shiny. No grand reveal. Just early concepts and prototypes. And that’s where the best feedback came from. Customers started adding their own thoughts and use cases, pushing the concepts further, and helping us see how these ideas would really play out in their world.
“This would be useful if it linked to our attestations.”
“Can we filter this by entity?”
“How would this work for monthly board reporting?”
That kind of back-and-forth dialogue with our end-users is gold. It helps us make the product better. Because when we build with customer context, we build tools that actually work in the field, not just in demo environments.
4. Conversations matter as much as sessions
The formal agenda delivered. Panels were insightful. The product roadmap sessions landed well, too. And the Insider Collab session I hosted put our customers in the product manager seat. But the real value came from the conversations happening in between: at demo stations, over coffee, and at peer roundtables.
Because we had so many Resolverites in the room, customers knew they could stop us, ask questions, share challenges, or simply swap ideas. That approachability was called out again and again in customer feedback. One customer told me they’d rather come to Ascend than their own internal team day. Another said they finally understood how to bring AI into their compliance program after an honest chat with peers at lunch.
For us at Resolver, it’s also a reminder that building great GRC tools takes more than technological innovation. It’s about creating space for real conversations, where customers feel they can question, challenge, and shape what comes next.
Final thought: GRC isn’t slowing down, and neither are our customers
Every team we spoke to is facing more pressure, from tighter deadlines to more testing expectations and overlapping regulations. But no one’s standing still. They’re iterating, exploring, and pushing for better.
GRC Day London 2025 wasn’t just a product showcase (though we do love showing you what we’ve got cooking). Every year it reminds me that this community is moving forward, together. And I’m grateful to be part of that.
If you joined us, thank you. And if you missed it — maybe we’ll see you next year. Just don’t eat breakfast beforehand. Trust me on that one.
About the author: UK-based Ben Bradley has spent his career understanding the challenges of Governance, Risk and Compliance teams, eliminating pain points in their systems and processes. As a GRC Product Manager, he brings his deep knowledge of creating customer solutions to optimizing and improving Resolver’s GRC products with daily users in mind.
Want to explore how Resolver can support your risk, compliance, and audit goals?
Book a demo to chat with us and see our GRC software in action.
Other posts by Ben Bradley:
