GRC Technology: What AI and RegTech Mean for Your Programs
This content was created as part of our Top 5 Strategic GRC Capabilities Report. Download our free report now!
Artificial intelligence. Machine-learning. RegTech. GRC technology can vastly improve governance, risk, and compliance processes — as well as collaboration, data collection, and analysis — to free up valuable resources for driving business value and objectives. As digital innovations increase in scope, each new development has positive and negative effects. No one knows this more than professionals who observe the risk landscape with an eye to what’s coming.
In this article, we’ll cover new GRC technology solutions to explore, from AI and ML to RegTech and ERM software, and their impact on your GRC programs.
The evolution of GRC technology
“Every organization does GRC, whether they call GRC, ERM, ORM, IRM, ABC, XYZ, or don’t even have a name for it,” said GRC 20/20 Research’s Michael Rasmussen on our webinar, From Chaos to Clarity: 2023 GRC Trends. “I don’t think there’s anybody that’s on this webcast that’s going to say, ‘We don’t govern the organization. We could care less about risk and compliance.’ Every organization has some approach to governance, risk management, and compliance.”
Instrumental in defining GRC for OCEG’s GRC Capability Model, Rasmussen reiterates the definition he contributed to, “GRC is a capability to reliably achieve objectives, address uncertainty, and act with integrity. That last one’s the compliance piece. And compliance is more than just compliance of laws and regulations, but compliance with the ESG commitments, the code of conduct, the policies, and the contractual commitments of the organization. At the end of the day, it’s about the integrity of the organization.”
Assisting many organizations in developing their GRC strategies and advising on GRC technology solutions, Rasmussen has had a front-row seat to the technological evolution of GRC software and platforms, and defined six generations of GRC technology. GRC 1.0 was the Sarbanes-Oxley (SOX) captivity of GRC technology. GRC 2.0 was the era of enterprise GRC, bringing together back-line, second-, and third-line functions. Rasmussen defines GRC 3.0 as GRC architecture, where core platforms began to emerge, but no one platform that does everything.
Rasmussen says the move to GRC 4.0 began about five years ago, away from legacy systems and toward agile GRC solutions that are highly intuitive and engaging for back-office risk functions and the front office. “Now we’re building on GRC 4.0,” he adds, “We have what I call GRC 5.0, cognitive GRC, and leveraging artificial intelligence technologies on top of GRC 4.0, and then moving towards GRC 6.0 — that business integrated GRC.”
Rasmussen cautions not to see technology as the silver bullet solution to a lackluster GRC program. “GRC is something organizations do. It’s not something you buy. That’s putting the cart before the horse. What are you doing today? What’s broken and not working? What are you trying to improve?” Rasmussen says that governance, risk management, and compliance are activities of the organization that happens day in and day out. He recommends assessing your current state and then getting alignment on the future state you’re trying to build before reviewing GRC technology solutions.
Read more: Improving your GRC processes for efficiency
What is artificial intelligence in a GRC technology context?
Artificial Intelligence (AI) is defined as “the theory and development of computer systems able to perform tasks that normally require human intelligence, such as visual perception, speech recognition, decision-making, and translation between languages.” (Source: Oxford Languages)
In a GRC technology context, at its most basic level, AI and its sister technology, Machine Learning (ML), allows you to centralize large amounts of data from many sources and then apply patterns and trends to identify risks and opportunities within that data.
For 2023, GRC teams can look to maturing their programs by freeing up resources through the automation and process improvements that technology solutions can provide. As the industry begins to explore more automation, you may wonder about the benefits of artificial intelligence and machine learning. Is AI going to replace GRC pros? No, says Resolver’s VP of GRC Products, Amanda Cohen, “At the most basic level, it allows you to take large amounts of data and then consolidate it, apply patterns and trends, and identify things within that data.”
“You’re taking someone who might previously have been undertaking an activity, and you’re freeing them up to allow them to do more analysis and focus on how their business operations are performing,” says Cohen.
Read: How Resolver saves Bangor Savings Bank 5 weeks of work per year
How regulation technology can save compliance teams’ hours
Compliance regulations change by the hundreds daily, meaning teams need more time to ramp up on regulatory compliance change management. This inevitably increases the cost of doing compliance well. Regulation Technology, or RegTech, can help to create efficiency and agility to modernize your GRC processes. Where previously, you might have employed someone to run an analysis to constantly monitor all of that regulatory change, now you can use that employee — who’s incredibly valuable to you — to understand the impact of the change on your organization.
“They’re no longer doing the act of just tracking something, but they’re actually getting into an analysis of how that change impacts your business on a day-to-day basis,” Cohen explains. Mundane, tedious tasks are now done by machine, so you can redeploy resources to activities with greater business impact, uncover challenges, and move the organization forward.
When deciding on ERM software, integration with these regulatory libraries is critical to your team’s success. “Someone we’ve been working with is an organization called Ascent — they apply machine learning to regulatory technology. And so, they’ll go through your regulatory environment and then parse through your obligations, narrowing those down to specifically what you have to adhere to. Then, on top of that, they’re monitoring all that change,” Cohen adds. When paired with Resolver’s ERM platform, this means real-time alerts for what each change means for your organization and the ability to delegate the associated regulatory change obligations to the right team or risk owner for better oversight.
Watch: Transforming Regulatory Complexity into Risk Intelligence
How ERM software leverages AI and RegTech to drive GRC agility
As we often hear from GRC and ERM leaders, communicating present and future needs for GRC technology and program enhancements to the board can be challenging. In addition, siloed departments and disciplines often rely on legacy systems, emails, and spreadsheets, which frustrates many on the first line.
With ERM software, GRC teams can prioritize what risks take priority first, ensuring the proper allocation of resources. Organizations, in turn, can avoid the financial and operational risks presented by breaches or downtime altogether.
Resolver’s ERM software enables GRC teams to easily capture risk, regulatory, and control information from across the business and analyze it in context to understand impact and exposure. AI-powered features, integrations with various applications, and intuitive forms make it easy for your frontline workers to flag potential risks and report any anomalies and deviations. AI/ML capabilities provide insights into similar issues or observations raised previously to avoid data duplication and efforts. Once an incident or anomaly is reported, the employee can track and view the status of the observation. Finally, as an organization seeking to build a strong risk culture, you save on training time while benefiting from the simplified adoption of GRC across the organization.
Watch: An ERM product showcase to see Resolver’s ERM software in action.
While GRC technology can transform your team’s ability to deliver true risk intelligence to your organization, it’s just one part of a holistic GRC strategy. From the desire to move towards digital transformation and GRC agility, we’ve designed a Strategic GRC Capabilities Report to help start the conversation on improving and maturing your GRC processes and strategy. Our expert panel will guide you through thought-starters and actionable goals to help maximize your team’s efficiency, agility, and resiliency in 2023 and beyond.
Download our free report on the Top 5 Strategic GRC Capabilities now!