Technology is supposed to facilitate communication and make work easier, but for risk and compliance professionals at small and midsized financial services firms, governance, risk, and compliance (GRC) technology can sometimes hinder more than help.
It’s easy to see why smaller firms hope GRC technology can solve all their problems. Juggling spreadsheets or hemmed in by point solutions, risk specialists at these firms have to pull from a mismatched collection of different sources and manually reconcile data to provide reporting. Then, because the information is organized in terms that can be hard for the business line to comprehend, the risk team must either attempt to translate or watch the essential message go unheeded.
This inefficient method of operating a GRC program might still suffice when a bank is under $1 billion in asset size, but what happens when business growth outpaces the capacity of your risk management team? For many firms, this inflection point means that it’s time to explore their approach to GRC technology and consider a comprehensive GRC platform. However, many times this process comes with a lot of potential pitfalls.