Governance, risk management, and compliance (GRC) is something an organization does, not buys—yet for GRC management to be successful and sustainable for the long term, it needs to be supported by a technology platform. Before selecting the right GRC platform, organizations need to understand their current management processes and develop a strategy that sets the stage for increased efficiency, effectiveness, agility, and cross-department collaboration. Choosing a GRC Solution Many solutions may have the capabilities…
The era of the wild west of tech is slowly coming to an end. There is increased pressure on Congress to pass a national data privacy law, and many states have independently been passing their own laws to protect consumer privacy—the largest of which is the California Consumer Privacy Act (CCPA). California’s attorney general recently released some enforcement case examples as part of an update on the first year of enforcement measures. Additionally, a…
Financial institutions are starting to review the implications of environmental, social, and governance (ESG) practices and how they can work to shape a better future. While regulatory focus is currently targeting large institutions, smaller firms should also be considering what they can do at a localized level and how ESG intersects with building best-in-class risk management practices. When regulators begin to prioritize a policy area such as ESG compliance, risk professionals need to start…
Over the past few decades, a broad range of governance, risk, and compliance (GRC) management solutions have entered the market. Research firm GRC 20/20 has mapped over 800 different GRC technology solutions, and the space continues to grow. This abundance of options complicates organizations’ ability to effectively evaluate, select, and implement the right GRC platform. Some organizations are looking for a niche tool to help them address regulatory burden or a specific risk area…
The Federal Reserve, FDIC, and OCC have recently released interagency guidance on managing risks associated with third-party relationships. The proposed guidance offers a framework based on sound risk management principles and best practices that financial institutions supervised by the issuing agencies can use to address third-party risks. Regulator Guidelines for Third-Party Risk Management Stressing the importance of adequately evaluating and managing risks associated with third-party relationships, the guidance emphasizes some baseline assumptions and criteria, including: The use of third parties may offer significant advantages and efficiencies but doesn’t preclude the need for sound risk management.…