GRC solutions and compliance software comes in many different guises. Some GRC tools are better suited to mid-sized firms for example, while others may be better deployed by specific vertical markets, such as Financial Services. Overall the use of compliance software has become much more widespread over the last decade, as organisations look to stay on top of the ever growing and increasingly complex regulatory compliance requirements.

compliance with government rules

The Governance, Risk and Compliance (GRC) market has made huge advances over the past decade or so. The three disparate elements of GRC have come together to make those functions more efficient and effective, and a major new market has emerged, supplying GRC tools and GRC solutions to organisations keen to reap the benefits of this more joined-up approach.
IT GRC software has been used particularly in the Financial Services (FS) sector. Increased compliance requirements, a post-financial crisis of 2008need to demonstrate that FS firms are well-governed, and a whole host of new business risk has created a perfect storm in FS for GRC software vendors.

We have only just passed the one-year anniversary of the European Union’s (EU) General Data Protection Regulation (GDPR)and it would appear that regulators really mean business and are willing to punish organisations like never before.

UK airline British Airways (BA), one of the biggest airlines in the world, has been fined a record amount of £183 million (€203 million) after it suffered a cyberattack in September 2018. The UK Information Commissioner’s Office (ICO) has indicated that this is the biggest fine it has ever issued and the first to be made public following the advent of GDPR in 2018.

Defending an organisation against the sophistication and professionalism of modern cyber criminals is not an easy task. Never before have cyber criminals been so well organised and equipped, possessing hacking skills that many enterprises would pay top dollar for.
Such enterprises have begun investing in the right skills and tools to best defend their business against such hackers, but it remains a challenge. It therefore makes it much harder to take, when despite investment in technology and systems, employee error or oversight is then responsible for a data breach or other cyber attack.

Cyber security is a critical business issue. The volume, sophistication and severity of attacks over the past few years have highlighted just how tough a challenge it can be to defend an organisation against cyber attack.
The situation hasn’t always been helped by CEOs and other board members. In public they speak confidently about the need to keep their customers’ data secure, yet they do not always back up their words with the requisite action.

The second iteration of the EU’s Markets in Financial Instruments Directive (MiFID II) came into being on 3 January 2018, and it is fair to say that opinion has been divided, on both the motives behind its launch and also its success so far.
The initial objective of MiFID II was to strengthen investor protection and improve the functioning of financial markets by making them more efficient, resilient and transparent. This transparency into buyside and sellside trading activities across all the major asset classes in the capital markets industry was a major factor, but MiFID II hasn’t been universally welcomed.

For decades now, business has been very international. Companies – especially the bigger and mid-sized organisations – regularly trade in countries all over the world and many have of those companies will have a presence in a good number of those countries.

Business risk comes in many different guises in 2019. Strategic, reputational, compliance, financial, political….the list goes on and on. The breadth, depth and variety of risk in modern business makes the task of efficient, effective and smart risk management even harder for many organisations.

It has been almost a year since the European Union’s (EU) General Data Protection Regulation (GDPR) first came into effect. After many years of discussion and debate, the biggest change to data privacy laws in a generation was finally brought in on 25 May 2018 to protect consumer privacy in the internet age. It’s probably too soon to accurately assess whether it has been successful or not, but it has certainly been impactful.

We’ve written previously about the potential of Artificial Intelligence (AI) to transform compliance. The power of AI to process, manage and analyse large volumes of data, accurately, quickly and efficiently means that is very suited to certain elements of compliance.
GDPR is a perfect example. It requires huge volumes of data to be checked for compliance and using an AI-based automated tool makes a great deal of sense. But generally GRC teams have been mostly resistant to the use of AI in compliance.
What is behind this slow adoption and could 2019 be the year that AI truly has an impact on regulatory compliance?