GRC in a United Kingdom Context
Last week I had an amazing week of GRC interactions, or G[P]RC with the P being performance), in the Middle East. I was the keynote at the G[P]RC Summit in Riyadh and in Dubai. I am also interacting on a few RFP development projects in the Middle East as well. The Middle East is the fastest growing market for GRC related solutions and services.
However, the busiest market is the United Kingdom and Europe. I am busier with interactions in the United Kingdom and Europe than I am in North America. I could rattle off a dozen RFPs in various stages of engagement right now. London and the broader United Kingdom is my busiest region, followed by the DACH region of Europe. After that it is the Nordics and Benelux regions. The next few months has me on a trip to the United Kingdom, then Australia, followed by two separate trips to Germany in March.
The United Kingdom is my busiest city for engagement in the entire world. I have spent more time in London for GRC than any other city. I am now preparing for my next GRC trip to London for the week of February 12th to 19th.
What brings me to London in February? . . . I am glad you asked . . .
It is a whirlwind of a week of engagements. A few are with solution and service providers helping them with their solution and go to market strategy, but most my interactions are with organizations looking for solutions and services to address a range of challenges in risk and compliance they are facing.
The heart of the week is co-hosting a RegTech/FinTech Networking Event with ING as well as working with the Institute of Risk Management in London to build out a strategy of engagement in my role as one of their Global Ambassadors of Risk Management.
It will be a great week of interactions which all feed into my research on the GRC market. I describe what I do as an analyst in the context that I am a researcher. I research what the challenges organizations face in the context of governance, risk management, and compliance and how do organizations solve these challenges through the combination of strategy, process, and technology/services.
The leading topics for my meetings/engagements this week are as follows:
- Germany’s Corporation Supply Chain Due Diligence Act. Yes, I am in London and one of the hottest topics of conversation is Germany’s law and the related EU Directive. I have several interactions in the United Kingdom right now where this is driving a lot of change to ESG and the intersection of third-party risk management programs.
- UK SOX. After several years of speculation and discussion UK SOX is here and a hot topic of engagement. Starring with financial years ending December of this year (2023) organizations in the UK are facing requirements for internal controls over financial reporting and disclosures inline with US Sarbanes Oxley. So a lot of organizations are now scrambling to address this.
- Operational Resilience. The UK FCA/BoE/PRA regulation has the entire financial services industry restructuring their operational risk and continuity programs to address these requirements. Last year, March 2022, saw a lot of this come to maturity but organizations are looking for technology and services to make this sustainable. Related to this is addressing the EU DORA (digital operational resilience act) as they intersect for firms operating in Europe.
- Consumer Duty. This is the trending hot topic in the financial services space in the United Kingdom. Organizations have to set high and clear standards of consumer protection across financial services, and this requires firms to put their customers’ needs first. This is driving a lot of policy and training management and engagement as the foundation and from there a lot of assessment and controls.
- UK SMCR. The United Kingdom’s Senior Managers/Certification Regime also ties into several discussions. Sometimes intersecting with the same conversations/engagements on resilience and consumer duty. But organizations are looking to make UK SMCR more sustainable as many have approached the first few years of compliance with manual processes they now are finding cumbersome.
- ESG. This ties into all the above and more. A lot of interactions on how to manage and report on ESG through all of its complexities and niches. Last April, the UK passed two mandatory ESG disclosure laws: The Companies (Strategic Report) (Climate-related Financial Disclosure) Regulations 2022 and The Limited Liability Partnerships (Climate-related Financial Disclosure) Regulations 2022. UK companies that have more than 500 employees have to do ESG reporting.
- Regulatory Change Management. I have a few interactions with both financial services and life science companies in the United Kingdom to discuss cognitive technologies to keep up with regulatory change management, and with that policies.
Those are the main points of interaction. Tied to some of these include UK Modern Slavery Act, UK Bribery Act, and the UK Data Protection Act as well as EU GDPR.
As you can see it is a fascinating week of engagements across these. The schedule is filling up . . .