GRC in the United Kingdom & Beyond . . .
Governance, Risk Management & Compliance (GRC) – along with all of its segments of ESG, third-party risk, audit, internal control and more – are hot topics globally, but particularly across Europe. The European market for GRC-related solutions, professional services, and intelligence/content is by far the busiest globally. The Middle East market for the same is the fastest-growing market.
I am headed right now to the United Kingdom for the next three weeks. I see a lot of activity across the UK, Nordics, DACH, and Benelux regions of Europe particularly. The United Kingdom is the busiest followed by these others. Currently, I am interacting on 14 RFPs at various stages in the UK, and there are more beyond that. The UK has its own regulatory and risk drivers, but many UK firms also have to respond to EU regulatory and risk drivers because of their presence in the EU as well. These interactions span from small organizations with 500 employees to the large global enterprises. They span industries from construction, life sciences, education, manufacturing, to financial services.
Over the next three weeks, the following are the hot topics I am interacting on in the United Kingdom in both speaking/event engagements as well as meetings with organizations looking for GRC solutions and professional services that seek my guidance on who to engage and why:
- Regtech/Fintech in Financal Services. I have four meetings set up with financial services firms looking for the latest in regtech solutions for regulatory change, monitoring/transactions/surveillance, consumer duty, SMCR, and KYC/AML. Even the leading USA financial services firms have their regtech experts operating out of London and not the USA. London is the regtech and fintech capital of the world. In addition to this, I am presenting my thoughts on RegTech at the following event:
- June 26 @ 4:30 pm – 7:00 pm BST, RegTech Panel & Discussion
- Third-Party Risk Management. This is one of the hottest topics. There are three RFPs that I am interacting on specifically on third-party risk while there are several broader RFPs that include third-party risk in the breadth of functionality they are seeking. I will deliver my following workshop in London on this topic:
- June 25 @ 10:00 am – 6:00 pm BST, Third-Party Risk Management by Design, LONDON
- I.T. Risk/CyberRisk Management. This is a particularly hot topic of interaction over the next three weeks. It is part of many of my meetings/interactions, and I already have over 60 that are registered and confirmed for my workshop in London this week on the topic:
- June 12 @ 10:00 am – 4:00 pm BST, IT Risk/GRC Management by Design, LONDON
- Risk & Resilience Management. This is a huge subject of interaction over the next several weeks. While there are particular regulations in financial services, such as UK Operational Resilience and EU DORA, it is a topic of interest across industries in the UK and drives a lot of RFPs right now. There are two in financial services I am interacting with that are trying to harmonize a program that can address both UK Operational Resilience and EU DORA into one program. I will be presenting on Risk and Resilience at the following event in London:
- June 19, Agility UK, LogicGate
- A.I. Governance/GRC. Every interaction and event I am part of over the next three weeks will include artificial intelligence. Whether it is the use of AI for GRC (what I call Cognitive GRC), but most often it is the governance of AI (what I call AI GRC). There are a lot of organizations responding to the EU AI Act particularly. I will be conducting a workshop on this topic:
- June 21 @ 9:30 am – 1:30 pm BST, A.I. Governance & Risk Management Workshop, LONDON
- ESG – Environmental, Social, Governance. ESG is a very hot topic across Europe as 50,000 firms have to respond to the EU CSRD (and EU CSDDD in the context of third-party risk management). Of these firms, 12,500 have to start reporting in January 2025 (just 7 months away) and better be collecting data now. This is the topic in several of my RFP interactions for organizations building toward this now. Some of these are the focus of the RFP, others it is part of a broader GRC RFP.
- Internal Control & UK Corporate Governance Code. Another consistent topic across the range of the above interactions is the management and automation of internal controls. The UK Corporate Governance Code remains a big driver for RFPs in this area, even though it was scaled back when it was finalized in January. It is also a topic related to the ESG and other topics above in these conversations/interactions I am engaged in, including the RegTech panel above.
If you are in London over the next three weeks, reach out to me. If my schedule permits, I am always happy to stop by for an hour at your office or get a pint or coffee and discuss the breadth of GRC solutions, professional services, and intelligence/contet offerings in the market and my thoughts on particular ones. My job is research. I research what the challenges organizations face in context of governance, risk management, and compliance and how they go about solving those challenges with strategy, process, technology, and services.