Top Trends in Governance, Risk, and Compliance (GRC) for 2023

The last few years have shown us that risks which once appeared isolated to a few industries or localities are omnipresent and can impact businesses across sectors and geographies

Indian startups, the torchbearers of the economy, have been facing unprecedented challenges around corporate governance and due diligence. Over the past year, the sector has been plagued by repeated governance breakdowns, controversies, legal battles, and layoffs. Companies like BharatPe, Byju’s, Zilingo, and now GoMechanic are just a few names in what seems to be a growing lineup of promising startups battling turbulence, as they strive to succeed in a challenging business environment.

And it’s not happening just here in India. For example, the collapse of FTX in the US last year – just months after making headlines – and the subsequent bankruptcy filing of BlockFi remind us of the dangers of taking big risks in unregulated spaces (despite the temptation of big returns).

The last few years have shown us that risks which once appeared isolated to a few industries or localities are omnipresent and can impact businesses across sectors and geographies. Economic, sociopolitical, cyber, security, environmental, and operational risks are constant and far-reaching, and require vigilance to manage and optimize.

In 2023, businesses will continue to formalize their pursuit of operational resilience, largely through a number of tools that provide enterprises with the ability to measure, manage, and see risk holistically, yielding valuable insights that inform strategic decisions. Here are four trends in risk management that Indian businesses need to prepare for as they establish these responsive structures and processes.

1. Interconnected Risk Calls for a Connected GRC Solution

Businesses can no longer analyze risk in silos; critical data, reporting, and insights can’t be siloed, either. Governance, Risk and Compliance (GRC) professionals need to understand the cascading impacts of interconnected risk in order to build an overarching GRC framework. A Connected GRC strategy supports an integrated approach to risk management and is critical to achieving resilience in difficult times. By ensuring collaboration between teams – risk, compliance, audit, cybersecurity, third-party risk, and sustainability – businesses are better enabled to assess, manage, and mitigate strategic risks. This is especially important as cyber threats increase, new regulatory requirements emerge focused on operational resilience, and ESG evolves as a critical piece of enterprise risk management strategy.

Leveraging advancements in cognitive capabilities (think AI and automation), continuous monitoring, and cloud-based software development, the Connected GRC experience is not just about convenience and accuracy in reporting; in today’s economy, it’s a business imperative. By integrating governance, risk, and compliance into a business’s operations or data architecture from the outset – call it “GRC by design” – risk professionals will be adding predictive and proactive capabilities to their arsenal, and will assume a quantitative, actionable view of all areas of the business.

2. Cyber Risk Will Only Increase in a Hyper-digital World

Despite its sometimes-dicey reputation, the digital asset market – which includes cryptocurrency – is here to stay. However, if crypto remains unregulated, opaque to customers and investors, and not subject to the same basic risk management and compliance standards and controls as other businesses, this year’s FTX collapse won’t be the last digital-asset implosion we hear about.
The same rules apply to the metaverse. Tracking fraudulent activity and implementing secure authentication can make a significant difference against cybersecurity threats in the digital universe – threats that are happening faster than ever before, so continuous monitoring of cyber risk is a necessity. Extreme disruption in this space is giving way to a new paradigm of risk; we expect to see big changes on the regulatory front in the new year.

Cyber risk will continue to be a priority for GRC leaders as well – not just how to avoid risks, but also how to quantify them so you can make wise and timely investments. It is possible to innovate, digitize, and move forward without losing big.

3. Advancements in AI and Automation Will Accelerate GRC Programs

Artificial intelligence, machine learning, and automated workflows will continue to make the lives of GRC professionals better and more productive, and raise the bar on what is possible; all of these emerging technologies allow you to work smarter, not harder. Artificial intelligence (AI) as part of a GRC platform promises to be a real game-changer when you consider how much time is currently spent on manual tasks.

It is almost impossible to manually monitor and track the ever-evolving regulatory landscape, but an AI-based system promises to change all of that and enhance the efficiency of your compliance team. It can help you automatically capture new regulations and regulatory updates, map them to corporate policies, adapt your systems, and test your controls. Advanced capabilities in automation and predictive modeling show the tangible, quantitative impact of risk, so organizations can prioritize investments and resources accordingly – and in real-time.

But AI is not without its risks. AI requires good governance and checks and balances to ensure biases do not disrupt the positive intent. As business leaders, we must keep this in check.

The intersection of people and automation will also be a critical focal point in the new year. Enriched with a continuous output of data by newly automated workflows, your company may need to redirect colleague resources accordingly to best understand the implications of this data. You might require fewer people to pull reports or manually audit processes, but find that you need more data scientists and statisticians to analyze the real-time data these AI-powered platforms produce.

Gaurav Kapoor
co-CEO, MetricStream

4. Talent Risk Is an Emerging – and Critical – Issue

From a talent perspective, there’s a massive shift occurring, unlike anything we’ve seen since the dot-com era. Highly skilled people such as those in the tech industry are in demand and thus able to select where they want to work – and companies are happy to pay. Not knowing when your best-performing colleagues will leave, disrupting your product’s release or distribution schedule within the supply chain, is a new risk – call it “talent risk” – that is less understood but quickly emerging as a major trend for 2023.

While the ability to recruit and retain talent continues to present significant challenges for businesses (with employee burnout high on the list), a clear understanding of how a labour shortage can affect your ability to meet a service-level agreement and the impact it has on your business is a first step toward setting priorities for tackling this complex issue.


Disclaimer: The views expressed in this article are those of the author and do not necessarily reflect the views of the Economic Times – ET Edge Insights, its management, or its members

Scroll to Top