Navigating the future of governance, risk and compliance: NTT DATA’s 2024 GRC trends

As we enter the new year, the world of governance, risk and compliance (GRC) is undergoing a transformation fueled by technological advancements in AI and ML, evolving regulatory landscapes and a heightened focus on a fully integrated enterprise risk view. This blog post will explore the top GRC trends shaping 2024 and how organizations can adapt to stay ahead in this dynamic environment.

1. Integration and governance of artificial intelligence (AI) in GRC

In 2024, we'll witness a significant shift towards leveraging AI and machine learning (ML) technologies to enhance GRC processes. Using these technologies, organizations can automate risk assessments and data collection, detect patterns in compliance data with heightened accuracy and better anticipate potential threats or use-case scenarios.

However, using AI models also demands enhanced governance of such technologies. Algorithm transparency, accuracy and ethical concerns about data privacy and bias pose significant challenges to adopting AI technology for GRC functions, as well as a rapid increase in regulatory attention and new legislative action. Balancing the undeniable advantages of AI with the boundaries of a changing regulatory and ethical environment is crucial in propelling organizations forward to win in the marketplace.

2. Aging GRC technology and usage of specialized GRC platforms

Traditional ERM platforms are being phased out as newer, more sophisticated point solutions for certain GRC components become favored in the marketplace. As industry, risk and regulatory conditions fluctuated dramatically during the early 2020s, older platforms have struggled to keep pace with the growing demand for more streamlined, centralized and strategic technology solutions. Large organizations are already leveraging these platforms, especially where there's little appetite for a complete overhaul of GRC technology due to extended implementation timelines, change impacts and overall costs. Newer technologies and software allow for more seamless integration with existing ERM technology to provide a holistic enterprise risk view in fully matured GRC organizations.

3. Third-party and vendor risk management

In the 2024 OCC Bank Supervision Operating Plan, “third-party” was used 13 times. Third-party and vendor risk management will continue to be a strong focus for regulators in 2024 due to today's organizations' increasing complexity and multi-tiered structure. As reliance on third-party networks for essential operational and technological business functions continues to grow, strong third-party risk management (TPRM) policies and frameworks have become critical to organizational success and security. The OCC emphasizes implementing comprehensive risk management policies, procedures and processes that address all stages of the third-party lifecycle, including planning and due diligence, contract negotiation and onboarding, ongoing monitoring of the third party, and termination.

4. Regulatory technology (RegTech) adoption

The ever-changing regulatory landscape demands a more agile and adaptive approach to compliance. RegTech solutions are gaining traction as they enable organizations to streamline compliance processes, track regulatory changes in real time and proactively respond to new requirements. The RegTech industry has been growing at a rate of 19.5% annually and is expected to hit $21.73 billion by 2027, according to estimates from Reports and Data. Although RegTech has been a dominating force in the financial services industry, organizations are ramping up the adoption of RegTech solutions in other industries, most notably healthcare and cybersecurity. The wake of the COVID-19 pandemic and a series of damaging cybersecurity incidents in recent years have exposed significant gaps in policy, technology, reporting, monitoring and industry practices. These gaps have become a catalyst for the emergence of new and impending regulatory requirements, posing challenges for organizations across various industries as they strive to meet these standards. As a result, adoption and investment in RegTech solutions will continue to be a widespread trend for organizations in 2024.

Embracing the convergence of technology, ethics and regulatory scrutiny: Building a robust GRC strategy for 2024 and beyond
In 2024, the GRC landscape will be characterized by the intersection of technology, ethics and heightened regulatory scrutiny. Organizations that effectively navigate these trends won't only fulfill compliance obligations but also gain a competitive edge in an ever-evolving business environment. To achieve this, embracing AI and ML within your organization while maintaining policy adherence, comprehending the evolving software landscape to enhance traceability and efficiency, mitigating third-party risk concerns, adopting RegTech solutions and fostering collaboration through integrated platforms are pivotal steps towards establishing a robust GRC strategy for the future.

If you are interested in learning more about how NTT DATA can guide your GRC organization, contact us for more information.