The last five years has seen a significant increase in the volume of governance, and compliance. While there is a consensus that RegTech (Regulatory Technology) plays a critical role in helping investment managers navigate today’s regulatory environment, firms are often undecided as to whether they should adopt a single Enterprise-level GRC tool or adopt a patchwork of tools who are each strong in their chosen niche. Below are some of the considerations when choosing the appropriate strategy for your firm. 

Partnering with a single Regtech provider

The advantages of using a single provider includes more streamlined support, a consistent user experience, or if there are economies of scale, potential cost savings from buying a bundle of solutions from a single provider. The downside to using a single enterprise platform is that a provider may not excel in all areas of compliance of governance or there may be a lack of depth in specialised areas. There may also be scalability concerns with a single provider, in that the system may not have the flexibility to be modified or customised with ease.  

Partnering with multiple RegTech providers

The upside to using two or more providers, is that a firm may choose specialized providers for each regulatory requirement ensuring you get the best solution for each GRC area. This specialisation may in the technology or subject matter expertise brought by the provider. For example, a single provider may have a deep knowledge of international accountability regimes such as SMCR or IAF/SEAR. Their monoline approach allows them, to align the evolution of their software specifically to that niche. The downside to using multiple providers include potential high-costs and increased training required on the different platforms.  

Considerations for your decision 

Is the Regtech provider a consulting or technology-led organisation?

The consulting-led provider is primarily focused upon providing advisory services, which is then supported by their technology offering. Consulting-led providers tend to have a deep industry-specific knowledge and can offer strategic advice tailored to the organisation. Consulting services tend to be more expensive and it may create a dependence or reliance on the consultant rather than developing the organisation in-house skills and knowledge. Consulting-led platform may not scale as easily as technology-driven solutions as the evolution of a software requires teams of engineers and support staff. The technology-led Regtech provider is focused on the software and may more rely on the client to have a certain amount of in-house regulatory expertise. 

How simple or complex are your GRC programmes?

If your organisation has complex regulatory needs and a distinction between Governance Risk, and Compliance functions (GRC), then a multiple provider approach may be more appropriate. As an example, an investment manager with distinct operational risk and regulatory compliance functions may opt for two providers, one to track compliance obligations and one to track operational risk taxonomies. Alternatively, organisations with simple GRC programmes may be better suited to a simplified, one-stop solution. 

What resources can your firm commit to implementation?

Due to their complexity, some enterprise-level systems can take years to implement. They may involve substantial organisational change and a dedicated team for implementation and ongoing management. Smaller niche providers take less time to implement and may be adopted without requiring client resources. There is essentially less friction for the organisation.  

What is the history or future roadmap of the software?

There has been a series of acquisitions or consolidation of GRC providers over recent years. While consolidation can bring benefits such as additional resources and improved integration with other products, it may also result in a shift of focus. The acquiring company may shift the priorities of the software to align with a broader strategy or alternatively the product may be de-prioritised in terms of development roadmap. 

Conclusions

Regardless as to whether you opt for a single GRC platform or multiple providers there are some ‘must-haves’ from any GRC software

Interconnectivity. Regardless of whether you opt for a single enterprise GRC solution or multiple vendors, interconnectivity between components within a software platform is essential. Taking the example of an operational risk solution, the system should be able to connect a risk to specific controls, KRIs or incidents related to that risk. This interconnectivity provides the risk owner with a 360-degree of their risk before making an assessment.  

Reporting Options. Regardless as to whether the organisation opts for a single GRC platform of the multiple provider option, the availability of reporting and API / data-exchange options is essential.  A single platform will provide the advantage of presenting an overview of all GRC programmes on one dashboard whereas the use of multiple platforms will require the user to access each platforms reporting dashboard individually. More often than not management and Board packs are derived from a number of different sources.  

Configurability and Flexibility. It is essential that a GRC software, be it at enterprise-level or stand-alone, must be highly intuitive and allow workflows to be modified or added without friction. Every organisation has unique needs according to their GRC maturity. Any system should allow the client to create a compliance workflow or risk assessment autonomously. 

Client Support. Although not a technical differentiator, the level of post-implementation support provided by a GRC provider is key. Dedicated relationship management and ongoing training support are a minimum when choosing any GRC provider be they at enterprise or niche provider level. 
 

If your organisation has complex regulatory needs and a distinction between Governance Risk, and Compliance functions (GRC), then a multiple provider approach may be more appropriate.